LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   dnsmasq, iptables, hostapd problem (https://www.linuxquestions.org/questions/linux-networking-3/dnsmasq-iptables-hostapd-problem-4175426962/)

IRIGHTI 09-12-2012 07:10 PM
dnsmasq, iptables, hostapd problem
 
I have a setup on my firewall/router (Slackware 13.37) with an external wired interface: eth0, an internal wired interface: eth1, and an internal wireless interface: wlan0.

I had some trouble getting the wireless interface working at all and then as an access point but that all seems resolved at this point. My problem is that on wlan0, after a client machine has authenticated, dnsmasq gets the DISCOVER from the interface and sends an OFFER. However, the offer is registered by dnsmasq in /var/log/messages, but with tcpdump watching wlan0 there is no offer being sent.

I am including my configs for dnsmasq (uncommented bits) and iptables, as well as pertinent log snippets.

Any help would be appreciated. I'm sure it is something simple I am missing, but I am at a loss.

ifconfig
Code:
root@doom:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:50:BA:B7:C6:54
          inet addr:XXX.XXX.XXX.XXX  Bcast:XXX.XXX.XXX.255  Mask:255.255.240.0
          inet6 addr: blahblah/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7523275 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6638896 errors:0 dropped:0 overruns:4 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:712008299 (679.0 Mb)  TX bytes:599931570 (572.1 Mb)

eth1      Link encap:Ethernet  HWaddr 00:04:75:7E:27:C8
          inet addr:10.1.10.1  Bcast:10.1.10.255  Mask:255.255.255.0
          inet6 addr: fe80::204:75ff:fe7e:27c8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:88016 errors:0 dropped:9 overruns:1 frame:0
          TX packets:81555 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:13716407 (13.0 Mb)  TX bytes:52555545 (50.1 Mb)
          Interrupt:3 Base address:0x6400

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:482 errors:0 dropped:0 overruns:0 frame:0
          TX packets:482 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:73104 (71.3 Kb)  TX bytes:73104 (71.3 Kb)

mon.wlan0 Link encap:UNSPEC  HWaddr 00-4F-62-2E-95-38-00-00-00-00-00-00-00-00-00-00
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:731620 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:94377436 (90.0 Mb)  TX bytes:0 (0.0 b)

wlan0    Link encap:Ethernet  HWaddr 00:4F:62:2E:95:38
          inet addr:10.1.10.2  Bcast:10.1.10.255  Mask:255.255.255.0
          inet6 addr: fe80::24f:62ff:fe2e:9538/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2059 errors:0 dropped:13 overruns:0 frame:0
          TX packets:1560 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:371538 (362.8 Kb)  TX bytes:347741 (339.5 Kb)
/var/log/messages
Code:
Sep 12 18:44:53 doom hostapd: wlan0: STA 3c:43:8e:71:e9:a8 WPA: pairwise key handshake completed (RSN)
Sep 12 18:44:57 doom dnsmasq-dhcp[18321]: DHCPDISCOVER(wlan0) 3c:43:8e:71:e9:a8
Sep 12 18:44:57 doom dnsmasq-dhcp[18321]: DHCPOFFER(wlan0) 10.1.10.22 3c:43:8e:71:e9:a8
Sep 12 18:44:58 doom dnsmasq-dhcp[18321]: DHCPDISCOVER(wlan0) 3c:43:8e:71:e9:a8
Sep 12 18:44:58 doom dnsmasq-dhcp[18321]: DHCPOFFER(wlan0) 10.1.10.22 3c:43:8e:71:e9:a8
Sep 12 18:45:05 doom dnsmasq-dhcp[18321]: DHCPDISCOVER(wlan0) 3c:43:8e:71:e9:a8
Sep 12 18:45:05 doom dnsmasq-dhcp[18321]: DHCPOFFER(wlan0) 10.1.10.22 3c:43:8e:71:e9:a8
tcpdump -i wlan0
Code:
18:42:37.552932 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:43:8e:71:e9:a8 (oui Unknown), length 302
18:42:37.553025 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:43:8e:71:e9:a8 (oui Unknown), length 302
18:42:45.571376 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:43:8e:71:e9:a8 (oui Unknown), length 302
18:42:45.571518 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:43:8e:71:e9:a8 (oui Unknown), length 302
18:43:01.948109 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:43:8e:71:e9:a8 (oui Unknown), length 302
18:43:01.948201 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:43:8e:71:e9:a8 (oui Unknown), length 302
dnsmasq.conf
Code:
domain-needed
resolv-file=/etc/resolv.dnsmasq.conf
interface=lo
interface=eth1
interface=wlan0
expand-hosts
domain=irighti.local
dhcp-range=10.1.10.10,10.1.10.30,255.255.255.0,12h
dhcp-option=3,10.1.10.1
iptables
Code:
EXTIFACE="eth0"
INTIFACE="eth1"
APIFACE="wlan0"

