# [SOLVED] Wireless point of access questions

## NP_complete

Folks,

I've got a "DLink DWA-552 Xtreme N Desktop Adapter" card (AR5008, ath9k), which  I've been struggling to use as an access point on my home-made Gentoo router.  I also am interested in WLAN/iWLAN "bridging".  Can someone please confirm or refute the following:

1.  Is it true that I MUST load ath9k as a module and can NOT build it into kernel?  (I would rather disable the loadable mod support for security reasons).  Any other modules that MUST be made loadable?

2.  Do I need "dhcp" and "bind" OR can get away with dnsmasq, as per the "Gentoo Home Router" docs?

3.  My hostapd is of v. 0.6.9, and my gentoo-sources are of v. 2.6.36-r5.  Am I required to use a 0.7.* version of hostapd?

4. According to these two sources, forums.gentoo.org/viewtopic-t-861254.html?sid=cac1277b8a65bab8ad59deac6534aea3 and en.gentoo-wiki.com/wiki/Atheros_Ath5k_Wireless_Access_Point, a patch has to be applied: www.spinics.net/lists/linux-wireless/msg52239.html

Is this indeed necessary?

Many thanks.Last edited by NP_complete on Fri Feb 11, 2011 6:15 am; edited 2 times in total

----------

## mbar

I think I have exactly the same wifi card.

1. The module way is a better way in this case. I had only troubles getting this to work when ath9k was built into kernel.

2. dnsmasq should suffice.

4. I don't have any patches.

3. see below.

```
gateway ~ # lsmod

Module                  Size  Used by

vboxnetadp              4332  0

vboxnetflt             16237  0

vboxdrv              1756343  2 vboxnetadp,vboxnetflt

ath9k                  81258  0

ath9k_common            1725  1 ath9k

ath9k_hw              259203  2 ath9k,ath9k_common

ath                    13301  2 ath9k,ath9k_hw

```

```
gateway ~ # uname -r

2.6.37-zen0+

```

```
emerge -pv iw wireless-tools hostapd

These are the packages that would be merged, in order:

Calculating dependencies... done!

[ebuild   R   ] net-wireless/iw-0.9.21  47 kB

[ebuild   R   ] net-wireless/wireless-tools-30_pre9  USE="-multicall" LINGUAS="-cs -fr" 341 kB

[ebuild   R   ] net-wireless/hostapd-0.7.3  USE="ssl wps -debug -ipv6 -logwatch -madwifi" 1,113 kB
```

```
gateway ~ # iwconfig

lo        no wireless extensions.

eth0      no wireless extensions.

eth1      no wireless extensions.

wlan0     IEEE 802.11bgn  Mode:Master  Frequency:2.452 GHz  Tx-Power=20 dBm

          Retry  long limit:7   RTS thr:off   Fragment thr:off

          Power Management:off

vboxnet0  no wireless extensions.

br0       no wireless extensions.

virbr0    no wireless extensions.

mon.wlan0  IEEE 802.11bgn  Mode:Monitor  Tx-Power=20 dBm

          Retry  long limit:7   RTS thr:off   Fragment thr:off

          Power Management:off

ppp0      no wireless extensions.
```

```
ifconfig

br0       Link encap:Ethernet  HWaddr 00:21:91:fc:10:5d

          inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:3809262 errors:0 dropped:0 overruns:0 frame:0

          TX packets:8341648 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:333356566 (317.9 MiB)  TX bytes:10745912056 (10.0 GiB)

eth1      Link encap:Ethernet  HWaddr 00:24:1d:5c:99:06

          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1

          RX packets:3825597 errors:0 dropped:0 overruns:0 frame:0

          TX packets:8341282 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:387885563 (369.9 MiB)  TX bytes:10745857692 (10.0 GiB)

          Interrupt:42 Base address:0xe000

lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:3377315 errors:0 dropped:0 overruns:0 frame:0

          TX packets:3377315 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:8431326558 (7.8 GiB)  TX bytes:8431326558 (7.8 GiB)

mon.wlan0 Link encap:UNSPEC  HWaddr 00-21-91-FC-10-5D-00-00-00-00-00-00-00-00-00-00

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:2332 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:335162 (327.3 KiB)  TX bytes:0 (0.0 B)

ppp0      Link encap:Point-to-Point Protocol

          inet addr:xxx

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1

          RX packets:847353 errors:0 dropped:0 overruns:0 frame:0

          TX packets:405013 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:3

          RX bytes:1138470287 (1.0 GiB)  TX bytes:75977954 (72.4 MiB)

virbr0    Link encap:Ethernet  HWaddr 0e:5a:ec:67:53:f8

          inet addr:10.0.1.1  Bcast:10.0.1.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:0 (0.0 B)  TX bytes:446 (446.0 B)

wlan0     Link encap:Ethernet  HWaddr 00:21:91:fc:10:5d

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:591 errors:0 dropped:0 overruns:0 frame:0

          TX packets:4316 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:99098 (96.7 KiB)  TX bytes:1016584 (992.7 KiB)
```

I had to bind eth0 and wlan0 into br0.

----------

## NP_complete

mbar,

Thanks for replying.  As a follow up, 'iwconfig' produces this:

$ iwconfig

lo        no wireless extensions.

eth0      no wireless extensions.

eth1      no wireless extensions.

sit0      no wireless extensions.

wlan0     IEEE 802.11bgn  ESSID:off/any  

          Mode:Managed  Access Point: Not-Associated   Tx-Power=0 dBm   

          Retry  long limit:7   RTS thr:off   Fragment thr:off

          Encryption key:off

          Power Management:off

What stands out to me is

1. Access Point: Not-Associated

2. Tx-Power=0 dBm                       (ZERO dBm!)

Would this somehow indicate a defect in the card?

Many thanks.

----------

## mbar

Wrong config I think. Post your config files  :Smile: 

```
lo        no wireless extensions.

eth0      no wireless extensions.

eth1      no wireless extensions.

wlan0     IEEE 802.11bgn  Mode:Master  Frequency:2.452 GHz  Tx-Power=20 dBm

          Retry  long limit:7   RTS thr:off   Fragment thr:off

          Power Management:off

vboxnet0  no wireless extensions.

br0       no wireless extensions.

virbr0    no wireless extensions.

mon.wlan0  IEEE 802.11bgn  Mode:Monitor  Tx-Power=20 dBm

          Retry  long limit:7   RTS thr:off   Fragment thr:off

          Power Management:off

ppp0      no wireless extensions.

```

----------

## cwr

I  certainly had to build the driver as a module to get the right regulatory domain; I also had to

configure the driver in ad-hoc mode - it wouldn't go into master mode until hostapd was

running.  I just used the default kernel drivers, with no additional patches.

  I think the breakpoint for hostapd 0.7 is kernel 2.6.33 - anything earlier than that

can run hostapd 0.6.  However, I ran 0.6  with a 2.6.34 kernel and it worked.

The problem seems to be that you have no mon.wlan0, which looks as if hostapd isn't

really happy.   I'd check the configuration.

Will

----------

## NP_complete

Guys, mbar and cwr,

After some deadly struggle  :Smile: , I can now see my wireless access point from an outside

computer.  'iwconfig' shows something very similar to what mbar posted, the mode is set

to "master" for wlan0, and this other thing called mon.wlan0 is present.  That's a good

news.

The problem is: the AP is unreachable, and even my wired LAN broke down. The network

applet on my GNOME desktop spins for a while and then shows "no connection",

wireless or wired.  This is despite the fact that everything (hostapd, eth0, eth1, net.wlan0, net.br0,

dnsmasq) comes up cleanly without errors.

/etc/conf.d/net:

config_eth1=( "dhcp" ) # WAN

config_eth0=( "null" )   # LAN

bridge_br0=( "eth0" )

config_br0=( "192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255" )

config_wlan0=( "null" ) # WLAN

modules_wlan0=( "!iwconfig" "!wpa_supplicant" )

mode_wlan0="master"

/etc/hostapd/hostapd.conf:

interface=wlan0

bridge=br0

driver=nl80211

ssid=test4

hw_mode=g

channel=1

debug=0

ieee80211n=1

country_code=US

dump_file=/tmp/hostapd.dump

ctrl_interface=/var/run/hostapd

ctrl_interface_group=0

/etc/conf.d/hostapd:

INTERFACES="wlan0"

CONFIGS="/etc/hostapd/hostapd.conf"

OPTIONS=""

/etc/dnsmasq.conf:

domain-needed

bogus-priv

expand-hosts

dhcp-range=192.168.0.100,192.168.0.250,72h

interface=br0

I don't know what to think - could the problem be due to the

use of gentoo-sources rather than "vanilla"?  I'm using

gentoo-sources-2.6.36-gentoo-r5.

Thanks much!

----------

## NP_complete

Ok.  Since no one has responded, it's wild guessing time for me.

1.  Anyone was able to get the WLAN working with dnsmasq as their

DNS *and* DHCP server (i.e. without dhcpd and bind)?  If so, can you

post the config for dnsmasq?

