You are not logged in.
- Topics: Active | Unanswered
#126 2014-11-14 10:47:44
- razlo
- Member
- Registered: 2014-08-17
- Posts: 2
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
Thank you very much for the script. It saves me a lot of work. However, I have problems connecting to my AP.
I am using the following USB-Device, which supports AP mode:
Realtek Semiconductor Corp. RTL8192CU 802.11n WLAN AdapterI can successfully start my AP:
sudo ./create_ap wlp0s29u1u1 wlp3s0 DemoAP abcdefghij
WARN: Your adapter does not fully support AP virtual interface, enabling --no-virt
Config dir: /tmp/create_ap.wlp0s29u1u1.conf.PVoF49GQ
Sharing Internet using method: nat
hostapd command-line interface: hostapd_cli -p /tmp/create_ap.wlp0s29u1u1.conf.PVoF49GQ/hostapd_ctrl
Configuration file: /tmp/create_ap.wlp0s29u1u1.conf.PVoF49GQ/hostapd.conf
Using interface wlp0s29u1u1 with hwaddr 10:fe:ed:1a:45:11 and ssid "DemoAP"
wlp0s29u1u1: interface state UNINITIALIZED->ENABLED
wlp0s29u1u1: AP-ENABLED
wlp0s29u1u1: STA 10:1c:0c:ad:5d:fc IEEE 802.11: authenticated
wlp0s29u1u1: STA 10:1c:0c:ad:5d:fc IEEE 802.11: associated (aid 1)
WPA: wpa_sm_step() called recursively
wlp0s29u1u1: STA 10:1c:0c:ad:5d:fc IEEE 802.11: deauthenticated due to local deauth requestHowever, when I try to connect my devices to the new AP, it always fails, because the password is wrong. I already tried this with an iPad and Android smartphone.
Offline
#127 2014-11-15 13:52:39
- OBLiQUE
- Member
- Registered: 2008-12-04
- Posts: 107
- Website
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
AFAIK, RTL8192cu needs an old version of hostapd that is patched from Realtek. You can actually install it from AUR: https://aur.archlinux.org/packages/hostapd-8192cu/
After that you must run create_ap with:
sudo ./create_ap --no-virt --driver rtl871xdrv wlp0s29u1u1 wlp3s0 DemoAP abcdefghijLast edited by OBLiQUE (2014-11-15 13:53:28)
Offline
#128 2014-11-23 12:22:35
- RibShark
- Member
- Registered: 2013-09-21
- Posts: 30
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
Is there a way to configure what MAC address is used for the created access point? I tried using iw but could not bring the interface back up after changing the MAC address.
Offline
#129 2014-11-23 17:18:36
- OBLiQUE
- Member
- Registered: 2008-12-04
- Posts: 107
- Website
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
I just added --mac for this, so get the github version of create_ap or wait until AUR version is updated (it usually takes 1-2 days).
This is how you can do it:
./create_ap --mac 00:11:22:33:44:55 wlan0 eth0 MyAccessPoint MyPassPhraseOffline
#130 2014-11-24 15:58:03
- RibShark
- Member
- Registered: 2013-09-21
- Posts: 30
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
I just added --mac for this, so get the github version of create_ap or wait until AUR version is updated (it usually takes 1-2 days).
This is how you can do it:
./create_ap --mac 00:11:22:33:44:55 wlan0 eth0 MyAccessPoint MyPassPhrase
Thank you so much, that is really helpful!
Offline
#131 2014-12-03 03:20:01
- Wado
- Member
- Registered: 2014-12-03
- Posts: 7
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
Hi,
When I create_ap then proces stopping on "Creating a virtual WiFi interface..."
sudo create_ap wlp0s26f7u2 enp2s0 *** ***
Config dir: /tmp/create_ap.wlp0s26f7u2.conf.7b4c5XId
Network Manager found, set ap0 as unmanaged device... DONE
Creating a virtual WiFi interface... Offline
#132 2014-12-03 06:25:39
- OBLiQUE
- Member
- Registered: 2008-12-04
- Posts: 107
- Website
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
@Wado Please open a new issue report here: https://github.com/oblique/create_ap/issues
Before you do, make sure that you have the latest commit of create_ap (or the latest version from AUR).
