Problem configuring AP with atheros card

freetomfr · Jan 26, 2010, 10:22 AM

# ifconfig -a
vr0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 150                                                                             0
        options=2808 <vlan_mtu,wol_ucast,wol_magic>ether 00:0d:b9:14:1d:50
        inet 192.168.100.254 netmask 0xffffff00 broadcast 192.168.100.255
        inet6 fe80::20d:b9ff:fe14:1d50%vr0 prefixlen 64 scopeid 0x1
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
vr1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        options=280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic>ether 00:0d:b9:14:1d:51
        inet6 fe80::20d:b9ff:fe14:1d51%vr1 prefixlen 64 scopeid 0x2
        inet 192.168.200.254 netmask 0xffffff00 broadcast 192.168.200.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
vr2: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
        options=280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic>ether 00:0d:b9:14:1d:52
        media: Ethernet autoselect (none)
        status: no carrier
ath0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 15                                                                             00
        ether 00:11:f5:88:18:28
        inet6 fe80::211:f5ff:fe88:1828%ath0 prefixlen 64 scopeid 0x4
        media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
        status: associated
        ssid CheckPoint channel 2 (2417 Mhz 11g) bssid 00:11:f5:88:18:28
        authmode WPA privacy MIXED deftxkey 2 AES-CCM 2:128-bit
        AES-CCM 3:128-bit txpower 31.5 scanvalid 60 bgscan bgscanintvl 300
        bgscanidle 250 roam:rssi11g 7 roam:rate11g 5 protmode OFF burst
        -apbridge dtimperiod 1
enc0: flags=0<> metric 0 mtu 1536
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
pfsync0: flags=41 <up,running>metric 0 mtu 1460
        pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128
pflog0: flags=100 <promisc>metric 0 mtu 33204
tun0: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
        inet6 fe80::20d:b9ff:fe14:1d50%tun0 prefixlen 64 scopeid 0x9
        inet 192.168.69.1 --> 192.168.69.2 netmask 0xffffffff
        Opened by PID 426
bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        ether 12:23:d3:86:f1:2b
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: vr0 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 1 priority 128 path cost 200000
        member: ath0 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 4 priority 128 path cost 370370
#</learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast></up,pointopoint,running,multicast></promisc></up,running></up,loopback,running,multicast></hostap></up,broadcast,running,promisc,simplex,multicast></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic></broadcast,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic></up,broadcast,running,simplex,multicast></full-duplex></vlan_mtu,wol_ucast,wol_magic></up,broadcast,running,promisc,simplex,multicast>

wallabybob · Jan 26, 2010, 11:37 AM

@freetomfr:

The internet acces works well on LAN but nothing on WLAN in spite of my rule allowing all traffic from this interface.

At the risk of being pedantic, the rule you displayed doesn't allow all traffic from the WLAN interface, only TCP and UDP. But I don't think thats your problem.

Your log shows traffic from 169.254.211.104 which is one of a range of addresses for systems that need to dynamically assign themselves an address. Its not an address in the vr0/ath0 subnet. There isn't enough information to say the system that can't access the internet over WLAN is using that address so you should check its address. Is it supposed to be assigned an address by DHCP? If so, perhaps that isn't happening and thats the start of your problem.

danswartz · Jan 26, 2010, 1:30 PM

Yeah, I've been misled by that tcp/udp before. I think you're right, the autoconfigure IPs are suspicious.

freetomfr · Jan 26, 2010, 1:50 PM

I tried a rule allowing all traffic (not only TCP/UDP) and nothing more. I can acces the LAN but no internet.

My log is from when I didn't get an IP adress by DHCP. Now I can get a valid address (from 192.168.100.0/24) and I don't have blocked traffic from 169.254.211.104 anymore.

danswartz · Jan 26, 2010, 1:52 PM

please try doing a packet capture on the WLAN when you try to go to the internet with a good IP.

freetomfr · Jan 26, 2010, 5:48 PM

I really want to do it but I can't because it seems it's not possible to do it on WLAN Interface. The 2 possible choices are WAN or LAN.

danswartz · Jan 26, 2010, 5:48 PM

you can do it from the CLI. like 'tcpdump -i ath0'

freetomfr · Jan 26, 2010, 9:18 PM

Ok, that is what I get :

# tcpdump -i ath0
tcpdump: WARNING: ath0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ath0, link-type EN10MB (Ethernet), capture size 96 bytes
22:13:03.966422 IP 192.168.8.36.57844 > pfsense.local.domain: 39691+ A? configuration.apple.com. (41)
22:13:04.456128 IP 192.168.8.36.54334 > pfsense.local.domain: 41057+ A? safebrowsing.clients.google.com. (49)
22:13:04.492732 IP 192.168.8.36.50277 > pfsense.local.domain: 44508+ A? www.google.fr. (31)
22:13:04.965649 IP 192.168.8.36.57844 > pfsense.local.domain: 39691+ A? configuration.apple.com. (41)
22:13:05.458960 IP 192.168.8.36.54334 > pfsense.local.domain: 41057+ A? safebrowsing.clients.google.com. (49)
22:13:05.497076 IP 192.168.8.36.50277 > pfsense.local.domain: 44508+ A? www.google.fr. (31)
22:13:07.977642 IP 192.168.8.36.57844 > pfsense.local.domain: 39691+ A? configuration.apple.com. (41)
22:13:08.468652 IP 192.168.8.36.54334 > pfsense.local.domain: 41057+ A? safebrowsing.clients.google.com. (49)
22:13:08.502863 IP 192.168.8.36.50277 > pfsense.local.domain: 44508+ A? www.google.fr. (31)
22:13:16.998226 IP 192.168.8.36.57844 > pfsense.local.domain: 39691+ A? configuration.apple.com. (41)
22:13:17.486522 IP 192.168.8.36.54334 > pfsense.local.domain: 41057+ A? safebrowsing.clients.google.com. (49)
22:13:17.523476 IP 192.168.8.36.50277 > pfsense.local.domain: 44508+ A? www.google.fr. (31)
^C
12 packets captured
12 packets received by filter
0 packets dropped by kernel

wallabybob · Jan 26, 2010, 9:40 PM

Looks like pfSense is expected to be the name server but its not responding. Do you have DNS forwarder enabled?

Do you get a response to ping by IP address?

freetomfr · Jan 26, 2010, 11:24 PM

I try just now after a reboot and it work well!! ??? I don't understand everything but after all it work.

Thanks everyone for your help. ;D