API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 7th, 2012
29
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.65 KB | None | 0 0
raw download clone embed print report
  1.  
  2. Session Start: Sat Jan 07 21:14:03 2012
  3. Session Ident: FennyFatal
  4. 01[Sat 21:14:08 pm] <GH0> Or I will just PM the whole thing to you.
  5. [Sat 21:14:15 pm] <FennyFatal> kk
  6. 01[Sat 21:14:29 pm] <GH0> I have a WRT350N which is the gateway router. This router works perfectly. Connected to Port 3, I have a secondary router, configured using the Wireless Access Point wiki guide, and the Multiple SSID's wiki guide.
  7. [Sat 21:14:55 pm] <FennyFatal> Okay, and what is the issue you are seeing?
  8. 01[Sat 21:15:00 pm] <GH0> The Primary Router has a 10.10.10.1 and the wap has a 10.10.10.2 IP address, with the secondary SSID having a 10.10.11.1 address.
  9. [Sat 21:15:14 pm] <FennyFatal> okay.
  10. 01[Sat 21:15:19 pm] <GH0> HTTP Traffic isn't being passed through.
  11. 01[Sat 21:15:35 pm] <GH0> However, I get an IP address under the .11.* address
  12. [Sat 21:15:44 pm] <FennyFatal> okay, what can you ping?
  13. [Sat 21:16:21 pm] <FennyFatal> Also, is DNS resolving?
  14. 01[Sat 21:16:42 pm] <GH0> I can't ping anything, and DNS doesn't seem to be resolving.
  15. 01[Sat 21:17:01 pm] <GH0> When I ping, I just receive a
  16. 01[Sat 21:17:07 pm] <GH0> Destination Host Unreachable
  17. [Sat 21:17:22 pm] <FennyFatal> okay, can you ping the 10.10.11.1? but not 10.10.10.1?
  18. 01[Sat 21:18:09 pm] <GH0> No. If I ping 11.1 it times out the request. If I ping 10.1 it responds with "Destination Host Unreachable
  19. 01[Sat 21:18:17 pm] <GH0> Also, here is my firewall script:
  20. 01[Sat 21:18:18 pm] <GH0> iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
  21. 01[Sat 21:18:18 pm] <GH0> iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
  22. 01[Sat 21:18:18 pm] <GH0> iptables -I INPUT -i br1 -m state --state NEW -j DROP
  23. 01[Sat 21:18:18 pm] <GH0> iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT
  24. 01[Sat 21:18:18 pm] <GH0> iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
  25. 01[Sat 21:18:18 pm] <GH0> iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT
  26. [Sat 21:19:34 pm] <FennyFatal> Okay, So let's get it working without the firewall script first.
  27. 01[Sat 21:20:26 pm] <GH0> Alright, removed the interfaces
  28. 01[Sat 21:20:28 pm] <GH0> Err
  29. 01[Sat 21:20:30 pm] <GH0> Firewall script.
  30. [Sat 21:21:01 pm] <FennyFatal> okay, in fact disable the spi firewall completely.
  31. 01[Sat 21:21:07 pm] <GH0> It is disabled.
  32. [Sat 21:21:11 pm] <FennyFatal> kk
  33. [Sat 21:21:57 pm] <FennyFatal> now, what pings work?
  34. 01[Sat 21:22:00 pm] <GH0> I can ping 10.10.11.1 now though, however, I still can't ping anything outside that.
  35. [Sat 21:22:16 pm] <FennyFatal> okay, that is better.
  36. [Sat 21:23:29 pm] <FennyFatal> now, what are your bridging settings?
  37. 01[Sat 21:25:13 pm] <GH0> http://i.imgur.com/BkV0z.png
  38. [Sat 21:28:00 pm] <FennyFatal> 10.10.10.1 is the DNS server?
  39. [Sat 21:28:08 pm] <FennyFatal> does it run a valid DNS server?
  40. 01[Sat 21:28:17 pm] <GH0> It has pixelserv running on it.
  41. [Sat 21:28:21 pm] <FennyFatal> kk
  42. 01[Sat 21:28:45 pm] <GH0> However, I don't think it is caching anything from an authorative DNS server.
  43. 01[Sat 21:28:54 pm] <GH0> Even then, I can't ping yahoo's IP Address.
  44. [Sat 21:29:07 pm] <FennyFatal> right so we still have a routing issue.
  45. [Sat 21:32:12 pm] <FennyFatal> Okay, so it should come down to the iptables entries now.
  46. [Sat 21:32:48 pm] <FennyFatal> We need to see why it was blocking you from accessing 10.10.11.1
  47. 01[Sat 21:33:09 pm] <GH0> Well, I know that I require these: iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
  48. 01[Sat 21:33:09 pm] <GH0> iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
  49. 01[Sat 21:33:18 pm] <GH0> As DHCP is disabled, and WAN is also disabled.
  50. [Sat 21:33:23 pm] <FennyFatal> Refollow the guide but leave out all of the drop rules.
  51. 01[Sat 21:33:48 pm] <GH0> Alright
  52. [Sat 21:33:55 pm] <FennyFatal> For the Restricting Access Section.
  53. [Sat 21:34:19 pm] <FennyFatal> oh, and btw, does the SSID for 10.10.10.2 work correctly?
  54. [Sat 21:34:31 pm] <FennyFatal> if not there is more to be done.
  55. 01[Sat 21:34:52 pm] <GH0> Yes, I believe so. Was on it earlier, but, it's a Wireless Extender of the primary Access Point.
  56. 01[Sat 21:35:06 pm] <GH0> So, it can be hard to tell which one I am on sometimes.
  57. [Sat 21:35:13 pm] <FennyFatal> right...
  58. [Sat 21:35:39 pm] <FennyFatal> Well, if we have to we can switch that to be a new SSID just to test.
  59. 01[Sat 21:35:57 pm] <GH0> So, I tried pinging the yahoo IP.
  60. [Sat 21:35:57 pm] <FennyFatal> But let's try redoing the iptables first.
  61. [Sat 21:36:08 pm] <FennyFatal> and?
  62. 01[Sat 21:36:10 pm] <GH0> 2 Destination Host Unreachable, 2 Request Timed outs.
  63. 01[Sat 21:36:22 pm] <GH0> I can still ping 10.10.11.1
  64. [Sat 21:36:31 pm] <FennyFatal> can you ping 10.10.10.1?
  65. 01[Sat 21:36:33 pm] <GH0> And I still can't ping 10.10.10.1
  66. [Sat 21:36:36 pm] <FennyFatal> kk
  67. 01[Sat 21:36:44 pm] <GH0> 10.10.10.1 - request timed out
  68. 01[Sat 21:37:05 pm] <GH0> And one destination host unreachable.
  69. 01[Sat 21:37:30 pm] <GH0> Hm, I wonder what would happen if I were to set a static DNS on the client.
  70. [Sat 21:37:57 pm] <FennyFatal> if you can't talk to 10.10.10.1 you won't get out to the internet.
  71. 01[Sat 21:38:18 pm] <GH0> Or, it would help if I disabled the static IP address on the wireless device.
  72. 01[Sat 21:38:19 pm] <GH0> :\
  73. [Sat 21:38:47 pm] <FennyFatal> hmm, so we don't know if it is getting one on it's own?
  74. [Sat 21:38:57 pm] <FennyFatal> yeah, reconnect with DNS on.
  75. 01[Sat 21:39:04 pm] <GH0> No, I do now. It isn't. It thinks the DNS server is 10.10.11.1
  76. [Sat 21:39:05 pm] <FennyFatal> er DHCP
  77. [Sat 21:39:25 pm] <FennyFatal> okay, that is interesting...
  78. [Sat 21:42:24 pm] <FennyFatal> just for fun replace the dhcp-option line with "dhcp-option=br1,6,8.8.8.8,8.8.4.4"
  79. [Sat 21:42:56 pm] <FennyFatal> er... add that line
  80. 01[Sat 21:43:02 pm] <GH0> Yeah. :)
  81. 01[Sat 21:43:59 pm] <GH0> It recognizes 8.8.8.8 and 10.10.10.1 as it's DNS servers now.
  82. 01[Sat 21:44:03 pm] <GH0> However, I still can't ping anything.
  83. [Sat 21:44:25 pm] <FennyFatal> well, the DNS thing should be resolved as soon as we resolve the routing issue.
  84. [Sat 21:45:53 pm] <FennyFatal> this : should be the important line in question: iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
  85. 01[Sat 21:46:14 pm] <GH0> That is the first line in the firewall script.
  86. [Sat 21:47:15 pm] <FennyFatal> What are the lines now?
  87. 01[Sat 21:47:21 pm] <GH0> iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
  88. 01[Sat 21:47:21 pm] <GH0> iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT
  89. 01[Sat 21:47:21 pm] <GH0> iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
  90. 01[Sat 21:47:21 pm] <GH0> iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT
  91. 01[Sat 21:47:36 pm] <GH0> Not sure if I really need the last three lines.
  92. [Sat 21:47:45 pm] <FennyFatal> add these too:
  93. [Sat 21:47:50 pm] <FennyFatal> iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT
  94. [Sat 21:47:50 pm] <FennyFatal> iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
  95. [Sat 21:49:13 pm] <FennyFatal> and the last three only override the block setting we don't have in there at the moment.
  96. 01[Sat 21:49:27 pm] <GH0> No, still can't ping yahoo by IP
  97. 01[Sat 21:49:39 pm] <GH0> and can't ping 10.10.10.1
  98. [Sat 21:49:53 pm] <FennyFatal> Okay, let's test the other AP. make it new, and not repeat.
  99. 01[Sat 21:49:55 pm] <GH0> Combination of Request Timed Out, and Destination Host Unreachable for both.
  100. [Sat 21:49:59 pm] <FennyFatal> see if that is working.
  101. [Sat 21:51:53 pm] <FennyFatal> Okay... SSH into the router, and run dmesg to see if it is giving us any good information.
  102. 01[Sat 21:51:57 pm] <GH0> Yep, if I switch it over to SSID-Test and disable WPA2, it pings 10.10.10.1 fine
  103. [Sat 21:52:04 pm] <FennyFatal> hood.
  104. [Sat 21:52:07 pm] <FennyFatal> *good
  105. 01[Sat 21:54:05 pm] <GH0> http://pastebin.com/1nniZ2Ar
  106. [Sat 21:55:34 pm] <FennyFatal> Looks like the vlan is going up and down repeatedly, that might account for the two different errors we are getting.
  107. [Sat 21:56:00 pm] <FennyFatal> were there any time stamps?
  108. 01[Sat 21:56:02 pm] <GH0> I didn't mess with anything under the Vlan tab
  109. 01[Sat 21:56:12 pm] <GH0> Nope, that is the full output of dmesg straight from ssh
  110. [Sat 21:59:02 pm] <FennyFatal> Hmm, you have two vlans?
  111. [Sat 21:59:24 pm] <FennyFatal> nvm just being crazy
  112. 01[Sat 21:59:31 pm] <GH0> Everything under the Vlan tab is set to stock.
  113. 01[Sat 21:59:49 pm] <GH0> 10
  114. 01[Sat 21:59:55 pm] <GH0> Well.. that didn't copy and paste...
  115. 01[Sat 21:59:58 pm] <GH0> http://i.imgur.com/FGoWl.png
  116. [Sat 22:02:26 pm] <FennyFatal> If this works... remove the comments from your DNSMasq settings.
  117. 01[Sat 22:02:41 pm] <GH0> Already did that too.
  118. [Sat 22:02:44 pm] <FennyFatal> kk
  119. 01[Sat 22:02:50 pm] <GH0> I thought that might have been an issue.
  120. [Sat 22:07:26 pm] <FennyFatal> Grr everything looks right to me...
  121. [Sat 22:07:45 pm] <FennyFatal> these are at the beginning of your iptables scripts right?
  122. [Sat 22:07:48 pm] <FennyFatal> iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT
  123. [Sat 22:07:50 pm] <FennyFatal> iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
  124. 01[Sat 22:08:10 pm] <GH0> Yep
  125. 01[Sat 22:08:40 pm] <GH0> This is the same problem I had at some point. Everything was working fine. Went to go connect, bam didn't work. So I thought starting from a new build and scratch would help.
  126. 01[Sat 22:08:52 pm] <GH0> iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT
  127. 01[Sat 22:08:52 pm] <GH0> iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
  128. 01[Sat 22:08:52 pm] <GH0> iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
  129. 01[Sat 22:08:52 pm] <GH0> iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT
  130. 01[Sat 22:08:52 pm] <GH0> iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
  131. 01[Sat 22:08:52 pm] <GH0> iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT
  132. 01[Sat 22:09:01 pm] <GH0> Bah
  133. 01[Sat 22:09:07 pm] <GH0> Copy and paste isn't wanting to work with me today.
  134. 01[Sat 22:09:11 pm] <GH0> http://pastebin.com/dS7VvZr6
  135. 01[Sat 22:11:52 pm] <GH0> And yes, this router DOES support multiple wireless SSID's. It has a corerev of 7. ;)
  136. [Sat 22:11:58 pm] <FennyFatal> kk
  137. [Sat 22:12:03 pm] <FennyFatal> :D
  138. [Sat 22:12:33 pm] <FennyFatal> Let me add a vwlan to one of the two bridged ones I have on my network, and see if I can recreate your issue.
  139. 01[Sat 22:35:11 pm] <GH0> I wonder if I should try using a lan port isntead of the wan port.
  140. [Sat 22:35:29 pm] <FennyFatal> can't hurt.
  141. 01[Sat 22:36:42 pm] <GH0> Would the firewall script stay the same? Since the third line is for the WAN port, I think
  142. 01[Sat 22:46:22 pm] <GH0> Hm, didn't change anything.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!