In the report, paste the output of the following commands while create_ap is stuck on "Creating a virtual WiFi interface..."
cat /etc/NetworkManager/NetworkManager.conf
nmcli --version
nmcli d
ip link show ap0
iw dev
uname -aWhat distribution do you use? Do you run it from a livecd?
Also, do you get it all the time? Because if you got it only once, then it's probably a bug in NetworkManager.
Last edited by OBLiQUE (2014-12-03 06:26:58)
Offline
#133 2014-12-03 13:05:31
- Wado
- Member
- Registered: 2014-12-03
- Posts: 7
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
I found the problem. I had bad adress mac in networkmanager.conf. But now i have a new problem with ip tables and i can't slove it.
sudo create_ap wlp0s26f7u2 enp2s0 *** ***
[sudo] password for wado:
Config dir: /tmp/create_ap.wlp0s26f7u2.conf.ZStPMcun
Network Manager found, set ap0 as unmanaged device... DONE
Creating a virtual WiFi interface... ap0 created.
Sharing Internet using method: nat
iptables: No chain/target/match by that name.
Doing cleanup...Offline
#134 2014-12-03 17:39:48
- OBLiQUE
- Member
- Registered: 2008-12-04
- Posts: 107
- Website
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
Try the following and then run create_ap. Tell me if this fixes your problem.
modprobe ipt_MASQUERADEOffline
#135 2014-12-03 19:34:37
- Wado
- Member
- Registered: 2014-12-03
- Posts: 7
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
I tried, but the same problem again.
Offline
#136 2014-12-03 19:46:43
- OBLiQUE
- Member
- Registered: 2008-12-04
- Posts: 107
- Website
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
Give me the output of the following:
zcat /proc/config.gz | grep IP_NF
iptables -t nat -L
iptables -LWhich one of the following fails?
iptables -t nat -I POSTROUTING -o enp2s0 -j MASQUERADE
iptables -I FORWARD -i wlp0s26f7u2 -s 192.168.12.0/24 -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 53 -j ACCEPTTo clean up the above rules run:
iptables -t nat -F
iptables -FAre you using Arch or another distribution?
Offline
#137 2014-12-03 20:06:53
- Wado
- Member
- Registered: 2014-12-03
- Posts: 7
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
I'm using manjaro.
[wado@Kombajn ~]$ zcat /proc/config.gz | grep IP_NF
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_AH=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_RPFILTER=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_SYNPROXY=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_CLUSTERIP=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_TTL=m
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_SECURITY=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m[wado@Kombajn ~]$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination [wado@Kombajn ~]$ sudo iptables -t nat -I POSTROUTING -o enp2s0 -j MASQUERADE
[sudo] password for wado:
iptables: No chain/target/match by that name.
[wado@Kombajn ~]$ sudo iptables -I FORWARD -i wlp0s26f7u2 -s 192.168.12.0/24 -j ACCEPT
[wado@Kombajn ~]$ sudo iptables -I INPUT -p tcp -m tcp --dport 53 -j ACCEPT
iptables: No chain/target/match by that name.I tried run create_ap before and after cleaning and with the same result.
