Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem configuring AP with atheros card

    Scheduled Pinned Locked Moved
    Wireless
    4
    19
    7.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      freetomfr
      last edited by 

      # ifconfig -a
vr0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 150                                                                             0
        options=2808 <vlan_mtu,wol_ucast,wol_magic>ether 00:0d:b9:14:1d:50
        inet 192.168.100.254 netmask 0xffffff00 broadcast 192.168.100.255
        inet6 fe80::20d:b9ff:fe14:1d50%vr0 prefixlen 64 scopeid 0x1
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
vr1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        options=280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic>ether 00:0d:b9:14:1d:51
        inet6 fe80::20d:b9ff:fe14:1d51%vr1 prefixlen 64 scopeid 0x2
        inet 192.168.200.254 netmask 0xffffff00 broadcast 192.168.200.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
vr2: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
        options=280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic>ether 00:0d:b9:14:1d:52
        media: Ethernet autoselect (none)
        status: no carrier
ath0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 15                                                                             00
        ether 00:11:f5:88:18:28
        inet6 fe80::211:f5ff:fe88:1828%ath0 prefixlen 64 scopeid 0x4
        media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
        status: associated
        ssid CheckPoint channel 2 (2417 Mhz 11g) bssid 00:11:f5:88:18:28
        authmode WPA privacy MIXED deftxkey 2 AES-CCM 2:128-bit
        AES-CCM 3:128-bit txpower 31.5 scanvalid 60 bgscan bgscanintvl 300
        bgscanidle 250 roam:rssi11g 7 roam:rate11g 5 protmode OFF burst
        -apbridge dtimperiod 1
enc0: flags=0<> metric 0 mtu 1536
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
pfsync0: flags=41 <up,running>metric 0 mtu 1460
        pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128
pflog0: flags=100 <promisc>metric 0 mtu 33204
tun0: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
        inet6 fe80::20d:b9ff:fe14:1d50%tun0 prefixlen 64 scopeid 0x9
        inet 192.168.69.1 --> 192.168.69.2 netmask 0xffffffff
        Opened by PID 426
bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        ether 12:23:d3:86:f1:2b
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: vr0 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 1 priority 128 path cost 200000
        member: ath0 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 4 priority 128 path cost 370370
#</learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast></up,pointopoint,running,multicast></promisc></up,running></up,loopback,running,multicast></hostap></up,broadcast,running,promisc,simplex,multicast></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic></broadcast,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic></up,broadcast,running,simplex,multicast></full-duplex></vlan_mtu,wol_ucast,wol_magic></up,broadcast,running,promisc,simplex,multicast>
      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        @freetomfr:

        The internet acces works well on LAN but nothing on WLAN in spite of my rule allowing all traffic from this interface.

        At the risk of being pedantic, the rule you displayed doesn't allow all traffic from the WLAN interface, only TCP and UDP. But I don't think thats your problem.

        Your log shows traffic from 169.254.211.104 which is one of a range of addresses for systems that need to dynamically assign themselves an address. Its not an address in the vr0/ath0 subnet. There isn't enough information to say the system that can't access the internet over WLAN is using that address so you should check its address. Is it supposed to be assigned an address by DHCP? If so, perhaps that isn't happening and thats the start of your problem.

        1 Reply Last reply Reply Quote 0
        • D
          danswartz
          last edited by

          Yeah, I've been misled by that tcp/udp before.  I think you're right, the autoconfigure IPs are suspicious.

          1 Reply Last reply Reply Quote 0
          • F
            freetomfr
            last edited by

            I tried a rule allowing all traffic (not only TCP/UDP) and nothing more. I can acces the LAN but no internet.

            My log is from when I didn't get an IP adress by DHCP. Now I can get a valid address (from 192.168.100.0/24) and I don't have blocked traffic from 169.254.211.104 anymore.

            1 Reply Last reply Reply Quote 0
            • D
              danswartz
              last edited by

              please try doing a packet capture on the WLAN when you try to go to the internet with a good IP.

              1 Reply Last reply Reply Quote 0
              • F
                freetomfr
                last edited by

                I really want to do it but I can't because it seems it's not possible to do it on WLAN Interface. The 2 possible choices are WAN or LAN.

                1 Reply Last reply Reply Quote 0
                • D
                  danswartz
                  last edited by

                  you can do it from the CLI.  like 'tcpdump -i ath0'

                  1 Reply Last reply Reply Quote 0
                  • F
                    freetomfr
                    last edited by

                    Ok, that is what I get :

                    # tcpdump -i ath0
tcpdump: WARNING: ath0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ath0, link-type EN10MB (Ethernet), capture size 96 bytes
22:13:03.966422 IP 192.168.8.36.57844 > pfsense.local.domain: 39691+ A? configuration.apple.com. (41)
22:13:04.456128 IP 192.168.8.36.54334 > pfsense.local.domain: 41057+ A? safebrowsing.clients.google.com. (49)
22:13:04.492732 IP 192.168.8.36.50277 > pfsense.local.domain: 44508+ A? www.google.fr. (31)
22:13:04.965649 IP 192.168.8.36.57844 > pfsense.local.domain: 39691+ A? configuration.apple.com. (41)
22:13:05.458960 IP 192.168.8.36.54334 > pfsense.local.domain: 41057+ A? safebrowsing.clients.google.com. (49)
22:13:05.497076 IP 192.168.8.36.50277 > pfsense.local.domain: 44508+ A? www.google.fr. (31)
22:13:07.977642 IP 192.168.8.36.57844 > pfsense.local.domain: 39691+ A? configuration.apple.com. (41)
22:13:08.468652 IP 192.168.8.36.54334 > pfsense.local.domain: 41057+ A? safebrowsing.clients.google.com. (49)
22:13:08.502863 IP 192.168.8.36.50277 > pfsense.local.domain: 44508+ A? www.google.fr. (31)
22:13:16.998226 IP 192.168.8.36.57844 > pfsense.local.domain: 39691+ A? configuration.apple.com. (41)
22:13:17.486522 IP 192.168.8.36.54334 > pfsense.local.domain: 41057+ A? safebrowsing.clients.google.com. (49)
22:13:17.523476 IP 192.168.8.36.50277 > pfsense.local.domain: 44508+ A? www.google.fr. (31)
^C
12 packets captured
12 packets received by filter
0 packets dropped by kernel
                    1 Reply Last reply Reply Quote 0
                    • W
                      wallabybob
                      last edited by

                      Looks like pfSense is expected to be the name server but its not responding. Do you have DNS forwarder enabled?

                      Do you get a response to ping by IP address?

                      1 Reply Last reply Reply Quote 0
                      • F
                        freetomfr
                        last edited by

                        I try just now after a reboot and it work well!!  ??? I don't understand everything but after all it work.

                        Thanks everyone for your help. ;D

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post