LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-15-2015, 04:03 AM   #1
make
Member
 
Registered: Apr 2004
Distribution: Mandriva, Ubuntu, openSuSE, FreeBSD, OpenSolaris, PC-BSD
Posts: 195

Rep: Reputation: 30
hostapd doesn't accept WPA key and doesn't forward wlan0 to eth0 (LAN)


I have a CompuLab Fit-PC4-CG420-WACB-FM4U (www.fit-pc.com/web/products/fit-pc4/) + 16GB RAM + SSD fanless small PC as a router & load balancer, the OS is Debian 8 Jessie (minimal network install without desktop). It is balancing all internet traffic between 4 ISP's, one of them being an ADSL connection (eth1) and others LTE with 3 x D-Link DWM-221 USB modems (ppp0, ppp1 and ppp2). I am using the Net-ISP-Balance (http://lstein.github.io/Net-ISP-Balance/) package for this, because it makes it very simple and load balancing works, in fact, perfectly. With dnsmasq as a caching DNS server, the internet is very, very fast (as long as the download/upload operation is not one big chunk, but several connections, eg. web pages).

With DHCP, DNS, routing and internet working like a charm, only two problems remain, both related to WiFi. I've searched for solutions on Google and other search engines for weeks and weeks, but I finally have to give up and consult to wiser people than myself. I am not going to figure this out by reading more HOWTO's and forums.

This mini PC has the Intel 7260 (rev 73) wireless card (iwlwifi driver), so I'd like to utilize it as a wireless access point, too. This wireless card supports running it as an access point (see "iw list" below), so hardware support should not cause a problem. The problems are as follows:
  1. hostapd (or something else) won't accept the (correct) WPA key when I try to connect. *SOLVED*
  2. I cannot ping any address or use the internet. wlan0 does not forward to eth0 (the local network) for some reason. Either br0 does not work or I need some additional iptables rule.

/etc/hostapd/hostapd.conf
Code:
interface=wlan0
#driver=nl80211 can also be commented out, seems to have no effect whatsoever
driver=nl80211
bridge=br0
country_code=FI
ssid=TESTWIFI
hw_mode=g
ieee80211n=1
ieee80211d=1
ieee80211h=1
channel=11
wmm_enabled=1
wpa=2
wpa_passphrase=testpassphrase
wpa_key_mgmt=WPA-PSK WPA-EAP WPA-PSK-SHA256 WPA-EAP-SHA256
wpa_pairwise=TKIP
rsn_pairwise=CCMP
macaddr_acl=0
ignore_broadcast_ssid=0
eap_reauth_period=360000000
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
/etc/network/interfaces
Code:
source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

allow-hotplug eth0
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
gateway 192.168.1.100

allow-hotplug eth1
iface eth1 inet dhcp

auto wlan0
iface wlan0 inet static
hostapd /etc/hostapd/hostapd.conf
address 192.168.1.101
netmask 255.255.255.0
gateway 192.168.1.100

