LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-11-2016, 06:23 PM   #1
rbees
Member
 
Registered: Mar 2004
Location: northern michigan usa
Distribution: Debian Squeeze, Whezzy, Jessie
Posts: 921

Rep: Reputation: 46
Set up AP without routing to internet


First Thanks to all unique people that provide help to others on this site. I would buy each of you a beer if that were possible. Since I can't I will have one for you. THANKS.

I am trying to set up an access point with NO access to the internet. There is another access point for that. I am using a Computer (Dell Optiplex 7020) for a specific reason, it has storage space and other capabilities that a plastic box AP can't.

Using these two sites I have a working setup.

Wifi AP setup

http://ubuntuhandbook.org/index.php/...cess-point-not

http://ubuntuhandbook.org/index.php/...04/-supported/

But I have not been able to find a way to stop it from providing internet access, which I don't want it to do. At least not in kde's network settings manager. This access point is specifically for employees to push job site related photos to so the project manager can place them with the correct job.

I may be able to stop the traffic from being routed by the plastic box but I have no idea how much capabilities it has. But I would prefer that it never left the AP I am building.

I can tell you that the desktop has to actually connect to the AP or it will not work at all.
 
Old 12-12-2016, 08:20 AM   #2
rtmistler
Moderator
 
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,874
Blog Entries: 13

Rep: Reputation: 4928Reputation: 4928Reputation: 4928Reputation: 4928Reputation: 4928Reputation: 4928Reputation: 4928Reputation: 4928Reputation: 4928Reputation: 4928Reputation: 4928
Perhaps you're doing something different than me, but when I don't wish to allow my devices attached to my WIFI to access the Internet, I do not plug the Internet into the Ethernet port on the AP. Otherwise, depending on the AP, there are different instructions as to how to allow or disallow routing between different networks.

I'd suggest you post you AP make, model, and firmware version, and describe the representative networks you have. Such as how this AP "sees" the Internet. Per my example, the only way my WIFI AP would see the Internet would be if I plugged in an Ethernet cable. However if this AP see the Internet over WIFI as well as provides AP services to other systems over the WIFI, then a network topology description would be helpful so that people can describe how to change your settings to block routing across the two (or more) networks.
 
Old 12-12-2016, 07:39 PM   #3
rbees
Member
 
Registered: Mar 2004
Location: northern michigan usa
Distribution: Debian Squeeze, Whezzy, Jessie
Posts: 921

Original Poster
Rep: Reputation: 46
Thanks rtmistler,

This is a computer configured to be an AP not a plastic box. The computer is running debian stable (8.6) with kde desktop. Kde because of kde-connect that allows android phones to connect in a similar way to bluetooth works so the employee can push job site related photos to this computer/server/AP. Kde-connect being simple for non-techy people to use, unlike ftp, scp or such.

Network topology; Cable modem, typical routers and switches for a small business with less than 30 employees, not sure how the wifi is supplied. The system I am building is an add-in that's only purpose is to provide a simpler faster method than bluetooth, tether or sd-card of getting job site photos off the phone into the related job documentation folder. When you get back from the job and you have 20 plus photos to upload all other methods are not piratical. Email and pushing to the cloud are no better.

This machine needs to be accessible on the local network yet the wifi ap that it provides does not need to supply internet access to the phones that connect to it to upload photos. There is an existing AP for that.

The links I provided show how to set up an AP on a laptop. It works ok on the desktop too but is providing that unwanted internet access. I was hoping someone knew how to hack the kde network manager to eliminate that access. I did not want to have to resort to setting it all up by hand if I didn't have to.

Iptables could work. I do have to set up local ddns on this host as that service is not available on the existing network. Or the kde-connect settings have to be changed every time a phone or the server gets a new ip.

Frankly I don't trust these employee's phones. They belong to the employee. Who knows what they use them for outside of work. So for security reasons they don't need to be able to get to the internet when connected to this server. They can use their data plan for that or connect to the regular wifi.
 
Old 12-12-2016, 08:32 PM   #4
c0wb0y
Member
 
Registered: Jan 2012
Location: Inside the oven
Distribution: Windows
Posts: 417

Rep: Reputation: 74
All you need is to disable the ipv4/6 forwading.

Code:
echo 'net.ipv4.conf.<your-AP-here>.forwarding = 0' >> /etc/sysctl.conf
echo 'net.ipv6.conf.<your-AP-here>.forwarding = 0' >> /etc/sysctl.conf
 
1 members found this post helpful.
Old 12-13-2016, 03:06 AM   #5
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,210
Blog Entries: 3

Rep: Reputation: 3703Reputation: 3703Reputation: 3703Reputation: 3703Reputation: 3703Reputation: 3703Reputation: 3703Reputation: 3703Reputation: 3703Reputation: 3703Reputation: 3703
That will make it take effect permanently, starting with the next reboot. For temporary but immediate changes use sysctl for the relevant interface.

Code:
sudo sysctl net.ipv4.conf.eth0.forwarding=0
sudo sysctl net.ipv6.conf.eth0.forwarding=0
That example would be for something attached to eth0. Obviously the permanent and immediate methods can be combined.
 
Old 12-13-2016, 07:57 PM   #6
rbees
Member
 
Registered: Mar 2004
Location: northern michigan usa
Distribution: Debian Squeeze, Whezzy, Jessie
Posts: 921

Original Poster
Rep: Reputation: 46
Thanks c0wb0y and Turbocapitalist, that is what I was looking for.

But that has revealed a different issue. Two different phones do the same thing. It seams that they are pinging some host on the internet, or perhaps like windows looking for a file and they drop the connection because they can't find it or ping it. Both phones are on Verizon, a Galaxy s4 and a Motorola Droid razor-m. I suspect other carriers and phones will do the same thing.

Any idea what they are looking for and how to provide it. Yes the settings in the phone can be changed to stop the behavior but asking other employees do disable those features is something I would rather avoid.


A second issue that has shown up is that the AP does not survive a reboot. Meaning that;
The usb-wifi adapter has to be removed
The AP setup deleted
The system rebooted
The usb-wifi adapter reinserted
Wifi turned on
The AP setup again
The AP connected again on the Desktop.
 
Old 12-13-2016, 09:52 PM   #7
c0wb0y
Member
 
Registered: Jan 2012
Location: Inside the oven
Distribution: Windows
Posts: 417

Rep: Reputation: 74
Quote:
But that has revealed a different issue. Two different phones do the same thing. It seams that they are pinging some host on the internet, or perhaps like windows looking for a file and they drop the connection because they can't find it or ping it. Both phones are on Verizon, a Galaxy s4 and a Motorola Droid razor-m. I suspect other carriers and phones will do the same thing.
Isn't it that's what the smartphones are notorious for, phoning home and snitching on you when given the chance ?

Based on your first post, I understand that you were able to setup an AP. Setup is pretty much the same.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to set a correct routing OpenVPN Frydolin Linux - Networking 2 07-25-2015 02:15 PM
how to set Routing and DNS for VLAN? paulus89 Linux - Networking 2 06-27-2014 12:58 PM
How to set up routing on BackTrack 5r3? aburmot Linux - Networking 1 04-17-2013 06:57 AM
LXer: Tutorial: What Exactly is the Internet? A Tour of Internet Routing and Peering LXer Syndicated Linux News 0 11-08-2008 04:20 PM
any tools help to set routing table? yenonn Linux - Networking 2 09-06-2003 08:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:51 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration