[SOLVED] Wireless point of access questions

[NP_complete]

Folks,

I've got a "DLink DWA-552 Xtreme N Desktop Adapter" card (AR5008, ath9k), which I've been struggling to use as an access point on my home-made Gentoo router. I also am interested in WLAN/iWLAN "bridging". Can someone please confirm or refute the following:

1. Is it true that I MUST load ath9k as a module and can NOT build it into kernel? (I would rather disable the loadable mod support for security reasons). Any other modules that MUST be made loadable?
2. Do I need "dhcp" and "bind" OR can get away with dnsmasq, as per the "Gentoo Home Router" docs?
3. My hostapd is of v. 0.6.9, and my gentoo-sources are of v. 2.6.36-r5. Am I required to use a 0.7.* version of hostapd?
4. According to these two sources, forums.gentoo.org/viewtopic-t-861254.html?sid=cac1277b8a65bab8ad59deac6534aea3 and en.gentoo-wiki.com/wiki/Atheros_Ath5k_Wireless_Access_Point, a patch has to be applied: www.spinics.net/lists/linux-wireless/msg52239.html

Is this indeed necessary?


Many thanks.

[mbar]

I think I have exactly the same wifi card.

1. The module way is a better way in this case. I had only troubles getting this to work when ath9k was built into kernel.
2. dnsmasq should suffice.
4. I don't have any patches.
3. see below.

[NP_complete]

mbar,

Thanks for replying. As a follow up, 'iwconfig' produces this:

$ iwconfig
lo no wireless extensions.
eth0 no wireless extensions.
eth1 no wireless extensions.
sit0 no wireless extensions.
wlan0 IEEE 802.11bgn ESSID:off/any
Mode:Managed Access Point: Not-Associated Tx-Power=0 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off

What stands out to me is
1. Access Point: Not-Associated
2. Tx-Power=0 dBm (ZERO dBm!)

Would this somehow indicate a defect in the card?

Many thanks.

[mbar]

Wrong config I think. Post your config files

[cwr]

I certainly had to build the driver as a module to get the right regulatory domain; I also had to
configure the driver in ad-hoc mode - it wouldn't go into master mode until hostapd was
running. I just used the default kernel drivers, with no additional patches.

I think the breakpoint for hostapd 0.7 is kernel 2.6.33 - anything earlier than that
can run hostapd 0.6. However, I ran 0.6 with a 2.6.34 kernel and it worked.

The problem seems to be that you have no mon.wlan0, which looks as if hostapd isn't
really happy. I'd check the configuration.

Will

[NP_complete]

Guys, mbar and cwr,

After some deadly struggle , I can now see my wireless access point from an outside
computer. 'iwconfig' shows something very similar to what mbar posted, the mode is set
to "master" for wlan0, and this other thing called mon.wlan0 is present. That's a good
news.

The problem is: the AP is unreachable, and even my wired LAN broke down. The network
applet on my GNOME desktop spins for a while and then shows "no connection",
wireless or wired. This is despite the fact that everything (hostapd, eth0, eth1, net.wlan0, net.br0,
dnsmasq) comes up cleanly without errors.

/etc/conf.d/net:

config_eth1=( "dhcp" ) # WAN
config_eth0=( "null" ) # LAN
bridge_br0=( "eth0" )
config_br0=( "192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255" )
config_wlan0=( "null" ) # WLAN
modules_wlan0=( "!iwconfig" "!wpa_supplicant" )
mode_wlan0="master"

/etc/hostapd/hostapd.conf:

interface=wlan0
bridge=br0
driver=nl80211
ssid=test4
hw_mode=g
channel=1
debug=0
ieee80211n=1
country_code=US
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0

/etc/conf.d/hostapd:

INTERFACES="wlan0"
CONFIGS="/etc/hostapd/hostapd.conf"
OPTIONS=""

/etc/dnsmasq.conf:

domain-needed
bogus-priv
expand-hosts
dhcp-range=192.168.0.100,192.168.0.250,72h
interface=br0

I don't know what to think - could the problem be due to the
use of gentoo-sources rather than "vanilla"? I'm using
gentoo-sources-2.6.36-gentoo-r5.

