# Issues adding a WAP to a gentoo-based home router

## tsftd

Step 1: Set up home router as per http://www.gentoo.org/doc/en/home-router-howto.xml -- everything working, wireless provided by a linksys wireless router with dhcp/dns turned off.

Step 2: Bought and added a Ath5k-based PCIE card.  Drivers working perfectly, and master mode usable.

Step 3: Added WAP as per http://en.gentoo-wiki.com/wiki/Atheros_Ath5k_Wireless_Access_Point using bridging option.

After step 1/2, everything worked perfectly.  Upon adding step 3, here's what has happened:

1) NAT (internet sharing) works fine.

2) WAP works fine (linksys router WAP is disabled, using gentoo server's WAP).  Please note that the WAP is intentionally unsecured (it will be using a MAC whitelist, but that's not implemented yet).

3) DHCP works fine.

4) DNS works only on gentoo server (DNS does NOT work for any other machines on the network)

5) Linksys router setup page is accessible via wireless (going from laptop -> gentoo server via wireless -> linksys router) at assigned IP (192.168.1.3)

6) Services on Gentoo server are not accessible via wireless or wired (this includes SSH and pages hosted by lighttpd)

I can revert the settings back to cutting out the WAP from the network (ie, primarily simply removing the bridge and going back to eth0-eth1 only), and everything works fine.  I therefore think that it's the bridge that is screwing things up.  I have tried setting /etc/dnsmasq.conf to INTERFACE=eth1/wlan0/br0, except-INTERFACE=eth0, and listen-address=192.168.1.1, and none worked.  Please note that, contrary to the guides, I have set things up as follows:

eth0=wan

eth1=lan (192.168.1.1)

Since both guides list several options, please note that I am using dnsmasq for DNS and dhcp/dhcpd (NOT dhcpcd) for DHCP, as well as iptables, hostapd, and bridgeutils.  I am using the in-kernel Ath5k driver, not any external packages like madwifi.

I tried my luck in IRC, but nobody could help.  Please advise if you need additional info, and I can come into IRC to work through this in realtime if you prefer that over forums.

----------

## dE_logics

First question -- what's your setup?

How come you require a wireless router + a PCIe card that too in master mode?

First we need to know what you wanna do.

----------

## NeddySeagoon

tsftd,

 *tsftd wrote:*   

> ... a MAC whitelist ...

 

Thats not a form of security. The MAC address of any wireless device trying to connect is broadcast in the clear when the system authenticates. Its trivial to capture MAC address and spoof them.  Indeed, linux has an option to set the MAC address you would like on an interface.

There are lots of other wireless security myths too. 

As dE_logics says, tell us what you want to achieve rather than what you have done.  Its just possible that the reply will be along the lines of "if I was going where you are going, I wouldn't start from where you are now".

----------

## cwr

At a guess it's some sort of DNS confusion; try checking your routing

paths, and post them here if the answer still isn't clear.

Will

----------

## tsftd

ok, shortest answer first:

CWR -- how would I do this?  do you mean run a traceroute?  or is there a more in-depth way of checking the routing paths?  as detailed below, the wired should go PC-> router -> (Server NIC 2 -> Bridge -> Server NIC 1) -> Cable Modem, and the wireless should go PC-> (Server WNIC -> Bridge -> Server NIC 1) -> Cable Modem, or at least that's how I think it works.  I've not worked with bridging much before (and at all in nix).

i know mac listing isn't 100% secure -- but lets be honest, this is for an upscale neighborhood, replacing a router with 0 security (and none of the other routers in the area are secured either) -- so maclisting and a nonbroadcasting ssid is good enough for me.  the only reason i mentioned it was to make it clear that security on the wlan *wasn't* the issue -- if I want to, after i get the darn thing working in the first place, i can go back and implement security.

as for what I'm trying to accomplish: a gentoo-based router with integrated WAP.  instead of trying to do everything at once, I did it in stages (i'm not a nix nub, but neither am I an expert, and I haven't fooled around with most of this stuff before).  I got the wired network set up fine, running dns+dhcp+nat through the server (it's used as a samba-ftp-bittorrent-webhost-etc server as well as a router, so i'll refer to it as the server).  I was *at the time* running the wireless thru the wireless router that the server is replacing (as wireless is step 2).

I then dropped in the wnic, got it running, and attempted to get everything working.  As stated before, the WAP works, and the NAT+dhcp works for everything, but the DNS does not work on any machine but the server, and something is causing the server's services (ftp, ssh, http, samba) to not be viewable from the lan.

here is the approximate network setup:

Cable Modem (internet) <-> Server NIC 1

Server NIC 2 + Server WNIC -> Bridge

Server NIC 2 (bridged, remember) <-> (old) Wireless Router (with wireless turned off) <-> wired PC's

Server WNIC (also bridged, remember) <-> wireless PC's

So, for the wired PC's, it goes PC-> router -> Server -> Cable Modem

and for wireless, PC -> Server -> Cable Modem

Why am I using the router?  Well, we have 4 wired PC's, and the server only has 2 NIC's, so... basically, think of it as a hub (as DHCP, DNS, and Wireless are all turned off on it).  yes, i can do some fancy exotic things, like swapping in an actual hub and using it as a wireless bridge for the wifi -- but that's a whole nother topic.  The point is, i don't want to be using the wireless router -- mainly because it does not support external antennae, and I have three high-gain wok-fi'd antennae that are plugged into the WNIC.  it's a big house.

If you still need any more details, please ask for them specifically as I don't know what you want.  Please note that I am currently running the stage 1 setup (wireless through the router, bridge/server WAP disabled), as I can't really use the network in the full setup until these issues are fixed.

----------

