Arch Linux

t0mm13b

Member

Registered: 2011-08-11

Posts: 10

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

Using the arno-ip-tables firewall script seems to conflict with the usage of running the script.

My broadband is via 3G Mobile and

sudo ./create_ap wlan0 ppp0 ssid ssid_password

works for about 5 minutes then all connectivity on the devices (phone and tablet) dies.

Any ideas on what that could be?

Edit

Upon further investigation, disabling the firewall seems to have done the trick,

sudo systemctl stop arno-iptables-firewall.service

.

This is the barebones iptables rules without arno-ip-tables firewall

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             192.168.12.0/24     
ACCEPT     all  --  192.168.12.0/24      anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination   

Solution
Load up

/etc/arno-iptables-firewall/firewall.conf

in your editor of your preference and change the following, look for DEFAULT_POLICY_DROP that is set to 1 by default, change that to 0 and restart the firewall, the connection is more reliable.

# (EXPERT SETTING!) You can choose the default policy for the INPUT & FORWARD
# chain here (1=DROP, 0=ACCEPT). The default policy is DROP. This means that
# when there are no rule(s) available (yet), the packet will be DROPPED. In
# practice this rule only does something while the firewall is starting. Once
# it's started and all rules are in place, the default policy doesn't do
# anything anymore. People that use eg. NFS and let their clients boot from NFS
# (diskless client systems) probably want to disable this option to fix
# "NFS server not responding" etc. errors on their clients.
# -----------------------------------------------------------------------------
DEFAULT_POLICY_DROP=0

With the change in place, the output from

sudo iptables -L

yields this, rest of rules omitted for brevity

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
BASE_INPUT_CHAIN  all  --  anywhere             anywhere            
INPUT_CHAIN  all  --  anywhere             anywhere            
HOST_BLOCK_SRC  all  --  anywhere             anywhere            
SPOOF_CHK  all  --  anywhere             anywhere            
VALID_CHK  all  --  anywhere             anywhere            
EXT_INPUT_CHAIN !icmp --  anywhere             anywhere             state NEW
EXT_INPUT_CHAIN  icmp --  anywhere             anywhere             state NEW limit: avg 60/sec burst 100
EXT_ICMP_FLOOD_CHAIN  icmp --  anywhere             anywhere             state NEW
INT_INPUT_CHAIN  all  --  anywhere             anywhere            
INT_INPUT_CHAIN  all  --  anywhere             anywhere            
POST_INPUT_CHAIN  all  --  anywhere             anywhere            
LOG        all  --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "AIF:Dropped INPUT packet: "
DROP       all  --  anywhere             anywhere 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             192.168.12.0/24     
ACCEPT     all  --  192.168.12.0/24      anywhere            
BASE_FORWARD_CHAIN  all  --  anywhere             anywhere            
TCPMSS     tcp  --  anywhere             anywhere             tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
FORWARD_CHAIN  all  --  anywhere             anywhere            
HOST_BLOCK_SRC  all  --  anywhere             anywhere            
HOST_BLOCK_DST  all  --  anywhere             anywhere            
EXT_FORWARD_IN_CHAIN  all  --  anywhere             anywhere            
EXT_FORWARD_OUT_CHAIN  all  --  anywhere             anywhere            
INT_FORWARD_IN_CHAIN  all  --  anywhere             anywhere            
INT_FORWARD_OUT_CHAIN  all  --  anywhere             anywhere            
INT_FORWARD_IN_CHAIN  all  --  anywhere             anywhere            
INT_FORWARD_OUT_CHAIN  all  --  anywhere             anywhere            
SPOOF_CHK  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
LAN_INET_FORWARD_CHAIN  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
LAN_INET_FORWARD_CHAIN  all  --  anywhere             anywhere            
POST_FORWARD_CHAIN  all  --  anywhere             anywhere            
LOG        all  --  anywhere             anywhere             limit: avg 1/min burst 3 LOG level info prefix "AIF:Dropped FORWARD packet: "
DROP       all  --  anywhere             anywhere

Happy wifi'ing from your script - thanks Oblique!