2.  I've noticed that dnsmasq comes up earlier in the boot sequence

than br0 and hostapd.   What would be the best way to make dnsmasq

start after these two?  I wonder if the out-of-order booting sequence

causes the trouble.

----------

## cwr

The complete breakdown of networking sounds like a routing problem; what does route -n say?

I debugged my  wireless network originally by running kismet on the non-AP machine, to make

sure that the AP was putting out the correct signals.  Then I disabled encryption (I was running

WEP) and got that correct, and then finally I added encryption - a slow process, but it's been

pretty solid since then.

Will

----------

## NP_complete

Will,

Disabling the iptables-based firewall yielded something interesting.  Now I can ssh to the router the old way, as well as wirelessly, so I'm pretty excited.  The main problem remains.  I still can't access the Internet *except* from the router itself.

Ping used to fail with "unknown host", but now it hangs forever while producing no output.  Interrupting it with Ctrl-C results in the "100% packet loss" message.  The firewall configuration I am using is:

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     all  --  anywhere             anywhere            

REJECT     udp  --  anywhere             anywhere            udp dpt:bootps reject-with icmp-port-unreachable 

REJECT     udp  --  anywhere             anywhere            udp dpt:domain reject-with icmp-port-unreachable 

ACCEPT     udp  --  anywhere             anywhere            udp spt:ntp dpt:ntp 

DROP       tcp  --  anywhere             anywhere            tcp dpts:0:1023 

DROP       udp  --  anywhere             anywhere            udp dpts:0:1023 

ACCEPT     all  --  anywhere             anywhere            

Chain FORWARD (policy DROP)

target     prot opt source               destination         

DROP       all  --  anywhere             192.168.0.0/16      

ACCEPT     all  --  192.168.0.0/16       anywhere            

ACCEPT     all  --  anywhere             192.168.0.0/16      

ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

Does anything stand out to you as being odd in here?

Also, you asked what the output from route -n was:

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0   br0

24.193.0.0       0.0.0.0         255.255.252.0   U     203  0        0   eth1

127.0.0.0         0.0.0.0         255.0.0.0           U     0      0        0   lo

0.0.0.0         24.193.0.1       0.0.0.0             UG    203   0       0   eth1

eth1 represents the cable modem.  Unless you say differently, this looks healthy to me.  In fact, this is nearly identical to my existing set up, the only exception being "br0" which becomes eth0.

Any thoughts?

----------

## s0be

Info and advice:

First, the reason master mode doesn't work without hostapd is that mac80211/nl80211/cfg80211 has NO built in AP mode support.  You can do: iw phy phy0 interface add ap0 type __ap if you really want to test creating an ap interface, but it will not work.

Next, try following the nice documentation I've helped write at: 

http://wireless.kernel.org/en/users/Documentation/hostapd

Don't worry about bridging at first.  The logical progression should be:

1. no security, not bridged, static client IP (to keep it from failing to associate due to dhcp)

2. security, not bridged, static client IP (this tests client/ap security engotiation)

3. no security, bridged, static client IP (to verify bridged routing is working, and it doesn't interfere with association)

4. security, bridged, static client IP (This just verifies everything can work together)

If you make it to step 4, you should be able to turn on dnsmasq as your dhcp/dns server listening on br0.  

I run this with:

AR5008 (ar5416)

AR9100 (on openwrt)

AR5414 (ath5k on openwrt)

AR9280 (ath9k on openwrt)

and a few more broadcom (b43), ralink (rt61), and realtek (rt2500usb) devices.  If dhcp is failing, it is likely one of the other layers that's causing the trouble.

----------

## s0be

 *NP_complete wrote:*   

> 
> 
> Any thoughts?

 

D'oh, got distracted by check payers and forgot to check before posting my statements ^ up there ^.

I've had issues before where I have wired and wireless both connected to different members of a bridge.  When testing, my procedure was always:

ssh in over wired, make changes, get ready to do restart

Hit restart, unplug wired interface, bring wired interface down

once reboot has completed on AP/Router, bring up wireless, scan, associate, etc.

----------

## NP_complete

The moment of glory has arrived!  My (non-secured, for now) wireless LAN works, and so does the wired one.  Haven't done much testing around it yet.  If something does go wrong, I guess, I will make a new thread or re-open the current one, but for now let's consider this solved.  This actually was my second attempt.  I tried to get all this done about a year ago, but found it too daunting, at the time.  Anyhow, I tweaked my iptables-based firewall settings using as a starting point the rules listed here (scroll down).  Changing export LAN=eth0 to export LAN=br0 did the trick.  Thanks to everyone for help.  Special thanks to Will & mbar.

----------