Thanks much!

[NP_complete]

Ok. Since no one has responded, it's wild guessing time for me.

1. Anyone was able to get the WLAN working with dnsmasq as their
DNS *and* DHCP server (i.e. without dhcpd and bind)? If so, can you
post the config for dnsmasq?

2. I've noticed that dnsmasq comes up earlier in the boot sequence
than br0 and hostapd. What would be the best way to make dnsmasq
start after these two? I wonder if the out-of-order booting sequence
causes the trouble.

[cwr]

The complete breakdown of networking sounds like a routing problem; what does route -n say?

I debugged my wireless network originally by running kismet on the non-AP machine, to make
sure that the AP was putting out the correct signals. Then I disabled encryption (I was running
WEP) and got that correct, and then finally I added encryption - a slow process, but it's been
pretty solid since then.

Will

[NP_complete]

Will,

Disabling the iptables-based firewall yielded something interesting. Now I can ssh to the router the old way, as well as wirelessly, so I'm pretty excited. The main problem remains. I still can't access the Internet *except* from the router itself.

Ping used to fail with "unknown host", but now it hangs forever while producing no output. Interrupting it with Ctrl-C results in the "100% packet loss" message. The firewall configuration I am using is:

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
REJECT udp -- anywhere anywhere udp dpt:bootps reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:domain reject-with icmp-port-unreachable
ACCEPT udp -- anywhere anywhere udp spt:ntp dpt:ntp
DROP tcp -- anywhere anywhere tcp dpts:0:1023
DROP udp -- anywhere anywhere udp dpts:0:1023
ACCEPT all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere 192.168.0.0/16
ACCEPT all -- 192.168.0.0/16 anywhere
ACCEPT all -- anywhere 192.168.0.0/16
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Does anything stand out to you as being odd in here?

Also, you asked what the output from route -n was:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
24.193.0.0 0.0.0.0 255.255.252.0 U 203 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 24.193.0.1 0.0.0.0 UG 203 0 0 eth1

eth1 represents the cable modem. Unless you say differently, this looks healthy to me. In fact, this is nearly identical to my existing set up, the only exception being "br0" which becomes eth0.

Any thoughts?

[s0be]

Info and advice:

First, the reason master mode doesn't work without hostapd is that mac80211/nl80211/cfg80211 has NO built in AP mode support. You can do: iw phy phy0 interface add ap0 type __ap if you really want to test creating an ap interface, but it will not work.

Next, try following the nice documentation I've helped write at:

http://wireless.kernel.org/en/users/Documentation/hostapd

Don't worry about bridging at first. The logical progression should be:

1. no security, not bridged, static client IP (to keep it from failing to associate due to dhcp)
2. security, not bridged, static client IP (this tests client/ap security engotiation)
3. no security, bridged, static client IP (to verify bridged routing is working, and it doesn't interfere with association)
4. security, bridged, static client IP (This just verifies everything can work together)

If you make it to step 4, you should be able to turn on dnsmasq as your dhcp/dns server listening on br0.
I run this with:

AR5008 (ar5416)
AR9100 (on openwrt)
AR5414 (ath5k on openwrt)
AR9280 (ath9k on openwrt)

and a few more broadcom (b43), ralink (rt61), and realtek (rt2500usb) devices. If dhcp is failing, it is likely one of the other layers that's causing the trouble.

[s0be]

[NP_complete]

The moment of glory has arrived! My (non-secured, for now) wireless LAN works, and so does the wired one. Haven't done much testing around it yet. If something does go wrong, I guess, I will make a new thread or re-open the current one, but for now let's consider this solved. This actually was my second attempt. I tried to get all this done about a year ago, but found it too daunting, at the time. Anyhow, I tweaked my iptables-based firewall settings using as a starting point the rules listed here (scroll down). Changing export LAN=eth0 to export LAN=br0 did the trick. Thanks to everyone for help. Special thanks to Will & mbar.