if [ $# -eq 0 ]
then
        echo "Use 4 for ipv4 and 6 for ipv6"
        exit
fi

if [ $1 -eq 4 ]
then
        IPT="iptables"
fi

if [ $1 -eq 6 ]
then
        IPT="ip6tables"
fi

echo "$IPT was used"

###################################################3

$IPT -Z
$IPT -F
$IPT -t mangle -F
$IPT -X
$IPT -t mangle -X

if [ $1 -eq 4 ]
then
        $IPT -t nat -F
        $IPT -t nat -X
fi

#############################################################
#############################################################

if [ $1 -eq 4 ]
then
        INETIP=`ifconfig | grep -A 1 "eth0" | tail -n 1 | cut -d ":" -f2 | cut -d " " -f1`
fi
if [ $1 -eq 6 ]
then
        INETIP=`ifconfig | grep -A 2 "eth0" | tail -n 1 | cut -d ":" -f2,3,4,5,6,7 | cut -d "/" -f1`
fi

##################################################################
if [ $1 -eq 4 ]
then
        echo "1" > /proc/sys/net/ipv4/ip_forward
fi

if [ $1 -eq 6 ]
then
        echo "1" > /proc/sys/net/ipv6/conf/all/forwarding
        echo "1" > /proc/sys/net/ipv6/conf/all/proxy_ndp
        echo "1" > /proc/sys/net/ipv6/conf/all/accept_ra
fi

####################################################################

$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP

#####################################################################
#####################################################################

$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -i $INTIFACE -j ACCEPT
$IPT -A INPUT -i $APIFACE -j ACCEPT
#$IPT -A INPUT -p tcp -i $EXTIFACE -d $INETIP --dport 8080 -j ACCEPT
#$IPT -A INPUT -p tcp -i $EXTIFACE -d $INETIP --dport 22 -j ACCEPT
#$IPT -A INPUT -p tcp -i $EXTIFACE -d $INETIP --dport 113 -j ACCEPT
$IPT -A INPUT -p tcp -i $EXTIFACE -d $INETIP --dport 6881:6889 -j ACCEPT
$IPT -A INPUT -p udp -i $EXTIFACE -d $INETIP --dport 123 -j ACCEPT
$IPT -A INPUT -p icmp -m limit --limit 2/s -i $EXTIFACE -j ACCEPT
$IPT -A INPUT -i $EXTIFACE -d $INETIP -m state --state ESTABLISHED,RELATED -j ACCEPT

########################################################################

$IPT -A OUTPUT -j ACCEPT

#########################################################################
$IPT -A FORWARD -i $INTIFACE -j ACCEPT
$IPT -A FORWARD -i $APIFACE -j ACCEPT
$IPT -A FORWARD -i $EXTIFACE -p tcp --dport 6881:6889 -j ACCEPT
$IPT -A FORWARD -i $EXTIFACE -o $INTIFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $EXTIFACE -o $APIFACE -m state --state ESTABLISHED,RELATED -j ACCEPT

#########################################################################

if [ $1 -eq 4 ]
then
        $IPT -t nat -A PREROUTING -p tcp --dport 6881:6889 -j DNAT --to-destination 10.1.10.20
        $IPT -t nat -A PREROUTING -d 10.1.10.1 -p tcp --dport 80 -j REDIRECT --to-port 8080

        $IPT -t nat -A POSTROUTING -o $EXTIFACE -j SNAT --to-source $INETIP
fi

IRIGHTI 09-12-2012 09:17 PM
Apparently, everybody but me knew you can't have two interfaces on the same subnet. Oops.


All times are GMT -5. The time now is 11:32 AM.