Hi.

The scene is like that (or it exactly is):
I have wl-hdd, modified with Oleg's custom firmware.

I also have the ethernet cable my ISP provided me with. Internet traffic flows only if MAC address is set to the one registered during the cable installation long time ago. Very difficult to update ISP's information regarding new MAC. Settings for using the Internet from that cable are:

Code:
10.195.48.23/255.255.252.0/10.195.48.1 (ip,msk,gtw respectively).
I'd like to: plug in this cable in my wl-hdd and connect any\all wireless devices I have in my house to this router (it operates as an AP currently) using WLAN, to have Internet directly "in" those units.

What I have done is:
Edited post-boot script and added lines to:

Code:
   1) change the "br0" iface MAC address to one I registered one day at my ISP's office.
   2) bind "br0" to 10.195.48.23/255.255.252.0/10.195.48.1
   3) added DNS, routes
   /* Now I have 'internet' inside wl-hdd, so I can reach for any alive host in the Internet */
   3) bind "eth2" to 10.0.0.1/255.255.255.0
   4) echo "1" > /proc/sys/net/ipv4/ip_forward
   5) iptables -t nat -A POSTROUTING -s 10.0.0.0/255.255.255.0 -o br0 -j SNAT --to-source 10.195.48.23
   6) iptables -I FORWARD -j ACCEPT
And the result is: when I set my wireless devices to use 10.0.0.x/255.255.255.0/10.0.0.1 they don't receive even a byte, after connecting wirelessly. In fact they do - they can ping DNS server, the nearest gateway (10.195.48.1) and some of my neighbours. But in my browser I can see, that a hostname was converted to a digital address, it seems like traffic won't flow however.

But when I set up NAT as:

Code:
iptables -t nat -A POSTROUTING -s 10.195.48.0/255.255.252.0 -o br0 -j SNAT --to-source 10.195.48.23
and bind wireless devices to use IPs like 10.195.48.254, 10.195.48.253, etc. in 255.255.252.0 - it works. I'm able to reach any Internet host from them.


What have I done wrong and how dangerous is the "working" way of connecting devices (hosts inside my ISP's network are not isolated, so I can easily ping my neighbour behind the wall, whose IP is mine + 1)?

Thanks in advance