Offline
#138 2014-12-03 21:01:35
- OBLiQUE
- Member
- Registered: 2008-12-04
- Posts: 107
- Website
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
give me the output of:
uname -a
lsmodOffline
#139 2014-12-03 21:03:01
- Wado
- Member
- Registered: 2014-12-03
- Posts: 7
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
[wado@Kombajn ~]$ uname -a
Linux Kombajn 3.12.30-1-MANJARO #1 SMP PREEMPT Sat Oct 11 08:48:59 UTC 2014 x86_64 GNU/Linux[wado@Kombajn ~]$ lsmod
Module Size Used by
iptable_filter 1560 0
iptable_nat 3398 0
nf_conntrack_ipv4 9334 1
nf_defrag_ipv4 1443 1 nf_conntrack_ipv4
nf_nat_ipv4 3672 1 iptable_nat
nf_nat 12826 2 nf_nat_ipv4,iptable_nat
nf_conntrack 74971 4 nf_nat,nf_nat_ipv4,iptable_nat,nf_conntrack_ipv4
ip_tables 17538 2 iptable_filter,iptable_nat
x_tables 17480 2 ip_tables,iptable_filter
option 36634 0
usb_wwan 8270 1 option
usbserial 31045 2 option,usb_wwan
usb_storage 49191 0
fuse 75208 7
arc4 2008 2
nouveau 934780 2
mxm_wmi 1475 1 nouveau
wmi 8483 2 mxm_wmi,nouveau
video 11109 1 nouveau
ttm 64652 1 nouveau
drm_kms_helper 36306 1 nouveau
coretemp 6494 0
drm 239373 4 ttm,drm_kms_helper,nouveau
kvm_intel 131415 0
kvm 395139 1 kvm_intel
i2c_algo_bit 5488 1 nouveau
hid_generic 1225 0
i2c_i801 11308 0
serio_raw 5017 0
i2c_core 25016 5 drm,i2c_i801,drm_kms_helper,i2c_algo_bit,nouveau
ath9k_htc 57887 0
ath9k_common 2159 1 ath9k_htc
ath9k_hw 396783 2 ath9k_common,ath9k_htc
ath 15881 3 ath9k_common,ath9k_htc,ath9k_hw
mac80211 479157 1 ath9k_htc
cfg80211 428671 3 ath,mac80211,ath9k_htc
rfkill 15907 1 cfg80211
atl1 32963 0
gpio_ich 4593 0
evdev 12112 4
mii 4259 1 atl1
iTCO_wdt 5471 0
iTCO_vendor_support 1937 1 iTCO_wdt
shpchp 25586 0
microcode 16965 0
snd_hda_codec_realtek 42984 1
snd_hda_intel 37896 4
snd_hda_codec 151235 2 snd_hda_codec_realtek,snd_hda_intel
snd_hwdep 6340 1 snd_hda_codec
snd_pcm 77869 3 snd_hda_codec,snd_hda_intel
snd_page_alloc 7242 2 snd_pcm,snd_hda_intel
snd_timer 18726 2 snd_pcm
snd 60149 12 snd_hda_codec_realtek,snd_hwdep,snd_timer,snd_pcm,snd_hda_codec,snd_hda_intel
soundcore 5615 1 snd
intel_agp 10944 0
intel_gtt 12728 1 intel_agp
lpc_ich 13504 0
asus_atk0110 12193 0
button 4837 1 nouveau
acpi_cpufreq 10971 0
processor 25212 1 acpi_cpufreq
nfs 199317 0
lockd 77838 1 nfs
sunrpc 238132 2 nfs,lockd
fscache 47476 1 nfs
usbhid 40833 0
hid 91734 2 hid_generic,usbhid
ext4 486840 1
crc16 1367 1 ext4
mbcache 6146 1 ext4
jbd2 86295 1 ext4
sd_mod 30885 4
ata_generic 3442 0
pata_acpi 3459 0
ahci 23792 0
pata_jmicron 2595 0
libahci 21610 1 ahci
firewire_ohci 32605 0
ata_piix 25248 3
firewire_core 52788 1 firewire_ohci
libata 171516 6 ahci,pata_acpi,libahci,ata_generic,ata_piix,pata_jmicron
crc_itu_t 1371 1 firewire_core
ehci_pci 4224 0
uhci_hcd 25603 0
scsi_mod 132461 3 usb_storage,libata,sd_mod
ehci_hcd 60820 1 ehci_pci
usbcore 183509 9 uhci_hcd,usb_storage,usbserial,ehci_hcd,ehci_pci,option,usbhid,ath9k_htc,usb_wwan
usb_common 1720 1 usbcore
floppy 59219 0 Offline
#140 2014-12-03 21:13:46
- OBLiQUE
- Member
- Registered: 2008-12-04
- Posts: 107
- Website
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
ipt_MASQUERADE module is not loaded. did you get any errors when you run 'modprobe ipt_MASQUERADE'? i believe this is the issue.