Last edited by t0mm13b (2014-02-26 11:11:25)

elav

Member

From: /var/www/archforum

Registered: 2011-12-24

Posts: 33

Website

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

Hello. I have a new laptop, in this case a Lenovo IdeaPad U510, and used for WiFi Intel Centrino Wireless-N 2230 (rev c4) device.

Running thecommand:

$ iw list
        Supported interface modes:
                 * IBSS
                 * managed
                 * AP
                 * AP/VLAN
                 * monitor

But when you run:

sudo ./create_ap wlp2s0 lo NAME PASS

I returned:

[elav@R2D2 create_ap-master]$ sudo ./create_ap wlp2s0 lo NAME PASS
Config dir: /tmp/create_ap.wlp2s0.conf.MVR9nvDs
Creating a virtual WiFi interface... wlp2s0ap created.
Network Manager config found, set wlp2s0ap as unmanaged device... DONE
RTNETLINK answers: Operation not possible due to RF-kill

ERROR: Maybe your WiFi adapter does not fully support virtual interfaces.
       Try again with --no-virt.


Doing cleanup...
iptables: No chain/target/match by that name.
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
[elav@R2D2 create_ap-master]$ 

I tried --no-virt but neither works

dispensable

Member

Registered: 2014-03-31

Posts: 1

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

Thanks a lot !
I'm using LMDE, and this script is also work on my laptop.

OBLiQUE

Member

Registered: 2008-12-04

Posts: 107

Website

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

@elav what error do you get with --no-virt?

---

my configs

alexsogge

Member

Registered: 2014-04-10

Posts: 1

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

Thanks a lot! It works very well.
But I have a problem with my pi. I can't connect to it via ssh. Could it be that the ports are closed? If so, how can I open Ports?

george.sterpu

Member

Registered: 2013-03-31

Posts: 8

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

Hello,
On my Windows Phone 8 device, some websites refuse to load when using a connection managed by the create_ap script.
I use this to launch create_ap:
sudo ./create_ap wlp4s0 ppp0 ssid pw
Anyone knows what might cause this problem ?

It seems to work well if I set up a proxy on my phone.

torrentdav

Member

Registered: 2014-04-24

Posts: 1

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

Hi, firstly thanks op for excellent script, exactly what I'm looking for. Unfortunately I'm hitting a problem and not sure how to resolve.

 create_ap wlan0 wlan0 MySSID MyPass 

returns:

 RTNETLINK answers: invalid argument. 

I know Linux/vi etc just not sure of wifi commands I can use to help debug root cause of the issue.

Setup is a raspberry pi and a signal king (3070) chipset panel antenna. Antenna support virtual adapters as I can get it working from a windows 7 laptop. Just looking for some guidance on how to debug from here.

Thanks
P.s. --no-virt doesn't help/can't be used as I need to share internet out from same adapter.

Last edited by torrentdav (2014-04-29 21:23:45)

Alister.Hood

Member

From: Auckland, New Zealand

Registered: 2011-12-09

Posts: 18

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

I notice that after I suspend and then wake up the host I get error messages like this when the clients try to connect:

handle_probe_req: send failed

Does anyone know the "correct" way to make it work after suspend?

Last edited by Alister.Hood (2014-04-25 23:28:17)

jonnybel

Member

Registered: 2011-11-21

Posts: 20

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

Hi, I'm trying to use this script in my Raspberry Pi but I can't get Internet connectivity.

My RPi is connected by Ethernet Lan with my Router and I'm using a RTL8188CU dongle to have WiFi in the RPi.
I use the command:

create_ap --no-virt --driver rtl871xdrv wlan0 eth0 MyAccessPoint MyPassPhrase

The Access Point is created and I can associate to it, but there is no Internet connectivity...
Are there any special instructions for my case?
I can post outputs if you tell me what you need...