auto br0
iface br0 inet static
bridge_ports wlan0 eth0
address 192.168.1.102
netmask 255.255.255.0
gateway 192.168.1.100
up /sbin/ifconfig br0 up 
post-up /bin/sleep 10; /usr/sbin/hostapd -B /etc/hostapd/hostapd.conf 
pre-down /usr/bin/killall hostapd
down /sbin/ifconfig br0 down
tail /etc/sysctl.conf (IPv6 is disabled and IPv4 forwarding enabled)
Code:
net.ipv4.ip_forward=1
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1
net.ipv6.conf.wlan0.disable_ipv6 = 1
/etc/network/balance.conf (Net-isp-balance configuration)
Code:
LAN1	eth0	lan	173.194.43.95
LAN2	wlan0	lan	173.194.43.95
LAN3	br0	lan	173.194.43.95
ISP1	eth1	isp	173.194.43.95	1
ISP2	ppp0	isp	173.194.43.95	2
ISP3	ppp1	isp	173.194.43.95	1
ISP4	ppp2	isp	173.194.43.95	1
iw list
Code:
Wiphy phy0
	max # scan SSIDs: 20
	max scan IEs length: 393 bytes
	Retry short limit: 7
	Retry long limit: 4
	Coverage class: 0 (up to 0m)
	Device supports RSN-IBSS.
	Device supports AP-side u-APSD.
	Supported Ciphers:
		* CCMP (00-0f-ac:4)
		* TKIP (00-0f-ac:2)
		* WEP40 (00-0f-ac:1)
		* WEP104 (00-0f-ac:5)
		* CMAC (00-0f-ac:6)
		* WPI-SMS4 (00-14-72:1)
	Available Antennas: TX 0 RX 0
	Supported interface modes:
		 * IBSS
		 * managed
		 * AP
		 * AP/VLAN
		 * monitor
		 * P2P-client
		 * P2P-GO
		 * P2P-device
	Band 1:
		Capabilities: 0x11e2
			HT20/HT40
			Static SM Power Save
			RX HT20 SGI
			RX HT40 SGI
			TX STBC
			RX STBC 1-stream
			Max AMSDU length: 3839 bytes
			DSSS/CCK HT40
		Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
		Minimum RX AMPDU time spacing: 4 usec (0x05)
		HT TX/RX MCS rate indexes supported: 0-15, 32
		Bitrates (non-HT):
			* 1.0 Mbps
			* 2.0 Mbps (short preamble supported)
			* 5.5 Mbps (short preamble supported)
			* 11.0 Mbps (short preamble supported)
			* 6.0 Mbps
			* 9.0 Mbps
			* 12.0 Mbps
			* 18.0 Mbps
			* 24.0 Mbps
			* 36.0 Mbps
			* 48.0 Mbps
			* 54.0 Mbps
		Frequencies:
			* 2412 MHz [1] (20.0 dBm)
			* 2417 MHz [2] (20.0 dBm)
			* 2422 MHz [3] (20.0 dBm)
			* 2427 MHz [4] (20.0 dBm)
			* 2432 MHz [5] (20.0 dBm)
			* 2437 MHz [6] (20.0 dBm)
			* 2442 MHz [7] (20.0 dBm)
			* 2447 MHz [8] (20.0 dBm)
			* 2452 MHz [9] (20.0 dBm)
			* 2457 MHz [10] (20.0 dBm)
			* 2462 MHz [11] (20.0 dBm)
			* 2467 MHz [12] (20.0 dBm) (no IR)
			* 2472 MHz [13] (20.0 dBm) (no IR)
	Band 2:
		Capabilities: 0x11e2
			HT20/HT40
			Static SM Power Save
			RX HT20 SGI
			RX HT40 SGI
			TX STBC
			RX STBC 1-stream
			Max AMSDU length: 3839 bytes
			DSSS/CCK HT40
		Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
		Minimum RX AMPDU time spacing: 4 usec (0x05)
		HT TX/RX MCS rate indexes supported: 0-15, 32
		VHT Capabilities (0x038071a0):
			Max MPDU length: 3895
			Supported Channel Width: neither 160 nor 80+80
			short GI (80 MHz)
			TX STBC
			SU Beamformee
		VHT RX MCS set:
			1 streams: MCS 0-9
			2 streams: MCS 0-9
			3 streams: not supported
			4 streams: not supported
			5 streams: not supported
			6 streams: not supported
			7 streams: not supported
			8 streams: not supported
		VHT RX highest supported: 0 Mbps
		VHT TX MCS set:
			1 streams: MCS 0-9
			2 streams: MCS 0-9
			3 streams: not supported
			4 streams: not supported
			5 streams: not supported
			6 streams: not supported
			7 streams: not supported
			8 streams: not supported
		VHT TX highest supported: 0 Mbps
		Bitrates (non-HT):
			* 6.0 Mbps
			* 9.0 Mbps
			* 12.0 Mbps
			* 18.0 Mbps
			* 24.0 Mbps
			* 36.0 Mbps
			* 48.0 Mbps
			* 54.0 Mbps
		Frequencies:
			* 5180 MHz [36] (20.0 dBm) (no IR)
			* 5200 MHz [40] (20.0 dBm) (no IR)
			* 5220 MHz [44] (20.0 dBm) (no IR)
			* 5240 MHz [48] (20.0 dBm) (no IR)
			* 5260 MHz [52] (20.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 213914 sec)
			  DFS CAC time: 60000 ms
			* 5280 MHz [56] (20.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 213914 sec)
			  DFS CAC time: 60000 ms
			* 5300 MHz [60] (20.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 213914 sec)
			  DFS CAC time: 60000 ms
			* 5320 MHz [64] (20.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 213914 sec)
			  DFS CAC time: 60000 ms
			* 5500 MHz [100] (22.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 213914 sec)
			  DFS CAC time: 60000 ms
			* 5520 MHz [104] (22.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 213914 sec)
			  DFS CAC time: 60000 ms
			* 5540 MHz [108] (22.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 213914 sec)
			  DFS CAC time: 60000 ms
			* 5560 MHz [112] (22.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 213914 sec)
			  DFS CAC time: 60000 ms
			* 5580 MHz [116] (22.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 213914 sec)
			  DFS CAC time: 60000 ms
			* 5600 MHz [120] (22.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 213914 sec)
			  DFS CAC time: 60000 ms
			* 5620 MHz [124] (22.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 213914 sec)
			  DFS CAC time: 60000 ms
			* 5640 MHz [128] (22.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 213914 sec)
			  DFS CAC time: 60000 ms
			* 5660 MHz [132] (22.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 213914 sec)
			  DFS CAC time: 60000 ms
			* 5680 MHz [136] (22.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 213914 sec)
			  DFS CAC time: 60000 ms
			* 5700 MHz [140] (22.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 213914 sec)
			  DFS CAC time: 60000 ms
			* 5720 MHz [144] (disabled)
			* 5745 MHz [149] (disabled)
			* 5765 MHz [153] (disabled)
			* 5785 MHz [157] (disabled)
			* 5805 MHz [161] (disabled)
			* 5825 MHz [165] (disabled)
	Supported commands:
		 * new_interface
		 * set_interface
		 * new_key
		 * start_ap
		 * new_station
		 * new_mpath
		 * set_mesh_config
		 * set_bss
		 * authenticate
		 * associate
		 * deauthenticate
		 * disassociate
		 * join_ibss
		 * join_mesh
		 * remain_on_channel
		 * set_tx_bitrate_mask
		 * frame
		 * frame_wait_cancel
		 * set_wiphy_netns
		 * set_channel
		 * set_wds_peer
		 * start_sched_scan
		 * probe_client
		 * set_noack_map
		 * register_beacons
		 * start_p2p_device
		 * set_mcast_rate
		 * Unknown command (104)
		 * connect
		 * disconnect
	Supported TX frame types:
		 * IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
	Supported RX frame types:
		 * IBSS: 0x40 0xb0 0xc0 0xd0
		 * managed: 0x40 0xd0
		 * AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
		 * AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
		 * mesh point: 0xb0 0xc0 0xd0
		 * P2P-client: 0x40 0xd0
		 * P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
		 * P2P-device: 0x40 0xd0
	WoWLAN support:
		 * wake up on disconnect
		 * wake up on magic packet
		 * wake up on pattern match, up to 20 patterns of 16-128 bytes,
		   maximum packet offset 0 bytes
		 * can do GTK rekeying
		 * wake up on GTK rekey failure
		 * wake up on EAP identity request
		 * wake up on 4-way handshake
		 * wake up on rfkill release
		 * wake up on TCP connection
	software interface modes (can always be added):
		 * AP/VLAN
		 * monitor
	valid interface combinations:
		 * #{ managed } <= 1, #{ AP, P2P-client, P2P-GO } <= 1, #{ P2P-device } <= 1,
		   total <= 3, #channels <= 1
	HT Capability overrides:
		 * MCS: ff ff ff ff ff ff ff ff ff ff
		 * maximum A-MSDU length
		 * supported channel width
		 * short GI for 40 MHz
		 * max A-MPDU length exponent
		 * min MPDU start spacing
	Device supports TX status socket option.
	Device supports HT-IBSS.
	Device supports SAE with AUTHENTICATE command
	Device supports scan flush.
	Device supports per-vif TX power setting
	P2P GO supports CT window setting
	P2P GO supports opportunistic powersave setting
	Driver supports a userspace MPM
Something interesting from /var/log/syslog (PC trying to connect to wireless)
Code:
Dec 13 00:27:56 lb hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Dec 13 00:27:56 lb hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
Dec 13 00:28:03 lb hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Dec 13 00:28:03 lb hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
Dec 13 00:28:12 lb hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to local deauth request
Dec 13 00:28:15 lb hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Dec 13 00:28:15 lb hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
Dec 13 00:28:24 lb hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to local deauth request
The iptables ruleset is very, VERY long, so I don't think I can include it here. Here are the commands to get the D-Link DWM-221 LTE USB modem working under Linux, by the way (in case anyone needs them):
Code:
usb_modeswitch -v 2001 -p a401 -W -n -M 555342435b000000000000000001061e000000000000000000000000000000 -2 555342435c000000000000000001061b000000010000000000000000000000 -3 555342435d000000000000000001061b000000020000000000000000000000