Offline
#141 2014-12-03 21:30:56
- Wado
- Member
- Registered: 2014-12-03
- Posts: 7
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
no, look:
[wado@Kombajn ~]$ modprobe ipt_MASQUERADE
[wado@Kombajn ~]$ Offline
#142 2014-12-03 21:40:25
- Wado
- Member
- Registered: 2014-12-03
- Posts: 7
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
I have just restarted system and now it working 
Thank You very much for help
Offline
#143 2014-12-07 00:50:03
- Xenphor
- Member
- Registered: 2011-07-01
- Posts: 47
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
I'm trying to use this script using Arch ARM on a Raspi with a Panda wireless adapter but I get this error message:
$ sudo create_ap --ieee80211n --ht_capab '[HT40+]' wlan0 eth0 archap topsecretpass
WARN: Your adapter does not fully support AP virtual interface, enabling --no-virt
Config dir: /tmp/create_ap.wlan0.conf.DJsr0TM8
Sharing Internet using method: nat
hostapd command-line interface: hostapd_cli -p /tmp/create_ap.wlan0.conf.DJsr0TM8/hostapd_ctrl
Configuration file: /tmp/create_ap.wlan0.conf.DJsr0TM8/hostapd.conf
nl80211: Could not configure driver mode
nl80211 driver initialization failed.
hostapd_free_hapd_data: Interface wlan0 wasn't started
Error: Failed to run hostapd, maybe a program is interfering.I think it should support it:
$ iw list
Wiphy phy0
max # scan SSIDs: 4
max scan IEs length: 2257 bytes
Retry short limit: 7
Retry long limit: 4
Coverage class: 0 (up to 0m)
Device supports RSN-IBSS.
Supported Ciphers:
* WEP40 (00-0f-ac:1)
* WEP104 (00-0f-ac:5)
* TKIP (00-0f-ac:2)
* CCMP (00-0f-ac:4)
Available Antennas: TX 0 RX 0
Supported interface modes:
* IBSS
* managed
* AP
* AP/VLAN
* WDS
* monitor
* mesh point
Band 1:
Capabilities: 0x2f2
HT20/HT40
Static SM Power Save
RX Greenfield
RX HT20 SGI
RX HT40 SGI
TX STBC
RX STBC 2-streams
Max AMSDU length: 3839 bytes
No DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 2 usec (0x04)
HT RX MCS rate indexes supported: 0-15, 32
TX unequal modulation not supported
HT TX Max spatial streams: 2
HT TX MCS rate indexes supported may differ
Bitrates (non-HT):
* 1.0 Mbps
* 2.0 Mbps (short preamble supported)
* 5.5 Mbps (short preamble supported)
* 11.0 Mbps (short preamble supported)
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
Frequencies:
* 2412 MHz [1] (20.0 dBm)
* 2417 MHz [2] (20.0 dBm)
* 2422 MHz [3] (20.0 dBm)
* 2427 MHz [4] (20.0 dBm)
* 2432 MHz [5] (20.0 dBm)
* 2437 MHz [6] (20.0 dBm)
* 2442 MHz [7] (20.0 dBm)
* 2447 MHz [8] (20.0 dBm)
* 2452 MHz [9] (20.0 dBm)
* 2457 MHz [10] (20.0 dBm)
* 2462 MHz [11] (20.0 dBm)
* 2467 MHz [12] (20.0 dBm) (no IR)
* 2472 MHz [13] (20.0 dBm) (no IR)
* 2484 MHz [14] (20.0 dBm) (no IR)
Supported commands:
* new_interface
* set_interface
* new_key
* start_ap
* new_station
* new_mpath
* set_mesh_config
* set_bss
* authenticate
* associate
* deauthenticate
* disassociate
* join_ibss
* join_mesh
* set_tx_bitrate_mask
* frame
* frame_wait_cancel
* set_wiphy_netns
* set_channel
* set_wds_peer
* probe_client
* set_noack_map
* register_beacons
* start_p2p_device
* set_mcast_rate
* testmode
* connect
* disconnect
Supported TX frame types:
* IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
Supported RX frame types:
* IBSS: 0x40 0xb0 0xc0 0xd0
* managed: 0x40 0xd0
* AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* mesh point: 0xb0 0xc0 0xd0
* P2P-client: 0x40 0xd0
* P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* P2P-device: 0x40 0xd0
software interface modes (can always be added):
* AP/VLAN
* monitor
valid interface combinations:
* #{ AP, mesh point } <= 8,
total <= 8, #channels <= 1
HT Capability overrides:
* MCS: ff ff ff ff ff ff ff ff ff ff
* maximum A-MSDU length
* supported channel width
* short GI for 40 MHz
* max A-MPDU length exponent
* min MPDU start spacing
Device supports TX status socket option.