EDIT: It actually is working now.
I was asking my friend to test the connectivity while I configured in my PC with SSH to the RPi, and he was using a Windows 7 system to connect, which wasn't working, but then he tried connecting in a Xubuntu system and it worked.

Any idea why a Windows system can't connect while a Linux can?...

Last edited by jonnybel (2014-07-09 01:59:41)

zqzhao5

Member

Registered: 2014-07-10

Posts: 2

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

I  got some problem when using this script.Without any password,it works great.But if with a password,I got this error: "WPA: wpa_sm_step() called recursively".And cannot connect to the AP.

mind_the_gap

Member

Registered: 2010-07-27

Posts: 14

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

I successfully use this script on my Raspberry Pi to create a WiFi router. Thank you so much for this tool!

However, I would like to extend this to also have DHCP and  internet sharing over an additional ethernet port and was wondering how I could manage to do this. My modem (cable internet) is attached to eth0 of the RasPi, my WiFi dongle is connected over USB (wlan0) and now I added another ethernet port (eth1) through the second USB port. Currently, I call create_ap like this:

create_ap -g 192.168.12.1 --no-virt wlan0 eth0 SSID PASSWORD

The create_ap script doesn't support what I want out of the box, does it? I understand that dnsmasq is able to serve multiple interfaces, but my attempts to alter the create_ap script failed so far. So is it required to set up an additional DHCP server and set addition routing rules for eth1 (like explained in the Internet sharing wiki page?

OBLiQUE

Member

Registered: 2008-12-04

Posts: 107

Website

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

EDIT: See this post

@mind_the_gap no create_ap doesn't support this and it's out of its scope.
you can try the following (I didn't try it, hope it will work):
1) get the last version from github (by the time i'm writing this, is at e37caff commit, so make sure to checkout there)
2) at line 457, add the following line:

iptables -I FORWARD -i eth1 -s ${GATEWAY%.*}.0/24 -j ACCEPT

3) at line 449, add the following lines:

ip link set down dev eth1
ip addr flush eth1
ip link set up dev eth1
ip addr add ${GATEWAY%.*}.2/24 broadcast ${GATEWAY%.*}.255 dev eth1

4) at line 433, add the following line:

interface=eth1

5) at lie 192, add the following lines:

ip link set down dev eth1
ip addr flush eth1

6) at line 177, add the following line:

iptables -D FORWARD -i eth1 -s ${GATEWAY%.*}.0/24 -j ACCEPT

Last edited by OBLiQUE (2014-09-21 10:42:39)

---

my configs

edumstpu

Member

Registered: 2013-03-05

Posts: 10

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

Hello, I have decided to post the issue 33 here as well.
After upgrading wpa_supplicant and network-manager-applet from the official repositories the following errors started occuring when I tried to start the service:

Aug 10 10:06:18 VivoBook dnsmasq[1610]: cleared cache
Aug 10 10:06:18 VivoBook bash[1546]: hostapd command-line interface: hostapd_cli -p /tmp/create_ap.wlp2s0.conf.uu...d_ctrl
Aug 10 10:06:18 VivoBook bash[1546]: Configuration file: /tmp/create_ap.wlp2s0.conf.uuIUe9iH/hostapd.conf
Aug 10 10:06:18 VivoBook bash[1546]: nl80211: Could not configure driver mode
Aug 10 10:06:18 VivoBook bash[1546]: nl80211 driver initialization failed.
Aug 10 10:06:18 VivoBook bash[1546]: hostapd_free_hapd_data: Interface wlp2s0ap wasn't started
Aug 10 10:06:18 VivoBook bash[1546]: ERROR: Failed to run hostapd, maybe a program is interfering.
Aug 10 10:06:18 VivoBook bash[1546]: Doing cleanup...
Aug 10 10:06:20 VivoBook systemd[1]: create_ap.service: main process exited, code

I also noticed that if I try to stop the wpa_supplicant service, I can start create_ap successfully, but sometimes the former gets reinitialized and breaks create_ap.

