|
Wireless router not receiving broadcast packets
Posted by nenekofi
|
Wireless router not receiving broadcast packets May 20, 2016 04:59PM |
Registered: 3 years ago Posts: 1 |
Hello world,
I'm fairly new to linux and linux networking in general so please bear with me. I have a MediaTek RT3352 router running OpenWrt. The router is configured to run in both STA+AP mode. In this mode, the router does not respond to ARP request from other devices in the same subnet. That is, this openwrt router is client to a next hop AP for internet access. It is also configured to be an AP to other devices, mostly wifi enabled security cameras. I first thought it was a ARP issue, so I tried the following:
This is what works:
Using tcpdump to capture packets on the router itself shows that the broadcast arp packets are either not being forwarded to the openwrt or that some kernel settings is causing the broadcast packets to be dropped. Using either wireshark or tcpdump on the sending host(laptop) shows that it is busily sending arp request packets to the openwrt router but gets no response - the packets don't show up on the router.
I'm beginning to suspect that it is not an ARP issue at all but a broadcast issue. Basically if the openwrt router is already in a host's arp table, then it can ping it, ssh into it, etc. I should also note that in true AP only mode, this is not an issue. It is only when it is configured in both STA+AP mode.
What am I missing? Please see below for my configuration. Any help or pointers will be greatly appreciated. Thank you.
System:
/ # ubus -v call system board
{
"kernel": "3.18.21",
"hostname": "OpenWrt",
"system": "Ralink RT3352 id:1 rev:6",
"model": "Allnet ALL5002",
"release": {
"distribution": "OpenWrt",
"version": "Bleeding Edge",
"revision": "firewall",
"codename": "designated_driver",
"target": "ramips\/rt305x",
"description": "OpenWrt Designated Driver firewall"
}
}
Sysctl:
/ # cat /etc/sysctl.conf
kernel.panic=3
kernel.core_pattern=/tmp/%e.%t.%p.%s.core
net.ipv4.conf.default.arp_ignore=0
net.ipv4.conf.all.arp_ignore=0
net.ipv4.ip_forward=1
net.ipv4.ipfrag_secret_interval=600
net.ipv4.icmp_echo_ignore_all=0
net.ipv4.icmp_echo_ignore_broadcasts=0
net.ipv4.icmp_ignore_bogus_error_responses=1
net.ipv4.icmp_ratemask=6168
net.ipv4.conf.wlan0.arp_accept=1
net.ipv4.conf.wlan0.arp_announce=2
net.ipv4.conf.wlan0.arp_filter=0
net.ipv4.conf.wlan0.arp_ignore=0
net.ipv4.conf.wlan0.arp_notify=1
net.ipv4.igmp_max_memberships=100
net.ipv4.tcp_fin_timeout=30
net.ipv4.tcp_keepalive_time=120
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_timestamps=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_dsack=1
net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1
net.netfilter.nf_conntrack_acct=1
net.netfilter.nf_conntrack_checksum=0
net.netfilter.nf_conntrack_max=16384
net.netfilter.nf_conntrack_tcp_timeout_established=7440
net.netfilter.nf_conntrack_udp_timeout=60
net.netfilter.nf_conntrack_udp_timeout_stream=180
net.netfilter.nf_conntrack_icmp_timeout=30
net.netfilter.nf_conntrack_icmpv6_timeout=30
Network configuration:
/ # cat /etc/config/network
config globals 'globals'
option ula_prefix 'fd01:ea9e:adf8::/48'
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'wwan'
option proto 'dhcp'
option sendopts 'hostname:panel lease:86400'
option clientid 'xxxx'
config interface 'lan'
option proto 'static'
option ifname 'eth0'
option netmask '255.255.255.0'
option ipaddr '172.16.10.254'
option type 'bridge'
option gateway '192.168.1.1'
option dns '192.168.1.1'
Wireless configuration:
/ # cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path '10180000.wmac'
option disabled '0'
option txpower '20'
option country 'US'
option htmode 'HT20'
option hwmode '11g'
option obss_interval '300'
option noscan '0'
option log_level '0'
list ht_capab 'SHORT-GI-20'
list ht_capab 'SHORT-GI-40'
list ht_capab 'TX-STBC'
list ht_capab 'RX-STBC1'
list basic_rate '12000'
list basic_rate '24000'
list basic_rate '54000'
list supported_rates '12000'
list supported_rates '18000'
list supported_rates '24000'
list supported_rates '36000'
list supported_rates '48000'
list supported_rates '54000'
config wifi-iface
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'xxxx'
option encryption 'psk2'
option key 'xxxx'
option wps_pushbutxon '1'
option macaddr 'xxxx'
option disassoc_low_ack '0'
option max_inactivity '1810'
option skip_inactivity_poll '1'
option max_listen_interval '65535'
config wifi-iface
option network 'wwan'
option mode 'sta'
option ssid 'xxxx'
option encryption 'psk2'
option key 'xxxx'
option device 'radio0'
option macaddr 'xxxx'
option channel '0'
Firewall:
/ # cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'lan'
option network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'wwan'
option network 'wwan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wwan'
config rule
option name 'Allow-DHCP-wwan'
option src 'wwan'
option proto 'udp'
option dest_port '67-68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-DHCP-lan'
option src 'lan'
option src_port '67-68'
option dest_port '67-68'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wwan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv4-Input'
option src 'wwan'
option proto 'icmp'
option family 'ipv4'
option target 'ACCEPT'
option limit '1000/sec'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wwan'
option proto 'icmp'
option family 'ipv6'
option target 'ACCEPT'
option limit '1000/sec'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
config rule
option name 'Allow-MLD'
option src 'wwan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP-wwan'
option src 'wwan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP-lan'
option src 'lan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option src 'lan'
option target 'ACCEPT'
option proto 'udp'
option dest_port '1900-1901'
config rule
option name 'Allow DNS Queries'
option src 'lan'
option dest_port '53'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
I'm fairly new to linux and linux networking in general so please bear with me. I have a MediaTek RT3352 router running OpenWrt. The router is configured to run in both STA+AP mode. In this mode, the router does not respond to ARP request from other devices in the same subnet. That is, this openwrt router is client to a next hop AP for internet access. It is also configured to be an AP to other devices, mostly wifi enabled security cameras. I first thought it was a ARP issue, so I tried the following:
- [*] Turning off and disabling the firewall
[*] Changing and persisting sysctl to accept and not ignore arp/icmp packets
[*] Tuning iptables to accept icmp packets, etc.
This is what works:
- [*] Broadcasting my ip using arping -- arping -A -c 2 -I 192.168.1.2
[*] Pinging the failing node from the router directly -- ping 192.168.1.3
Using tcpdump to capture packets on the router itself shows that the broadcast arp packets are either not being forwarded to the openwrt or that some kernel settings is causing the broadcast packets to be dropped. Using either wireshark or tcpdump on the sending host(laptop) shows that it is busily sending arp request packets to the openwrt router but gets no response - the packets don't show up on the router.
I'm beginning to suspect that it is not an ARP issue at all but a broadcast issue. Basically if the openwrt router is already in a host's arp table, then it can ping it, ssh into it, etc. I should also note that in true AP only mode, this is not an issue. It is only when it is configured in both STA+AP mode.
What am I missing? Please see below for my configuration. Any help or pointers will be greatly appreciated. Thank you.
