LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-12-2012, 07:10 PM   #1
IRIGHTI
Member
 
Registered: Oct 2003
Distribution: Slackware64 13.1 x86_64, Ubuntu 10.04 x86_64
Posts: 121

Rep: Reputation: 15
dnsmasq, iptables, hostapd problem


I have a setup on my firewall/router (Slackware 13.37) with an external wired interface: eth0, an internal wired interface: eth1, and an internal wireless interface: wlan0.

I had some trouble getting the wireless interface working at all and then as an access point but that all seems resolved at this point. My problem is that on wlan0, after a client machine has authenticated, dnsmasq gets the DISCOVER from the interface and sends an OFFER. However, the offer is registered by dnsmasq in /var/log/messages, but with tcpdump watching wlan0 there is no offer being sent.

I am including my configs for dnsmasq (uncommented bits) and iptables, as well as pertinent log snippets.

Any help would be appreciated. I'm sure it is something simple I am missing, but I am at a loss.

ifconfig
Code:
root@doom:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:50:BA:B7:C6:54
          inet addr:XXX.XXX.XXX.XXX  Bcast:XXX.XXX.XXX.255  Mask:255.255.240.0
          inet6 addr: blahblah/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7523275 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6638896 errors:0 dropped:0 overruns:4 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:712008299 (679.0 Mb)  TX bytes:599931570 (572.1 Mb)

eth1      Link encap:Ethernet  HWaddr 00:04:75:7E:27:C8
          inet addr:10.1.10.1  Bcast:10.1.10.255  Mask:255.255.255.0
          inet6 addr: fe80::204:75ff:fe7e:27c8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:88016 errors:0 dropped:9 overruns:1 frame:0
          TX packets:81555 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:13716407 (13.0 Mb)  TX bytes:52555545 (50.1 Mb)
          Interrupt:3 Base address:0x6400

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:482 errors:0 dropped:0 overruns:0 frame:0
          TX packets:482 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:73104 (71.3 Kb)  TX bytes:73104 (71.3 Kb)

mon.wlan0 Link encap:UNSPEC  HWaddr 00-4F-62-2E-95-38-00-00-00-00-00-00-00-00-00-00
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:731620 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:94377436 (90.0 Mb)  TX bytes:0 (0.0 b)

wlan0     Link encap:Ethernet  HWaddr 00:4F:62:2E:95:38
          inet addr:10.1.10.2  Bcast:10.1.10.255  Mask:255.255.255.0
          inet6 addr: fe80::24f:62ff:fe2e:9538/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2059 errors:0 dropped:13 overruns:0 frame:0
          TX packets:1560 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:371538 (362.8 Kb)  TX bytes:347741 (339.5 Kb)
/var/log/messages
Code:
Sep 12 18:44:53 doom hostapd: wlan0: STA 3c:43:8e:71:e9:a8 WPA: pairwise key handshake completed (RSN)
Sep 12 18:44:57 doom dnsmasq-dhcp[18321]: DHCPDISCOVER(wlan0) 3c:43:8e:71:e9:a8
Sep 12 18:44:57 doom dnsmasq-dhcp[18321]: DHCPOFFER(wlan0) 10.1.10.22 3c:43:8e:71:e9:a8
Sep 12 18:44:58 doom dnsmasq-dhcp[18321]: DHCPDISCOVER(wlan0) 3c:43:8e:71:e9:a8
Sep 12 18:44:58 doom dnsmasq-dhcp[18321]: DHCPOFFER(wlan0) 10.1.10.22 3c:43:8e:71:e9:a8
Sep 12 18:45:05 doom dnsmasq-dhcp[18321]: DHCPDISCOVER(wlan0) 3c:43:8e:71:e9:a8
Sep 12 18:45:05 doom dnsmasq-dhcp[18321]: DHCPOFFER(wlan0) 10.1.10.22 3c:43:8e:71:e9:a8
tcpdump -i wlan0
Code:
18:42:37.552932 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:43:8e:71:e9:a8 (oui Unknown), length 302
18:42:37.553025 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:43:8e:71:e9:a8 (oui Unknown), length 302
18:42:45.571376 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:43:8e:71:e9:a8 (oui Unknown), length 302
18:42:45.571518 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:43:8e:71:e9:a8 (oui Unknown), length 302
18:43:01.948109 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:43:8e:71:e9:a8 (oui Unknown), length 302
18:43:01.948201 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:43:8e:71:e9:a8 (oui Unknown), length 302
dnsmasq.conf
Code:
domain-needed
resolv-file=/etc/resolv.dnsmasq.conf
interface=lo
interface=eth1
interface=wlan0
expand-hosts
domain=irighti.local
dhcp-range=10.1.10.10,10.1.10.30,255.255.255.0,12h
dhcp-option=3,10.1.10.1
iptables
Code:
EXTIFACE="eth0"
INTIFACE="eth1"
APIFACE="wlan0"

if [ $# -eq 0 ]
then
        echo "Use 4 for ipv4 and 6 for ipv6"
        exit
fi

if [ $1 -eq 4 ]
then
        IPT="iptables"
fi

if [ $1 -eq 6 ]
then
        IPT="ip6tables"
fi

echo "$IPT was used"