Another user reported that installing hostapd_legacy from AUR solved the problem. It seems like either a bug or a new feature interfering with hostapd. I have no clues on how to handle this.

TheSaint

Member

From: my computer

Registered: 2007-08-19

Posts: 1,523

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

Now you can create an AP from the same interface. Just do:

./create_ap wlan0 wlan0 MyAccessPoint MyPassPhrase

Also, now create_ap can set/unset automatically the "unmanaged device" for Network Manager.

I tried on two laptops. One on Arch with wicd and the other with Ubuntu 14.04 with NetworkManager. The hardware is apparently the same (Kernel modules: ath9k).
The Arch working flawlessly, but Ubuntu will fail because the interface is put down. I'm not much skilled to get to the point, maybe I'll try to change the NM with wicd and see.
Had any other tried to make a *.desktop file to point&click&run  for dummy?

EDIT
I suspect that the hardware are not exactly the same.  I tried to use only one device and I found that one laptop, which I have Arch and Ubuntu, failed to start even using wicd to connect, in Arch setup.

Last edited by TheSaint (2014-09-15 09:31:42)

---

do it good first, it will be faster than do it twice the saint

insomnia

Member

Registered: 2014-09-15

Posts: 6

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

Is there a way to add an additional wired interface to the same subnet as wireless?
Please see this topic here.

OBLiQUE

Member

Registered: 2008-12-04

Posts: 107

Website

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

@insomnia Yes there is a way, I just wrote a quick and dirty script to do it for you. I didn't actually tried the wired connection, but it should work. Adjust the script to your needs:

#!/bin/bash

INTERNET_IFACE=eno1
WIRED_IFACE=enp2s0
WIFI_IFACE=wlp3s0
BRIDGE_IFACE=br0
SUBNET=192.168.12

# create bridge
ip link set dev $WIRED_IFACE down
ip addr flush $WIRED_IFACE
brctl addbr $BRIDGE_IFACE
brctl setfd $BRIDGE_IFACE 0
brctl addif $BRIDGE_IFACE $WIRED_IFACE
ip link set dev $BRIDGE_IFACE up
ip link set dev $WIRED_IFACE up
ip addr add ${SUBNET}.1/24 broadcast ${SUBNET}.255 dev $BRIDGE_IFACE

# set iptables rules
iptables -I FORWARD -d ${SUBNET}.0/24 -i $INTERNET_IFACE -j ACCEPT
iptables -I FORWARD -s ${SUBNET}.0/24 -i $BRIDGE_IFACE -j ACCEPT
iptables -t nat -I POSTROUTING -o $INTERNET_IFACE -j MASQUERADE

# enable ipv4 routing
echo 1 > /proc/sys/net/ipv4/ip_forward

# run dnsmasq
dnsmasq --no-hosts --listen-address=${SUBNET}.1 --dhcp-range=${SUBNET}.1,${SUBNET}.254,255.255.255.0,24h --dhcp-option=option:router,${SUBNET}.1 -d &
DNSMASQ_PID=$!

# run create_ap for wireless AP
create_ap -m bridge $WIFI_IFACE $BRIDGE_IFACE MyAccessPoint MyPassPhrase

# clean up
kill -9 $DNSMASQ_PID
iptables -D FORWARD -d ${SUBNET}.0/24 -i $INTERNET_IFACE -j ACCEPT
iptables -D FORWARD -s ${SUBNET}.0/24 -i $BRIDGE_IFACE -j ACCEPT
iptables -t nat -D POSTROUTING -o $INTERNET_IFACE -j MASQUERADE
echo 0 > /proc/sys/net/ipv4/ip_forward
ip link set dev $BRIDGE_IFACE down
brctl delbr $BRIDGE_IFACE

PS: make sure that you have the latest version from AUR or github repository before you run it

Last edited by OBLiQUE (2014-09-23 14:38:12)

---

my configs

OBLiQUE

Member

Registered: 2008-12-04

Posts: 107

Website

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

@TheSaint create_ap has some problems in Ubuntu because Ubuntu use an old version of NetworkManager. create_ap works flawlessly with NetworkManager 0.9.10.0 (and above) and there is no way to fix all the issues for 0.9.8.8 (the version that Ubuntu use).