modprobe usbserial vendor=0x2001 product=0x7e19
After issuing these commands, the first two modems are found (on my system) as /dev/ttyUSB1 and /dev/ttyUSB6.

Last edited by make; 12-18-2015 at 12:08 AM. Reason: Added configuration file changes that fixed the first issue
 
Old 12-16-2015, 02:41 PM   #2
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,850

Rep: Reputation: 161Reputation: 161
Do you try following configuration in interfaces file?
Quote:
auto br0
iface br0 inet dhcp
bridge_ports wlan0 eth2
up \
/sbin/iwconfig wlan0 essid trekweb && \
/sbin/iwconfig wlan0 channel 4 && \
/sbin/iwconfig wlan0 mode Master
 
Old 12-18-2015, 12:06 AM   #3
make
Member
 
Registered: Apr 2004
Distribution: Mandriva, Ubuntu, openSuSE, FreeBSD, OpenSolaris, PC-BSD
Posts: 195

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by nini09 View Post
Do you try following configuration in interfaces file?
Thanks for the settings example, I realised my bridge_ports setting needed to be changed to "bridge_ports wlan0 eth0", instead of "bridge_ports eth0 wlan0". Now I can connect to the wireless with the WPA key (and get the IP information from DHCP) but traffic still doesn't flow between the two interfaces. I can't even ping the local network computers.

So one problem down, one to go. Is this perhaps an iptables issue?
 
Old 12-21-2015, 03:12 PM   #4
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,850

Rep: Reputation: 161Reputation: 161
It should be etable, like following.
ebtables -t nat -A POSTROUTING -o wla0 -j snat --to-src 00:30:65:1f:3b:c0 --snat-arp --snat-target ACCEPT

ebtables -t nat -A PREROUTING -p IPv4 -i wlan0 --ip-dst 192.168.1.50 -j dnat --to-dst 00:22:15:74:cc:7d --dnat-target ACCEPT

ebtables -t nat -A PREROUTING -p ARP -i wlan0 --arp-ip-dst 192.168.1.50 -j dnat --to-dst 00:22:15:74:cc:7d --dnat-target ACCEPT
 
Old 01-11-2016, 12:33 AM   #5
make
Member
 
Registered: Apr 2004
Distribution: Mandriva, Ubuntu, openSuSE, FreeBSD, OpenSolaris, PC-BSD
Posts: 195

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by nini09 View Post
It should be etable, like following.
Unfortunately this didn't work...

Code:
iptables v1.4.21: unknown option "--to-src"
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.21: unknown option "--ip-dst"
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.21: unknown protocol "arp" specified
Try `iptables -h' or 'iptables --help' for more information.
 
Old 01-11-2016, 02:15 PM   #6
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,850

Rep: Reputation: 161Reputation: 161
It isn't iptable, is ebtable.
 
Old 01-22-2016, 06:14 AM   #7
FalloutBoy
LQ Newbie
 
Registered: Jan 2016
Posts: 25

Rep: Reputation: Disabled
I am going to ask what might be perceived as a slightly dumb question but is this valid?

iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
gateway 192.168.1.100

The reason I ask is that from what knowledge I do have a gateway is where you send traffic which doesn't match anything else on a given subnet - if I read this correctly this machine will overload itself with traffic in the event that an IP Address is not recognized, I would have thought that the IP address would be one digit different or that the gateway simply would not be present.
 
Old 01-26-2016, 10:50 AM   #8
make
Member
 
Registered: Apr 2004
Distribution: Mandriva, Ubuntu, openSuSE, FreeBSD, OpenSolaris, PC-BSD
Posts: 195

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by FalloutBoy View Post
is this valid?

iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
gateway 192.168.1.100
Thanks for the tip! I removed this gateway line and the router seems to run fine without it. So if you're correct, it's better to not have it there.

About ebtables and the WiFi access point... hostapd has again stopped accepting the (correct) password, so I can't connect the network or test if the tip from nini09 helped. Hostapd seems like a weird piece of software. Even if I don't change its settings, one day it accepts the password, the next day it won't. I guess I have to give up on setting the PC as a WiFi access point.
 
Old 01-26-2016, 02:36 PM   #9
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,850

Rep: Reputation: 161Reputation: 161
Gateway's IP address should be IP address of peer device. For example, if there are two side on your machine, one side connect to internal and another side connect to internet. Gateway IP address should be ISP IP address.
 
Old 01-27-2016, 11:08 AM   #10
make
Member
 
Registered: Apr 2004
Distribution: Mandriva, Ubuntu, openSuSE, FreeBSD, OpenSolaris, PC-BSD
Posts: 195

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by nini09 View Post
Gateway's IP address should be IP address of peer device. For example, if there are two side on your machine, one side connect to internal and another side connect to internet. Gateway IP address should be ISP IP address.
That's true. However, the PC would seem to get it automatically in any case, even though there are 4 internet connections and ISP's (and it still uses all of them like a load balancer should). So the gateway definition for eth0 in /etc/network/interfaces is not needed, not even with a fixed IP, it seems.
 
Old 01-27-2016, 02:41 PM   #11
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,850

Rep: Reputation: 161Reputation: 161
The issue I see is that gateway of any interface shouldn't be equal to interface IP address.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
hostapd doesn't work with rtl8192cu module robertjinx Linux - Server 0 11-22-2014 11:50 PM
how to forward wlan0 to eth0? patcito Linux - Networking 2 07-03-2009 05:26 AM
pc doesn't accept keyboard kpachopoulos General 2 08-29-2005 03:20 PM
wlan0 doesn't work without eth0? linuxhippy Fedora 8 07-26-2005 07:43 PM
su doesn't accept my password CGameProgrammer Linux - General 7 10-13-2004 12:07 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration