Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Issues adding a WAP to a gentoo-based home router
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
tsftd
n00b
n00b


Joined: 21 May 2011
Posts: 20
Location: Here

PostPosted: Sat May 21, 2011 6:45 pm    Post subject: Issues adding a WAP to a gentoo-based home router Reply with quote

Step 1: Set up home router as per http://www.gentoo.org/doc/en/home-router-howto.xml -- everything working, wireless provided by a linksys wireless router with dhcp/dns turned off.
Step 2: Bought and added a Ath5k-based PCIE card. Drivers working perfectly, and master mode usable.
Step 3: Added WAP as per http://en.gentoo-wiki.com/wiki/Atheros_Ath5k_Wireless_Access_Point using bridging option.

After step 1/2, everything worked perfectly. Upon adding step 3, here's what has happened:

1) NAT (internet sharing) works fine.
2) WAP works fine (linksys router WAP is disabled, using gentoo server's WAP). Please note that the WAP is intentionally unsecured (it will be using a MAC whitelist, but that's not implemented yet).
3) DHCP works fine.
4) DNS works only on gentoo server (DNS does NOT work for any other machines on the network)
5) Linksys router setup page is accessible via wireless (going from laptop -> gentoo server via wireless -> linksys router) at assigned IP (192.168.1.3)
6) Services on Gentoo server are not accessible via wireless or wired (this includes SSH and pages hosted by lighttpd)

I can revert the settings back to cutting out the WAP from the network (ie, primarily simply removing the bridge and going back to eth0-eth1 only), and everything works fine. I therefore think that it's the bridge that is screwing things up. I have tried setting /etc/dnsmasq.conf to INTERFACE=eth1/wlan0/br0, except-INTERFACE=eth0, and listen-address=192.168.1.1, and none worked. Please note that, contrary to the guides, I have set things up as follows:
eth0=wan
eth1=lan (192.168.1.1)

Since both guides list several options, please note that I am using dnsmasq for DNS and dhcp/dhcpd (NOT dhcpcd) for DHCP, as well as iptables, hostapd, and bridgeutils. I am using the in-kernel Ath5k driver, not any external packages like madwifi.

I tried my luck in IRC, but nobody could help. Please advise if you need additional info, and I can come into IRC to work through this in realtime if you prefer that over forums.
Back to top
View user's profile Send private message
dE_logics
Advocate
Advocate


Joined: 02 Jan 2009
Posts: 2253
Location: $TERM

PostPosted: Sun May 22, 2011 12:28 pm    Post subject: Reply with quote

First question -- what's your setup?

How come you require a wireless router + a PCIe card that too in master mode?

First we need to know what you wanna do.
_________________
My blog
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 46296
Location: 56N 3W

PostPosted: Sun May 22, 2011 12:38 pm    Post subject: Reply with quote

tsftd,

tsftd wrote:
... a MAC whitelist ...


Thats not a form of security. The MAC address of any wireless device trying to connect is broadcast in the clear when the system authenticates. Its trivial to capture MAC address and spoof them. Indeed, linux has an option to set the MAC address you would like on an interface.

There are lots of other wireless security myths too.

As dE_logics says, tell us what you want to achieve rather than what you have done. Its just possible that the reply will be along the lines of "if I was going where you are going, I wouldn't start from where you are now".
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
cwr
Veteran
Veteran


Joined: 17 Dec 2005
Posts: 1969

PostPosted: Sun May 22, 2011 1:30 pm    Post subject: Reply with quote

At a guess it's some sort of DNS confusion; try checking your routing
paths, and post them here if the answer still isn't clear.

Will
Back to top
View user's profile Send private message
tsftd
n00b
n00b


Joined: 21 May 2011
Posts: 20
Location: Here

PostPosted: Sun May 22, 2011 10:05 pm    Post subject: Reply with quote

ok, shortest answer first:

CWR -- how would I do this? do you mean run a traceroute? or is there a more in-depth way of checking the routing paths? as detailed below, the wired should go PC-> router -> (Server NIC 2 -> Bridge -> Server NIC 1) -> Cable Modem, and the wireless should go PC-> (Server WNIC -> Bridge -> Server NIC 1) -> Cable Modem, or at least that's how I think it works. I've not worked with bridging much before (and at all in nix).

i know mac listing isn't 100% secure -- but lets be honest, this is for an upscale neighborhood, replacing a router with 0 security (and none of the other routers in the area are secured either) -- so maclisting and a nonbroadcasting ssid is good enough for me. the only reason i mentioned it was to make it clear that security on the wlan *wasn't* the issue -- if I want to, after i get the darn thing working in the first place, i can go back and implement security.

as for what I'm trying to accomplish: a gentoo-based router with integrated WAP. instead of trying to do everything at once, I did it in stages (i'm not a nix nub, but neither am I an expert, and I haven't fooled around with most of this stuff before). I got the wired network set up fine, running dns+dhcp+nat through the server (it's used as a samba-ftp-bittorrent-webhost-etc server as well as a router, so i'll refer to it as the server). I was *at the time* running the wireless thru the wireless router that the server is replacing (as wireless is step 2).

I then dropped in the wnic, got it running, and attempted to get everything working. As stated before, the WAP works, and the NAT+dhcp works for everything, but the DNS does not work on any machine but the server, and something is causing the server's services (ftp, ssh, http, samba) to not be viewable from the lan.

here is the approximate network setup:

Cable Modem (internet) <-> Server NIC 1
Server NIC 2 + Server WNIC -> Bridge
Server NIC 2 (bridged, remember) <-> (old) Wireless Router (with wireless turned off) <-> wired PC's
Server WNIC (also bridged, remember) <-> wireless PC's

So, for the wired PC's, it goes PC-> router -> Server -> Cable Modem
and for wireless, PC -> Server -> Cable Modem

Why am I using the router? Well, we have 4 wired PC's, and the server only has 2 NIC's, so... basically, think of it as a hub (as DHCP, DNS, and Wireless are all turned off on it). yes, i can do some fancy exotic things, like swapping in an actual hub and using it as a wireless bridge for the wifi -- but that's a whole nother topic. The point is, i don't want to be using the wireless router -- mainly because it does not support external antennae, and I have three high-gain wok-fi'd antennae that are plugged into the WNIC. it's a big house.

If you still need any more details, please ask for them specifically as I don't know what you want. Please note that I am currently running the stage 1 setup (wireless through the router, bridge/server WAP disabled), as I can't really use the network in the full setup until these issues are fixed.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum