I have a setup on my firewall/router (Slackware 13.37) with an external wired interface: eth0, an internal wired interface: eth1, and an internal wireless interface: wlan0.
I had some trouble getting the wireless interface working at all and then as an access point but that all seems resolved at this point. My problem is that on wlan0, after a client machine has authenticated, dnsmasq gets the DISCOVER from the interface and sends an OFFER. However, the offer is registered by dnsmasq in /var/log/messages, but with tcpdump watching wlan0 there is no offer being sent.
I am including my configs for dnsmasq (uncommented bits) and iptables, as well as pertinent log snippets.
Any help would be appreciated. I'm sure it is something simple I am missing, but I am at a loss.
ifconfig
Code:
root@doom:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:BA:B7:C6:54
inet addr:XXX.XXX.XXX.XXX Bcast:XXX.XXX.XXX.255 Mask:255.255.240.0
inet6 addr: blahblah/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7523275 errors:0 dropped:0 overruns:0 frame:0
TX packets:6638896 errors:0 dropped:0 overruns:4 carrier:0
collisions:0 txqueuelen:1000
RX bytes:712008299 (679.0 Mb) TX bytes:599931570 (572.1 Mb)
eth1 Link encap:Ethernet HWaddr 00:04:75:7E:27:C8
inet addr:10.1.10.1 Bcast:10.1.10.255 Mask:255.255.255.0
inet6 addr: fe80::204:75ff:fe7e:27c8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:88016 errors:0 dropped:9 overruns:1 frame:0
TX packets:81555 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:13716407 (13.0 Mb) TX bytes:52555545 (50.1 Mb)
Interrupt:3 Base address:0x6400
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:482 errors:0 dropped:0 overruns:0 frame:0
TX packets:482 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:73104 (71.3 Kb) TX bytes:73104 (71.3 Kb)
mon.wlan0 Link encap:UNSPEC HWaddr 00-4F-62-2E-95-38-00-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:731620 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:94377436 (90.0 Mb) TX bytes:0 (0.0 b)
wlan0 Link encap:Ethernet HWaddr 00:4F:62:2E:95:38
inet addr:10.1.10.2 Bcast:10.1.10.255 Mask:255.255.255.0
inet6 addr: fe80::24f:62ff:fe2e:9538/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2059 errors:0 dropped:13 overruns:0 frame:0
TX packets:1560 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:371538 (362.8 Kb) TX bytes:347741 (339.5 Kb)
/var/log/messages
Code:
Sep 12 18:44:53 doom hostapd: wlan0: STA 3c:43:8e:71:e9:a8 WPA: pairwise key handshake completed (RSN)
Sep 12 18:44:57 doom dnsmasq-dhcp[18321]: DHCPDISCOVER(wlan0) 3c:43:8e:71:e9:a8
Sep 12 18:44:57 doom dnsmasq-dhcp[18321]: DHCPOFFER(wlan0) 10.1.10.22 3c:43:8e:71:e9:a8
Sep 12 18:44:58 doom dnsmasq-dhcp[18321]: DHCPDISCOVER(wlan0) 3c:43:8e:71:e9:a8
Sep 12 18:44:58 doom dnsmasq-dhcp[18321]: DHCPOFFER(wlan0) 10.1.10.22 3c:43:8e:71:e9:a8
Sep 12 18:45:05 doom dnsmasq-dhcp[18321]: DHCPDISCOVER(wlan0) 3c:43:8e:71:e9:a8
Sep 12 18:45:05 doom dnsmasq-dhcp[18321]: DHCPOFFER(wlan0) 10.1.10.22 3c:43:8e:71:e9:a8
tcpdump -i wlan0
Code:
18:42:37.552932 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:43:8e:71:e9:a8 (oui Unknown), length 302
18:42:37.553025 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:43:8e:71:e9:a8 (oui Unknown), length 302
18:42:45.571376 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:43:8e:71:e9:a8 (oui Unknown), length 302
