headers
Denis Vlasenko | 1 Nov 2004 08:19
Picon

Re: WDS link problem: ping only

On Monday 01 November 2004 06:05, michael schatz wrote:
> 
> Hi-
> I've established a WDS static link between two APs running hostAP (call
> them AP:A and AP:B) under RedHat 9.0. AP:A and all wireless devices that
> associate with it have full access to the internet (ping, DNS, web
> browsing, ssh, etc). AP:B also has full access to the internet, but
> all wireless devices associated with AP:B can only ping (only by using IP

ping what? ping anything? ping AP only?

> addresses)....nothing else works( no DNS, no ssh, no web
> browsing, etc). below
> i give the architecture and the scripts on both APs (/etc/rc.local)
> that i use to set up the WDS link with ipforwarding and routing. could
> someone suggest what i'm missing in configuring the forwarding/routing
> of AP:B's devices?
> 
> 
> Thanks!
> 
> Mike
> 
> > > INTERNET via router (192.168.0.1)
> > > |
> > > |
> > > eth0 (192.168.0.7): AP-A :wlan0 (10.1.2.1) -- 
> > > |
> > > |
> > > |10.1.2.254/30
(Continue reading)

Permalink | Reply |
headers
michael schatz | 1 Nov 2004 13:20
Picon
Favicon

Re: WDS link problem: ping only

denis-
thanks for your responses---i think you understand my difficulty well, but i'm not
sure i understand what to do based on your suggestions...see below

Denis Vlasenko <vda <at> port.imtp.ilyichevsk.odessa.ua> wrote:

On Monday 01 November 2004 06:05, michael schatz wrote:
>
> Hi-
> I've established a WDS static link between two APs running hostAP (call
> them AP:A and AP:B) under RedHat 9.0. AP:A and all wireless devices that
> associate with it have full access to the internet (ping, DNS, web
> browsing, ssh, etc). AP:B also has full access to the internet, but
> all wireless devices associated with AP:B can only ping (only by using IP

ping what? ping anything? ping AP only?

everything behind AP:B can ping anything (AP:B, AP:A, wireless devices on AP:A, anything on the internet) but only if i use the explicit IP address-i.e. host names are not resolved.


> addresses)....nothing else works( no DNS, no ssh, no web
> browsing, etc). below
> i give the architecture and the scripts on both APs (/etc/rc.local)
> that i use to set up the WDS link with ipforwarding and routing. could
> someone suggest what i'm missing in configuring the forwarding/routing
> of AP:B's devices?
>
>
> Thanks!
>
> Mike
>


You most probably meant this:

INTERNET via router (192.168.0.1)
|
|
eth0 (192.168.0.7)
AP-A wlan0 (10.1.2.1) --
10.1.2.254/30
|
WDS
|
10.1.2.253/30
AP-B wlan0 (10.1.3.1) --

yes, denis---your sketch is better and correct.

 

 


> ********AP:A initialization script********
> #!/bin/sh
> #
>
> touch /var/lock/subsys/local
> echo "Local wlan0 config. stuff"
> /sbin/iwconfig wlan0 channel 1 ESSID "Vedado" txpower 15
>
> echo "setup WDS static link"
> #MAC address below from AP on other end of the link
> iwpriv wlan0 wds_add BB:BB:BB:BB:BB:BB
> ip addr add 10.1.2.254/30 broadcast 10.1.2.255 dev wlan0wds0
> ip link set wlan0wds0 up
>
> echo "Enabling IP Masquerading"
> /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> echo "1" >/proc/sys/net/ipv4/ip_forward

You dont have any routing setup here.
Does AP-A know how to reach 10.1.3.x?
If not, nothing will work from behind AP-B.

you are exactly right!.....AP-A  _cannot_ reach 10.1.3.x   i think this is the main problem...how specifically do i correct this?

 


> ********AP:B initialization script********
>
> #!/bin/sh
> #
> touch /var/lock/subsys/local
> echo "Local wlan0 config. stuff"
> /sbin/iwconfig wlan0 channel 1 ESSID "Vedado" txpower 23
>
> echo "set up WDS static link"
> #MAC address below from other end of link
> iwpriv wlan0 wds_add AA:AA:AA:AA:AA:AA
>
> ip addr add 10.1.2.253/30 broadcast 10.1.2.255 dev wlan0wds0
> ip link set wlan0wds0 up
>
> echo "Enabling IP Masquerading"
> /sbin/iptables -t nat -A POSTROUTING -o wlan0wds0 -j MASQUERADE
> /sbin/route add -net default gw 10.1.2.254 metric 1
>
> echo "1" >/proc/sys/net/ipv4/ip_forward

This looks ok.

BTW, use tcpdump to see what's going on the 'wire'.
--

How specifically do i use tcpdump in this case?

 



 

Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
_______________________________________________
HostAP mailing list
HostAP <at> shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap
Permalink | Reply |
headers
Denis Vlasenko | 1 Nov 2004 14:15
Picon

Re: WDS link problem: ping only

On Monday 01 November 2004 14:20, michael schatz wrote:
> denis-
> thanks for your responses---i think you understand my difficulty well, but i'm not
> sure i understand what to do based on your suggestions...see below
> 
> Denis Vlasenko <vda <at> port.imtp.ilyichevsk.odessa.ua> wrote: 
> 
> On Monday 01 November 2004 06:05, michael schatz wrote:
> > 
> > Hi-
> > I've established a WDS static link between two APs running hostAP (call
> > them AP:A and AP:B) under RedHat 9.0. AP:A and all wireless devices that
> > associate with it have full access to the internet (ping, DNS, web
> > browsing, ssh, etc). AP:B also has full access to the internet, but
> > all wireless devices associated with AP:B can only ping (only by using IP
> 
> ping what? ping anything? ping AP only?
> 
> 
> everything behind AP:B can ping anything (AP:B, AP:A, wireless devices on AP:A, anything on the
internet) but only if i use the explicit IP address-i.e. host names are not resolved.

Your routing/firewall is correct, then. Only DNS is messed up.

Do "ping www.yahoo.com" and watch tcpdumps, you
will see where do DNS requests are going,
and wheter there is any reply.

Check /etc/resolv.conf

> You most probably meant this:
> 
> INTERNET via router (192.168.0.1)
> |
> |
> eth0 (192.168.0.7)
> AP-A wlan0 (10.1.2.1) -- 
> 10.1.2.254/30
> |
> WDS
> |
> 10.1.2.253/30

> AP-B wlan0 (10.1.3.1) --
> > ********AP:A initialization script********
> > #!/bin/sh
> > #
> > 
> > touch /var/lock/subsys/local
> > echo "Local wlan0 config. stuff"
> > /sbin/iwconfig wlan0 channel 1 ESSID "Vedado" txpower 15
> > 
> > echo "setup WDS static link"
> > #MAC address below from AP on other end of the link
> > iwpriv wlan0 wds_add BB:BB:BB:BB:BB:BB
> > ip addr add 10.1.2.254/30 broadcast 10.1.2.255 dev wlan0wds0
> > ip link set wlan0wds0 up
> > 
> > echo "Enabling IP Masquerading"
> > /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> > echo "1" >/proc/sys/net/ipv4/ip_forward
> 
> You dont have any routing setup here.
> Does AP-A know how to reach 10.1.3.x?
> If not, nothing will work from behind AP-B.
> 
> you are exactly right!.....AP-A  _cannot_ reach 10.1.3.x   i think this is the main problem...how
specifically do i correct this?

At closer examination, you have MASQed out 10.1.3.x

You can leave it as is if you do want 10.1.3.x
firewalled from outside.

Or remove MASQ and add routing rule on AP-A so that it
knows thtat there is a subnet behind AP-B's ip:

> > ********AP:B initialization script********
> > 
> > #!/bin/sh
> > #
> > touch /var/lock/subsys/local
> > echo "Local wlan0 config. stuff"
> > /sbin/iwconfig wlan0 channel 1 ESSID "Vedado" txpower 23
> > 
> > echo "set up WDS static link"
> > #MAC address below from other end of link
> > iwpriv wlan0 wds_add AA:AA:AA:AA:AA:AA
> > 
> > ip addr add 10.1.2.253/30 broadcast 10.1.2.255 dev wlan0wds0
> > ip link set wlan0wds0 up
> > 
> > echo "Enabling IP Masquerading"
> > /sbin/iptables -t nat -A POSTROUTING -o wlan0wds0 -j MASQUERADE
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

remove this, then add on AP-A:

ip route add 10.1.3.0/24 via 10.1.2.253

> BTW, use tcpdump to see what's going on the 'wire'.
> 
> How specifically do i use tcpdump in this case?

tcpdump -nli<interface>
--
vda
Permalink | Reply |

Gmane