Device supports HT-IBSS.
Device supports SAE with AUTHENTICATE command
Device supports low priority scan.
Device supports scan flush.
Device supports AP scan.
Device supports per-vif TX power setting
Driver supports a userspace MPMI'm not using networkmanager or any other service that I know of to connect to the internet - just ethernet cable which was automatically detected and working. I can see access points using wifi-menu wlan0 but the purpose of the device was to use eth0 to make an access point.
Edit: I tried again from scratch, this time using the AUR package and it works without doing anything different.
Last edited by Xenphor (2014-12-07 06:50:30)
Offline
#144 2014-12-07 07:51:22
- OBLiQUE
- Member
- Registered: 2008-12-04
- Posts: 107
- Website
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
AUR and github have the same code. Maybe it was a temporary problem with the driver.
Offline
#145 2014-12-14 14:09:54
- OBLiQUE
- Member
- Registered: 2008-12-04
- Posts: 107
- Website
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
I added 3 useful options: --daemon, --list, --stop.
With --daemon you can run create_ap in the background.
Example:
create_ap --daemon wlan0 eth0 MyAccessPoint MyPassPhraseWith --list you can get the PID of the running create_ap and what interface is using to transmit.
Example:
% create_ap --list
4914 wlan0With --stop you can stop the running create_ap.
Examples:
create_ap --stop wlan0create_ap --stop 4914Last edited by OBLiQUE (2014-12-14 14:10:25)
Offline
#146 2015-01-24 20:40:53
- Cz-David
- Member
- Registered: 2012-05-25
- Posts: 33
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
I just can't get NAT forwarding to work. Been trying for two hours.
What wireshark shows me is that on (ap0 or wlan0) I get a ping packet to 8.8.8.8 from my connected device. Next my computer correctly forwards the packet to 8.8.8.8 (through eth0) and I get a response packet back. Which is then swallowed by a black hole.
iptables logs do not show it as a dropped packet. I tried to set up the iptables rules manually and no difference. Really don't know where to go from here.
david@dntb:~$ sudo create_ap -c 2 -m nat --hidden --no-virt wlan0 eth0 ntest testtest
Config dir: /tmp/create_ap.wlan0.conf.qtwIX8Ld
PID: 3093
Access Point's SSID is hidden!