18:42:45.571518 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:43:8e:71:e9:a8 (oui Unknown), length 302
18:43:01.948109 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:43:8e:71:e9:a8 (oui Unknown), length 302
18:43:01.948201 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:43:8e:71:e9:a8 (oui Unknown), length 302
dnsmasq.conf
Code:
domain-needed
resolv-file=/etc/resolv.dnsmasq.conf
interface=lo
interface=eth1
interface=wlan0
expand-hosts
domain=irighti.local
dhcp-range=10.1.10.10,10.1.10.30,255.255.255.0,12h
dhcp-option=3,10.1.10.1
iptables
Code:
EXTIFACE="eth0"
INTIFACE="eth1"
APIFACE="wlan0"
if [ $# -eq 0 ]
then
echo "Use 4 for ipv4 and 6 for ipv6"
exit
fi
if [ $1 -eq 4 ]
then
IPT="iptables"
fi
if [ $1 -eq 6 ]
then
IPT="ip6tables"
fi
echo "$IPT was used"
###################################################3
$IPT -Z
$IPT -F
$IPT -t mangle -F
$IPT -X
$IPT -t mangle -X
if [ $1 -eq 4 ]
then
$IPT -t nat -F
$IPT -t nat -X
fi
#############################################################
#############################################################
if [ $1 -eq 4 ]
then
INETIP=`ifconfig | grep -A 1 "eth0" | tail -n 1 | cut -d ":" -f2 | cut -d " " -f1`
fi
if [ $1 -eq 6 ]
then
INETIP=`ifconfig | grep -A 2 "eth0" | tail -n 1 | cut -d ":" -f2,3,4,5,6,7 | cut -d "/" -f1`
fi
##################################################################
if [ $1 -eq 4 ]
then
echo "1" > /proc/sys/net/ipv4/ip_forward
fi
if [ $1 -eq 6 ]
then
echo "1" > /proc/sys/net/ipv6/conf/all/forwarding
echo "1" > /proc/sys/net/ipv6/conf/all/proxy_ndp
echo "1" > /proc/sys/net/ipv6/conf/all/accept_ra
fi
####################################################################
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
#####################################################################
#####################################################################
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -i $INTIFACE -j ACCEPT
$IPT -A INPUT -i $APIFACE -j ACCEPT
#$IPT -A INPUT -p tcp -i $EXTIFACE -d $INETIP --dport 8080 -j ACCEPT
#$IPT -A INPUT -p tcp -i $EXTIFACE -d $INETIP --dport 22 -j ACCEPT
#$IPT -A INPUT -p tcp -i $EXTIFACE -d $INETIP --dport 113 -j ACCEPT
$IPT -A INPUT -p tcp -i $EXTIFACE -d $INETIP --dport 6881:6889 -j ACCEPT
$IPT -A INPUT -p udp -i $EXTIFACE -d $INETIP --dport 123 -j ACCEPT
$IPT -A INPUT -p icmp -m limit --limit 2/s -i $EXTIFACE -j ACCEPT
$IPT -A INPUT -i $EXTIFACE -d $INETIP -m state --state ESTABLISHED,RELATED -j ACCEPT
########################################################################
$IPT -A OUTPUT -j ACCEPT
#########################################################################
$IPT -A FORWARD -i $INTIFACE -j ACCEPT
$IPT -A FORWARD -i $APIFACE -j ACCEPT
$IPT -A FORWARD -i $EXTIFACE -p tcp --dport 6881:6889 -j ACCEPT
$IPT -A FORWARD -i $EXTIFACE -o $INTIFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $EXTIFACE -o $APIFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
#########################################################################
if [ $1 -eq 4 ]
then
$IPT -t nat -A PREROUTING -p tcp --dport 6881:6889 -j DNAT --to-destination 10.1.10.20
$IPT -t nat -A PREROUTING -d 10.1.10.1 -p tcp --dport 80 -j REDIRECT --to-port 8080
$IPT -t nat -A POSTROUTING -o $EXTIFACE -j SNAT --to-source $INETIP
fi