HostAP traceroute

insecure insecure
Tue Oct 7 13:00:54 PDT 2003

On Friday 05 September 2003 12:30, Antonio Vilei wrote:
> > I traceroute node2 from node1, and it shows only 1 hop, when i was
> > expecting 2 hops.
> The frame forwarding among stations is handled by the AP at layer 2, so no
> IP (layer 3) routing is required. That's why when you traceroute it shows
> just one hop: the two stations are on the same subnet.

Yes. And clients can blast several tens of gigabytes of
porn movies thru your AP while you are trying to dl a newer
2.6 kernel. AFAIK you can't control it (e.g. throttle down
or block 80th tcp port for them for a while ;).

BTW, it is done only because folks are so much used to
ethernet-style network topology. In fact, 802.11b/a/g physically
is more than a bit different.

I disabled bridging on the AP (yes hostap rocks! it can do this too!),
added a 4-IP subnet for each client, and voila! - I can
_route_ (not _bridge_ as typically done) packets between them.
At 11Mbit/s this does not have noticeable performance hit.
(I think you can barely measure it).

Why do I need it, you might ask.

* Traffic accounting
* Traffic shaping
* Firewalling
* Proxying

Huge *thanks!* go to iptables crowd.

More information about the Hostap mailing list