Trying to setup a wireless access point with Fedora 20

asked 2015-02-27 17:49:30 -0500

kaosubaloo gravatar image

updated 2015-02-28 20:22:14 -0500

I have spent much of the last 2 weeks trying to turn my fedora 20 machine into a wireless access point using a usb wireless network interface. So far as I can tell, both hostapd and dnsmasq are correctly configured as they seem to be working correctly, but I will include the config file for both below for completeness. Notably, my internal machine is capable of authenticating with the network, it is assigned an internal IP address and DNS lookup seems to be working.

The more likely cause of the problem is an error in the nat forwarding. wireshark reveals that my computer is successfully forwarding packets, but it is doing so with their original (internal) IP address, meaning that I never receive any responses.

With all that said, here are my current forwarding settings. IDEV is the external interface, while WDEV in internal:

IDEV=eth1
WDEV=wlp0s26f7u1

systemctl stop firewalld.service

# IP-address space from where we give dynamic IP-addresses.
# Check the address range matches the ones in /etc/dnsmasq.d/wlan-ap.conf
ifconfig $WDEV 10.240.47.1/24 up

iptables -F
iptables -X
iptables -t nat -F
#iptables -t nat -X

iptables -I INPUT -i $WDEV -j ACCEPT

echo "1" > /proc/sys/net/ipv4/ip_forward

route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.254
route add -net 10.240.47.0/24 gw 10.240.47.1

iptables -t nat -A POSTROUTING -o $IDEV -j MASQUERADE
iptables -I FORWARD -i $IDEV -o $WDEV -j ACCEPT
iptables -I FORWARD -i $WDEV -o $IDEV -j ACCEPT

I have confirmed that iptables' actual filters match these parameters. I am, however, totally baffled as to why ip masking is not working properly for me.

Here are the other config files, should they become relevant:

hostapd.conf

# /etc/hostapd.conf
# Configure WPA2-password, WLAN-interfacename and SSID-name
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
# Check WPA2-passphrase.
wpa_passphrase=password
driver=nl80211
# Check interface name is OK. (iwconfig)
interface=wlp0s26f7u1
hw_mode=g
channel=6
eap_server=0
# Set ssid.
ssid=MYWLANID
wme_enabled=1
ieee80211n=1
ht_capab=[SHORT-GI-40][HT40-][HT40+][HT20]

dnsmaqs.conf

# /etc/dnsmasq.d/wlan-ap.conf
domain-needed
interface=wlp0s26f7u1
dhcp-range=10.240.47.2,10.240.47.254,255.255.255.0,24h
dhcp-host=localhost-wlan-ap,infinite

UPDATE: I have found a partial solution to this problem. By masquerading all packets (removing "-o $IDEV") I can get ip masquerading to work as it should have in the first place, though frankly I don't understand why it behaves in this manner.

However, this has also revealed a previously undiagnosed issue. Clients connected to the access point seem to work fine at first, but after so much traffic the clients stop receiving packets from the access point. For it's part, the access point still receives packets from its clients and responds to them. This does not seem to be a factor of time, as I have idled ... (more)

edit retag flag offensive close merge delete

Comments

Hi, I know that this is completely different but have you considered using a relatively cheap Raspberry Pi running Pi-Point ( http://www.pi-point.co.uk/ ) to run a WIFI-AP (and more)?

florian gravatar imageflorian ( 2015-02-27 18:21:43 -0500 )edit

I have considered getting a Raspberry Pi for this purpose, but it is irrelevant to this issue for 2 reasons. First of all, if I can not fix the largely software-based issues I'm experiencing on my current hardware, it is unlikely I'll be able to do so on a Raspberry. Secondly, it would most likely take several weeks for a Raspberry to be delivered to me, meaning that committing to using one at the expense of a more generally applicable solution would effectively result in me sitting on my hands for 2+ weeks anyway.

kaosubaloo gravatar imagekaosubaloo ( 2015-02-28 22:15:31 -0500 )edit