###################################################3

$IPT -Z
$IPT -F
$IPT -t mangle -F
$IPT -X
$IPT -t mangle -X

if [ $1 -eq 4 ]
then
        $IPT -t nat -F
        $IPT -t nat -X
fi

#############################################################
#############################################################

if [ $1 -eq 4 ]
then
        INETIP=`ifconfig | grep -A 1 "eth0" | tail -n 1 | cut -d ":" -f2 | cut -d " " -f1`
fi
if [ $1 -eq 6 ]
then
        INETIP=`ifconfig | grep -A 2 "eth0" | tail -n 1 | cut -d ":" -f2,3,4,5,6,7 | cut -d "/" -f1`
fi

##################################################################
if [ $1 -eq 4 ]
then
        echo "1" > /proc/sys/net/ipv4/ip_forward
fi

if [ $1 -eq 6 ]
then
        echo "1" > /proc/sys/net/ipv6/conf/all/forwarding
        echo "1" > /proc/sys/net/ipv6/conf/all/proxy_ndp
        echo "1" > /proc/sys/net/ipv6/conf/all/accept_ra
fi

####################################################################

$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP

#####################################################################
#####################################################################

$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -i $INTIFACE -j ACCEPT
$IPT -A INPUT -i $APIFACE -j ACCEPT
#$IPT -A INPUT -p tcp -i $EXTIFACE -d $INETIP --dport 8080 -j ACCEPT
#$IPT -A INPUT -p tcp -i $EXTIFACE -d $INETIP --dport 22 -j ACCEPT
#$IPT -A INPUT -p tcp -i $EXTIFACE -d $INETIP --dport 113 -j ACCEPT
$IPT -A INPUT -p tcp -i $EXTIFACE -d $INETIP --dport 6881:6889 -j ACCEPT
$IPT -A INPUT -p udp -i $EXTIFACE -d $INETIP --dport 123 -j ACCEPT
$IPT -A INPUT -p icmp -m limit --limit 2/s -i $EXTIFACE -j ACCEPT
$IPT -A INPUT -i $EXTIFACE -d $INETIP -m state --state ESTABLISHED,RELATED -j ACCEPT

########################################################################

$IPT -A OUTPUT -j ACCEPT

#########################################################################
$IPT -A FORWARD -i $INTIFACE -j ACCEPT
$IPT -A FORWARD -i $APIFACE -j ACCEPT
$IPT -A FORWARD -i $EXTIFACE -p tcp --dport 6881:6889 -j ACCEPT
$IPT -A FORWARD -i $EXTIFACE -o $INTIFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $EXTIFACE -o $APIFACE -m state --state ESTABLISHED,RELATED -j ACCEPT

#########################################################################

if [ $1 -eq 4 ]
then
        $IPT -t nat -A PREROUTING -p tcp --dport 6881:6889 -j DNAT --to-destination 10.1.10.20
        $IPT -t nat -A PREROUTING -d 10.1.10.1 -p tcp --dport 80 -j REDIRECT --to-port 8080

        $IPT -t nat -A POSTROUTING -o $EXTIFACE -j SNAT --to-source $INETIP
fi
 
Old 09-12-2012, 09:17 PM   #2
IRIGHTI
Member
 
Registered: Oct 2003
Distribution: Slackware64 13.1 x86_64, Ubuntu 10.04 x86_64
Posts: 121

Original Poster
Rep: Reputation: 15
Apparently, everybody but me knew you can't have two interfaces on the same subnet. Oops.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
dnsmasq being blocked by iptables CosmicSea Linux - Networking 3 05-07-2012 05:43 AM
hostapd problem with wpa mousi Linux - Wireless Networking 1 05-12-2010 10:56 AM
bridge-utils / dnsmasq / iptables / debian => internet sharing problems cocchiararo Linux - Networking 5 09-17-2009 07:27 PM
hostapd problem simonmcquire Linux - Networking 0 06-21-2009 07:24 AM
Hostapd problem with b43 (nl80211) Janhouse Linux - Networking 0 06-01-2009 04:53 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:05 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration