Enable NAT on BomeBox WiFi

I've just ordered two BOME boxes and am trying to work through the network hardware I will need.

I have a portable stage rack on casters which hosts my x32 mixer, outboard gear, and MIDI patchbay. BoxA will go in the rack, along with a rackmount POE switch. It will replace the wired network router currently installed there, which serves the x32 and a few other network devices.

MIDI communication to and from stage equipment will be handled via BoxB, which will reside on stage with a second MIDI patchbay. it will connect to the POE switch in the rack for networked connection to BoxA and for power.

All configuration of the system is done via my macbook pro, and via an iPad running x32 mix software. (Both on WiFi.) WiFi is currently via a wireless access point connected to the router in the rack.

The goal is to replicate my existing system, whilst adding the two BOME boxes described above for MIDI communication, remove the original router and WiFi AP, and add a feature: Allow the local LAN access to the venue or rehearsal-space WiFi via a NAT-ted uplink via WLAN.

The 'why': When connected to the current system with my macbook pro to make configuration changes, I cannot browse the internet for configuration help as there is no internet uplink. Similarly, while the iPad is connected to the mixer for mix control, I cannot use it to download lyrics if a song gets requested.

My thoughts on a solution:

• Connect both boxes to the POE switch for power and to create a LAN
• Configure one box as a WiFi AP
• Configure other box as a DHCP server/NAT-ted router, with the WiFi antenna serving as the WAN connection and configured to access the WiFi at my rehearsal space, my home, and the venues.

Any thoughts on how (and whether) this could be accomplished in the settings?

(I have purchased an inexpensive 'travel router' which could probably fix this issue by covering Ethernet routing and WiFi 'client' mode... but it would be ideal to send this back for a refund and accomplish it with the BOME hardware.

Hi, as I understand you want BomeBox A to connect to an WAN and also to provide LAN Wireless access to BomeBox B (and other devices on the LAN).

I’m unclear on whether you WAN access would be wired or Wireless. If wired then it should be fairly straight forward.

Setup BomeBox A as a WiFi Access Point. In this setup, it will rely on the Internet Modem/Router as a DHCP server for anything connected on the WLAN you set up for this BomeBox (including your MAC and an any other DHCP clients). Set up your SSID to whatever wireless ID you want you clients to connect to (BomeBoxNet)

For ethernet, also setup BomeBox A as an Ethernet Client. This way the IP address will be assigned by your Internet Modem/Router.

Setup BomeBox B as a WiFI DHCP client and set up the SSID as the same you set above (BomeBoxNet).

You could also setup ethernet side as a client and attached (maybe long) ethernet cable to BomeBoxA which could be a backup plan if your venue is WiFi noisy.

If your WLAN connection is also WiFI you will need to set up BomeBoxA as a DHCP WiFi access point , with your venue’s SSID. You could then connect BomeBox B via ethernet to BomeBoxA as a wired ethernet client. BomeBox B could then be set up with it’s own SSID on the wireless side and you could connect your local venue devices via WiFi.

If you need wireless access to both LAN and WAN, then you might need to acquire a WiFI to ethernet bridge and connect it up to your BomeBox through the ethernet connector.

I bought this one for a similar configuration a few years ago. It cost about $20 USD at the time.

There are other ways to configure as well but this works for me.

The main takeaway here is that in order to serve up DHCP for both WAN and LAN access, we pretty much rely on the Modem/Router to service up DHCP for everything. This means the primary BomeBox will need to be set up as an access point on the WiFi side and an ethernet client for the ethernet side.

Since venues may change hence different IP addresses assigned, I generally don’t recommend setting up anything for as fixed IP.

Setting up a consistent Wireless SSID means you can always set up your other devices WiFi to the same SSID and not change it when the venue changes (except for BomeBox1 if it is connected to WAN via Wireless).

Steve Caldwell
Bome Q and A Moderator and
Independent Bome Consultant/Specialist
bome@sniz.biz

P.S.

I just got to thinking if you are setting up WiFi for WAN and Ethernet for LAN. You might want to have the ethernet side on BomeBox 1 set for fixed IP so you can configure it when you get to your new venue. Otherwise it will never get an IP address so you will not be able to access it. If you do this, of course you may need to reconfigure ethernet back to a client later if you want to use the venue\'s IP address range across you LAN

Actually, you may be able to set both BomeBoxes as Ethernet Client. For BomeBox1, if a DHCP connection from the host is not found, it should configure itself with IP 169.254.0.1 and then you should be able to connect a PC to it to access the configuration page. Once a DHCP host is found and assigned from the Modem, it should then use DHCP to configure the BomeBox1 IP address and start assigning IP addresses to other clients on the LAN using DHCP from the venue’s Modem/Router.