Sharing Internet using method: nat
hostapd command-line interface: hostapd_cli -p /tmp/create_ap.wlan0.conf.qtwIX8Ld/hostapd_ctrl
Configuration file: /tmp/create_ap.wlan0.conf.qtwIX8Ld/hostapd.conf
Using interface wlan0 with hwaddr 00:25:d3:81:8b:37 and ssid "ntest"
wlan0: interface state UNINITIALIZED->ENABLED
wlan0: AP-ENABLED
wlan0: STA 30:a8:db:a2:64:5d IEEE 802.11: authenticated
wlan0: STA 30:a8:db:a2:64:5d IEEE 802.11: associated (aid 1)
wlan0: AP-STA-CONNECTED 30:a8:db:a2:64:5d
wlan0: STA 30:a8:db:a2:64:5d RADIUS: starting accounting session 54C40124-00000000
wlan0: STA 30:a8:db:a2:64:5d WPA: pairwise key handshake completed (RSN)root@dntb:/home/david# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.12.0/24
ACCEPT all -- 192.168.12.0/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destinationroot@dntb:/home/david# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhereroot@dntb:/home/david# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.104.105.2 netmask 255.254.0.0 broadcast 10.105.255.255
inet6 fe80::225:d3ff:fe81:8b37 prefixlen 64 scopeid 0x20<link>
ether 00:25:d3:81:8b:37 txqueuelen 1000 (Ethernet)
RX packets 90556 bytes 9396737 (8.9 MiB)
RX errors 0 dropped 1 overruns 0 frame 0
TX packets 16079 bytes 1736138 (1.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 2 bytes 140 (140.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2 bytes 140 (140.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.12.1 netmask 255.255.255.0 broadcast 192.168.12.255
inet6 fe80::225:d3ff:fe81:8b37 prefixlen 64 scopeid 0x20<link>
ether 00:25:d3:81:8b:37 txqueuelen 1000 (Ethernet)
RX packets 5091 bytes 390423 (381.2 KiB)
RX errors 0 dropped 4 overruns 0 frame 0
TX packets 151 bytes 19357 (18.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0root@dntb:/home/david# sudo iptables -L -n -v
Chain INPUT (policy ACCEPT 5995 packets, 479K bytes)
pkts bytes target prot opt in out source destination
1 334 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
47 3074 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- eth0 * 0.0.0.0/0 192.168.12.0/24
1382 93624 ACCEPT all -- wlan0 * 192.168.12.0/24 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 1969 packets, 199K bytes)
pkts bytes target prot opt in out source destinationroot@dntb:/home/david# sudo iptables -L -n -v -t nat
Chain PREROUTING (policy ACCEPT 1708 packets, 136K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 703 packets, 76768 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 109 packets, 7184 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1 packets, 328 bytes)
pkts bytes target prot opt in out source destination
381 23284 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0 Offline
#147 2015-01-25 14:29:19
- Cz-David
- Member
- Registered: 2012-05-25
- Posts: 33
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
Never mind, after an inspired guess about TTL from my NATted subnet I found out that my provider blocks any packet with TTL less than 64. Gonna be sorting out that particular rule with them.
Anyway, temporary fix
iptables -t mangle -A PREROUTING -i eth0 -j TTL --ttl-set 64Offline
#148 2015-01-27 08:18:13
- OBLiQUE
- Member
- Registered: 2008-12-04
- Posts: 107
- Website
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
I would never thought about TTL. Now I'm thinking if I should add your fix in create_ap. I will check it later, probably I will add it.
Thanks btw.
Last edited by OBLiQUE (2015-01-27 08:19:04)
Offline
#149 2015-01-27 20:46:12
- OBLiQUE
- Member
- Registered: 2008-12-04
- Posts: 107
- Website
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
It's a bit strange that '-i eth0' in your iptables rule fixed your problem. It should be '-i wlan0'. Anyway, does the following also fix your problem?
iptables -t mangle -I PREROUTING -i wlan0 -j TTL --ttl-inc 1Last edited by OBLiQUE (2015-01-27 20:46:55)
Offline
#150 2015-01-29 22:00:17
- Cz-David
- Member
- Registered: 2012-05-25
- Posts: 33
Re: [script] create_ap: Create a NATed or Bridged WiFi Access Point
These ones do not change the ttl of outgoing packets and do not work for me:
iptables -t mangle -A PREROUTING -i wlan0 -j TTL --ttl-set 64iptables -t mangle -I PREROUTING -i eth0 -j TTL --ttl-inc 1iptables -t mangle -A OUTPUT -j TTL --ttl-set 64These ones do change the ttl on outgoing packets but still do not work for me:
iptables -t mangle -A POSTROUTING -j TTL --ttl-set 64iptables -t mangle -I PREROUTING -i wlan0 -j TTL --ttl-inc 1this solves my problem, but does not change the TTL of the packet.
iptables -t mangle -A PREROUTING -i eth0 -j TTL --ttl-set 64now I have it hardcoded into the script as
iptables -t mangle -A PREROUTING -i ${INTERNET_IFACE} -j TTL --ttl-set 64 || die\
I can't figure out why it works, but my assumption that it was based on the TTL is clearly wrong. It must be doing something else to the packet I can't see. Gonna compare the wireshark captures more closely.
Offline