On Monday, August 10, 2015 8:59:27 AM Cor Legemaat wrote: > On Thu, 2015-08-06 at 23:41 -0400, Fernando Rodriguez wrote: > > On Thursday, August 06, 2015 7:04:27 AM Cor Legemaat wrote: > > > On Wed, 2015-08-05 at 01:00 -0400, Fernando Rodriguez wrote: > > > > On Tuesday, August 04, 2015 8:18:43 PM Cor Legemaat wrote: > > > > > On Sun, 2015-08-02 at 19:56 -0400, Fernando Rodriguez wrote: > > > > > > On Sunday, August 02, 2015 11:12:07 PM Mick wrote: > > > > > > > On Sunday 02 Aug 2015 22:04:41 Fernando Rodriguez wrote: > > > > > > > > On Sunday, August 02, 2015 1:29:50 PM Mick wrote: > > > > > > > > > On Sunday 02 Aug 2015 01:50:21 Fernando Rodriguez > > > > > > > > > wrote: > > > > > > > > > > Hello, > > > > > > > > > > > > > > > > > > > > After installing hostapd I can successfully connect > > > > > > > > > > to > > > > > > > > > > the > > > > > > > > > > AP, I can > > > > > > > > > > get DHCP from it, but I cannot access the network > > > > > > > > > > through it > > > > > > > > > > (neither > > > > > > > > > > lan or internet). > > > > > > > > > > > > > > > > > > This sounds like a (network) routing problem, rather > > > > > > > > > than a > > > > > > > > > hostapd > > > > > > > > > issue. > > > > > > > > > > > > > > > > It looks like that, but if I stop iptables completely on > > > > > > > > the > > > > > > > > router all > > > > > > > > unicast traffic still works in the lan (both wired and > > > > > > > > through > > > > > > > > an external > > > > > > > > AP), so if I connect to the hostapd AP with iptables off, > > > > > > > > shouldn't I at > > > > > > > > the very least be able to ping the wireless interface on > > > > > > > > the > > > > > > > > router? > > > > > > > > > > > > > > > > I also tried with only the following rule which enables > > > > > > > > internet > > > > > > > > access to > > > > > > > > all wired workstations and through external AP: > > > > > > > > > > > > > > > > iptables -t nat -A POSTROUTING -o enp0s8 -j MASQUERADE > > > > > > > > > > > > > > You should probably specify the local subnet, so that > > > > > > > multicast packets are > > > > > > > not sent out to the Internet, e.g.: > > > > > > > > > > > > > > iptables -t nat -A POSTROUTING -o enp0s8 -s 192.168.1.0/24 > > > > > > > ! -d > > > > > > 192.168.1.0/24 > > > > > > > -j MASQUERADE > > > > > > > > > > > > > > (Change 192.168.1.0/24 to suit your LAN subnet) > > > > > > > > > > > > I'm not actually using that rule except as a minimal setup > > > > > > for troubleshooting > > > > > > this issue. My actual rules do specify the subnet. > > > > > > > > > > > > > Also have you enabled ip forwarding in your kernel: > > > > > > > > > > > > > > sysctl -w net.ipv4.ip_forward=1 > > > > > > > > > > > > Yes, it is an existing router that works perfectly except > > > > > > for the hostapd AP. > > > > > > My current setup is as follows: > > > > > > > > > > > > Internet -> Gentoo Router -> Switch -> AP > > > > > > > > > > > > Where AP is a wifi router with routing features disabled. > > > > > > Never had > > > > > > problems > > > > > > with it. Now I installed hostapd on "Gentoo Router" and > > > > > > everything > > > > > > else still > > > > > > works fine except when I connect to the hostapd AP. Even > > > > > > with only > > > > > > that minimal > > > > > > iptable rule or no rules at all. > > > > > > > > > > > > Thanks, > > > > > > > > > > > Probably /dev/random depleated, try enable your hardware rng > > > > > or sys- > > > > > apps/haveged test with `cat > > > > > /proc/sys/kernel/random/entropy_avail` > > > > > > > > > > Regards: > > > > > Cor > > > > > > > > Thanks. II did get an error about depleted entropy at some point > > > > when starting > > > > hostapd but I went ahead and installed haveged and it still > > > > doesn't work. It > > > > doesn't even work when configured as an open AP. I checked the > > > > kernel config and > > > > I had VLAN support disabled. I've rebuilt it but can't reboot > > > > right now. Maybe > > > > it's required even though I'm not using VLANs? > > > > > > > Is there an IP configured on the interface or the bridge of that > > > interface? > > > > Yes > > > > > Can you ping your gateway? > > > > No...I can ping it locally or remotely when I connect through the > > external AP > > but not through hostapd. > > > > > If I'm correct dhcp uses > > > broadcast but you need a valid gateway IP switchable on mac layer. > > > > > > Does it stay connected? > > > > Yes > > > > > I have a problem with a link between hostapd > > > and a mikrotik device on 802.11a where I needed to patch hostapd > > > to get it to stay connected. But that should show in hostapd debug > > > logs. Mine is still running on hostapd-2.3 because if I update and > > > screw it my internet is broken, if that's your problem I will > > > search for my notes and mail it. > > > > Tried hostapd-2.3 too, same thing. > > I will try it on a laptop with a more recent adapter tomorrow to > > rule that > > out. > > > > > Regards: Cor > > > If you stay connected I would assume your hostapd setup and key is > correct, otherwise you wouldn't receive a dhcp answer. That must be an > IP config/iptables problem but very difficult to help if I can't see > your setup. > > Regards: > Cor
I used only this rule for testing: iptables -t nat -A POSTROUTING -o enp0s8 -j MASQUERADE I tested on a laptop and the same setup works with one minor issue, bringing up the wireless interface creates a routing table entry that tries to route LAN traffic through the wireless interface so I can't access the wired LAN or internet (since it has to go through the gateway) until I delete it manually, but I can still access the laptop through the wireless interface. Other than that the differences are that the laptop uses ath9k whereas the router uses ath5k and the router uses the gentoo-sources-3.18.12 and laptop currently has 4.0.6 from git. -- Fernando Rodriguez