Thanks Steve, for your very thoughtful answer.

In retrospect, I think I was a bit unclear, and FAR too verbose.

To simplify:
-Envision a wired LAN which includes two BOME boxes, as well as the wired gear in my rack.
-One of the BOME boxes (A) is acting as the wired router. (DHCP server, router, etc.)
-Now add wireless access to the LAN above by configuring the other box (B) as WiFi AP.
-Now grant internet access to the LAN above by connecting it to the venue WiFi via WAN and the Box A WiFi antenna in ‘client’ mode.

That is what I’m aiming for.

Yes, I could make this happen using a relatively inexpensive Wifi/ethernet bridge. However, the cost in Canada is closer to $35, and the mobile nature of my rack means I need a POE power breakout ($15) to eliminate the loose transformer. I’d also take up additional rack space.
In fact I’ve already ordered these parts. However, I would ideally solve the challenge using only the BOME hardware and send the bridge back for a $50 refund, whilst freeing up a POE port for other uses.

Not sure whether the above influences the answer you already provided. If not, thanks again for the assist!

Chris

I just played around on the configuration I recommended and unfortunately it doesn’t work. Florian suggested a different configuration but it requires going to advanced setting in BomeBox to enable NAT for your WiFi connection to the Venue. I played around with this but to be honest, this advanced network stuff is over my head here so he agreed to look into it and provide a recommendation after he tests it.

As I said, the configuration I have running for something similar uses a Vonets WiFi to ethernet Bridge so it works great. In my configuration LAN configuration is on BomeBox WiFI and may WAN connection is on Ethernet to a WiFi bridge to my home router/modem.

I’m pretty sure there is a way to do what you are asking, so hopefully Florian can give us all the secret sauce to make it work. Right now there is no cookbook web config for WiFI WAN with Wired LAN. Just the other way around.

Steve Caldwell
Bome Q and A Moderator and
Independent Bome Consultant/Specialist
bome@sniz.biz

Thanks very much Steve, for testing this out for me.
I’m no stranger to network configuration, so perhaps I’ll give it a try when the boxes arrive.
In any case, this convinces me that having the bridge device on hand is a good idea. I may go that route just to save time. All the best.

Hi,

I was able to play around with my BomeBox to get to a working configuration. Here is what I changed after I did a full network reset with the USB stick. I am able to use BomeNetwork as well as plug a PC into my BomeBox Ethernet port to access the host internet

1 Set up Wireless as DHCP Client . You will need your House Client SSID and password to set this up (from ethernet port)
2 Set up Ethernet as Ethernet Master (default config is 192.168.1.1 for the gateway/host on BomeBox)

I imagine if the DHCP Client is using this, you will need to change this on BomeBox to a different network number in advanced configuration. In my environment this was not necessary because my host DCHP was on 192.168.0.1

3 Advanced Configuration

Firewall Screen
—————-
lan->wan accept accept accept masquerading checked MSS clamping unchecked
wan->lan accept accept accept masquerading and MSS clamping checked

Note, you are relying on your WiFi (House) host to handle firewall from the internet.
Other hosts within the LAN will be free to do anything they can on BomeBox

Might need to review the settings of wan->lan to determine if this creates other (if they have the right password). There may need to be advanced settings needed to stop malicious network hacking on users connected to the same LAN.

Steve Caldwell
Bome Q and A Moderator and
Independent Bome Consultant/Specialist
bome@sniz.biz

Awesome work. That’s the sort of thing I was going for.
In the end, though… I’m concerned about the visibility of the network to ne’er-do-wells. I’m going with a little travel router to serve as a bridge from vendor WiFi to local ethernet, connecting it to a POE switch, and then using the bomebox antenna to rebroadcast my (secure) lan. This also allows me the option of running my second BomeBox as a client to the first, potentially eliminating a cable.

Thanks again for your diligence!

I’m sure on the firewall page you should be able to change one of the settings to disallow from others on the local network.
Maybe if Wan to Lan input is reject instead of accept, return packet from NAT would still make it through. but nothing else.
Maybe I’ll do a port scan on my host network 192.168.0.1 to see if anything is open in that configurtaion.

Just a followup. Setting incoming to reject on my BomeBox from Wan to LAN fixed everything. I can still access the Internet through my wired connection on BomeBox but cannot access anything from the wireless side (including ping). A port scan from the wireless side also showed no open ports.