PS: Last week we fix an issue for Ubuntu, but not the one that you are referring to. You can try the last commit from github repo.

Last edited by OBLiQUE (2014-09-21 11:14:05)

---

my configs

TheSaint

Member

From: my computer

Registered: 2007-08-19

Posts: 1,523

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

I found the problem that was related to hardware, as it's searched in the script. In fact there are difference from the two laptops wifi cards, even they are stated to use the same module.

Now I'm back to another issue, the same computer with dual installation,  in Ubuntu works fine, but in Arch it complains about the nl80211 and it fails (maybe is a kernel firmware difference, how do I find it?). I'm not on that laptop, but I can state that Arch is up to date and it has Ubuntu 14.04 on another partition. Internal WiFi is connected to the internet and an USB WiFi dongle serves as AP. Both are seen by NM.

I also wrote a bash script for Ubuntu's clickers and a small desktop icon to click on it.
Maybe I should expand the script capabilities to collect the SSID and password, but I didn't plan to publish it and it's satisfactory for my daughter needs (she prefers Ubu).

Last edited by TheSaint (2014-09-22 04:33:33)

---

do it good first, it will be faster than do it twice the saint

OBLiQUE

Member

Registered: 2008-12-04

Posts: 107

Website

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

Please open an issue here: https://github.com/oblique/create_ap/issues and post the create_ap arguments that you use and the output.

Also post the output of the following commands:

iw list
iw dev
ip addr

PS: make sure that you have the lasted commit of create_ap in Arch.

---

my configs

insomnia

Member

Registered: 2014-09-15

Posts: 6

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

Thank you so much for your script!
Although it will get wireless up & running the bridge didnt work for enp2s0.
May I ask why did you use bridged mode and not NATed?

OBLiQUE

Member

Registered: 2008-12-04

Posts: 107

Website

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

My idea was to create a bridge interface and attach the ethernet interface to it, then create the NAT in the bridge interface and then with create_ap attach the WiFi in the bridge that I created before.
So, ethernet interface and WiFi interface will be bridged, use the same NAT and have the same IP.
I don't have an extra computer to test it, but I think in theory it should work.

BTW, do you use switch? Because if you don't, maybe you will need a crossover ethernet cable.

Last edited by OBLiQUE (2014-09-23 09:16:01)

---

my configs

insomnia

Member

Registered: 2014-09-15

Posts: 6

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

Yep, an unmanaged switch is between enp2s0 and an another computer. So it should be good, right?
Maybe i could troubleshoot with some network monitoring tools to see what went wrong?

OBLiQUE

Member

Registered: 2008-12-04

Posts: 107

Website

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

Yes it should be good. Unfortunately I don't have second computer to test it, I will see what can I do.
Ah, btw before you run the script make sure that there aren't any rules in iptables.

Last edited by OBLiQUE (2014-09-23 12:57:40)

---

my configs

OBLiQUE

Member

Registered: 2008-12-04

Posts: 107

Website

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

@insomnia I found the problem, now it must work, I updated the script above.
Try it and tell me if you still have a problem or not.

Last edited by OBLiQUE (2014-09-23 14:41:26)

---

my configs

insomnia

Member

Registered: 2014-09-15

Posts: 6

Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point

YES! It works now. Pretty cool stuff! Thank you!
So "brctl setfd $BRIDGE_IFACE 0" was missing.
Maybe in the future this can also be integrated to your create_ap script? It would be nice feature to have.