Very weird nat problem!

Hello,
Here is the ascii stuff of the network:

[0.254] Bridge [0.253]
[ ]<-------->[ ]<--------->[SW]<->[WLAN]<->[SW]
[72.36.x.x ] [pppoe] | |
NAT+ Local router (br) | |
OpenVPN client OpenVPN server (br) | |
(bridge) |
|
[Clients]
[Clients]
These clients do have These
don't
Internet

I cannot really understand this weird behavior. All clients are able to
ping 192.168.0.254, 72.36.x.x, but only clients before the Wireless are
able to use internet. This is driving me nuts for a week or so.
Somebody help me to solve this problem.

Details:
IP's: 192.168.*.*
Mask: 255.255.0.0
no extra iptables rules or anything else. Simply MASQUERADE on the
192.168.0.254


Thank You!

P.S. Sorry i`m not ASCII artist
Sincerely,
Darjus Loktevic

Darjus,

I am not savvy at reading network diagrams but I'm going to try and
help:)
Also, it looks like your constant width font got distorted but here
goes...

I assume the pppoe local router is the 192.168.*.* guy and from the
display here that the 72.36.*.* network has internet access and the
192.168.x.x (Your wireless network) doesn't.

My first question would be does the local router have the internet
information? (gateway, and dns)

If it doesn't, then that is your problem. If it does, then do all the
wireless clients have the problem? Or is it only some of them?

Thanks for reply,

Local router is OK, and all clients behind it that use a switch. Next,
to the same switch is connected Wireless AP, Next, Wireless Bridge,
Next switch, Next clients (who are able to ping (ssh, etc.) 72.36.*.*
(when gateway isset ofcourse), but not able to use internet. :(((

darjus@gmail.com wrote:
> Thanks for reply,
>
> Local router is OK, and all clients behind it that use a switch. Next,
> to the same switch is connected Wireless AP, Next, Wireless Bridge,
> Next switch, Next clients (who are able to ping (ssh, etc.) 72.36.*.*
> (when gateway isset ofcourse), but not able to use internet. :(((

OK so the wireless clients can ping the 192.168.x.x network, but can
the 72.36 network clients ping the internet without using DNS? For
example a 68.100.x.x address? Or a 207.x.x.x address? Or can you
access the internet on a browser using IP octets instead of names? If
they can then all you need to provide is the DNS information.

Nope, that's not a case. The DNS server is on 72.36 and all clients can
perfectly access it, but only clients before wireless are able to
actually see the web. I told it's very very weird! Maybe some other
thoughts?

Maybe the problem is in ARP?

More,

This is arp cat:
192.168.0.208 0x1 0x2 00:02:6F:07:FA:06 *
br0
192.168.1.18 0x1 0x2 00:02:6F:30:84:5D *
br0
192.168.1.19 0x1 0x2 00:02:6F:07:FA:06 *
br0

192.168.0.208 is a wireless bridge and 192.168.1.19 is client.
So maybe that's it? But how to solve this?

darjus@gmail.com wrote:
> Maybe the problem is in ARP?

Open up a command line window on a wireless client and run 'netstat
-r'. What is the result?

Ok :)

192.168.0.0 * 255.255.255.0 U 0 0
0 eth0
loopback localhost 255.0.0.0 UG 0 0
0 lo
default 192.168.0.254 0.0.0.0 UG 0 0 0
eth0

Listen, i enabled ARP Proxy on both local (pppoe) and remote (72.36)
and strange thing happened.
All outgoing got through tap0 (bridge) all incoming to pppoe. I
remember i read about such things somewhere, but cant find it anymore
:(((
For now i made a Squid proxy on 72.36, atleast people are able to read
websites ;)

darjus@gmail.com wrote:
> Ok :)
>
> 192.168.0.0 * 255.255.255.0 U 0 0
> 0 eth0
> loopback localhost 255.0.0.0 UG 0 0
> 0 lo
> default 192.168.0.254 0.0.0.0 UG 0 0 0
> eth0
>
> Listen, i enabled ARP Proxy on both local (pppoe) and remote (72.36)
> and strange thing happened.
> All outgoing got through tap0 (bridge) all incoming to pppoe. I
> remember i read about such things somewhere, but cant find it anymore
> :(((
> For now i made a Squid proxy on 72.36, atleast people are able to read
> websites ;)

Good. Forgive me for not looking back at you original post, but didn't
you say
the 72.36 clients could ping the 192.168.0.254 host? If they can then
what they
are missing is the DNS info.