System:
/ # ubus -v call system board
{
"kernel": "3.18.21",
"hostname": "OpenWrt",
"system": "Ralink RT3352 id:1 rev:6",
"model": "Allnet ALL5002",
"release": {
"distribution": "OpenWrt",
"version": "Bleeding Edge",
"revision": "firewall",
"codename": "designated_driver",
"target": "ramips\/rt305x",
"description": "OpenWrt Designated Driver firewall"
}
}
Sysctl:
/ # cat /etc/sysctl.conf
kernel.panic=3
kernel.core_pattern=/tmp/%e.%t.%p.%s.core
net.ipv4.conf.default.arp_ignore=0
net.ipv4.conf.all.arp_ignore=0
net.ipv4.ip_forward=1
net.ipv4.ipfrag_secret_interval=600
net.ipv4.icmp_echo_ignore_all=0
net.ipv4.icmp_echo_ignore_broadcasts=0
net.ipv4.icmp_ignore_bogus_error_responses=1
net.ipv4.icmp_ratemask=6168
net.ipv4.conf.wlan0.arp_accept=1
net.ipv4.conf.wlan0.arp_announce=2
net.ipv4.conf.wlan0.arp_filter=0
net.ipv4.conf.wlan0.arp_ignore=0
net.ipv4.conf.wlan0.arp_notify=1
net.ipv4.igmp_max_memberships=100
net.ipv4.tcp_fin_timeout=30
net.ipv4.tcp_keepalive_time=120
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_timestamps=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_dsack=1
net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1
net.netfilter.nf_conntrack_acct=1
net.netfilter.nf_conntrack_checksum=0
net.netfilter.nf_conntrack_max=16384
net.netfilter.nf_conntrack_tcp_timeout_established=7440
net.netfilter.nf_conntrack_udp_timeout=60
net.netfilter.nf_conntrack_udp_timeout_stream=180
net.netfilter.nf_conntrack_icmp_timeout=30
net.netfilter.nf_conntrack_icmpv6_timeout=30
Network configuration:
/ # cat /etc/config/network
config globals 'globals'
option ula_prefix 'fd01:ea9e:adf8::/48'
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'wwan'
option proto 'dhcp'
option sendopts 'hostname:panel lease:86400'
option clientid 'xxxx'
config interface 'lan'
option proto 'static'
option ifname 'eth0'
option netmask '255.255.255.0'
option ipaddr '172.16.10.254'
option type 'bridge'
option gateway '192.168.1.1'
option dns '192.168.1.1'
Wireless configuration:
/ # cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path '10180000.wmac'
option disabled '0'
option txpower '20'
option country 'US'
option htmode 'HT20'
option hwmode '11g'
option obss_interval '300'
option noscan '0'
option log_level '0'
list ht_capab 'SHORT-GI-20'
list ht_capab 'SHORT-GI-40'
list ht_capab 'TX-STBC'
list ht_capab 'RX-STBC1'
list basic_rate '12000'
list basic_rate '24000'
list basic_rate '54000'
list supported_rates '12000'
list supported_rates '18000'
list supported_rates '24000'
list supported_rates '36000'
list supported_rates '48000'
list supported_rates '54000'
config wifi-iface
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'xxxx'
option encryption 'psk2'
option key 'xxxx'
option wps_pushbutxon '1'
option macaddr 'xxxx'
option disassoc_low_ack '0'
option max_inactivity '1810'
option skip_inactivity_poll '1'
option max_listen_interval '65535'
config wifi-iface
option network 'wwan'
option mode 'sta'
option ssid 'xxxx'
option encryption 'psk2'
option key 'xxxx'
option device 'radio0'
option macaddr 'xxxx'
option channel '0'
Firewall:
/ # cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'lan'
option network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'wwan'
option network 'wwan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wwan'
config rule
option name 'Allow-DHCP-wwan'
option src 'wwan'
option proto 'udp'
option dest_port '67-68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-DHCP-lan'
option src 'lan'
option src_port '67-68'
option dest_port '67-68'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wwan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv4-Input'
option src 'wwan'
option proto 'icmp'
option family 'ipv4'
option target 'ACCEPT'
option limit '1000/sec'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wwan'
option proto 'icmp'
option family 'ipv6'
option target 'ACCEPT'
option limit '1000/sec'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
config rule
option name 'Allow-MLD'
option src 'wwan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP-wwan'
option src 'wwan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP-lan'
option src 'lan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option src 'lan'
option target 'ACCEPT'
option proto 'udp'
option dest_port '1900-1901'
config rule
option name 'Allow DNS Queries'
option src 'lan'
option dest_port '53'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
|
Re: Wireless router not receiving broadcast packets September 08, 2017 02:29AM |
Registered: 1 year ago Posts: 5 |
we have the game play mahjongg dimensions online best selection of ultra addictive free online dice and board games. From card classics like play mahjongg dimensions online to board games that guarantee hours of enjoyment, our play mahjongg dimensions online can all be played online with no downloads needed click http://mahjongfreegames.online/dimensions
|
Re: Wireless router not receiving broadcast packets December 19, 2017 06:44AM |
Registered: 1 year ago Posts: 4 |
In this mode, the router does now not reply to ARP request from other devices on the same subnet. Essay Writing Help Online Dice and board video games. From card classics like play mahjongg dimensions online to board games that assure hours of leisure.
|
Re: Wireless router not receiving broadcast packets March 20, 2018 06:29AM |
Thanks for sharing this marvelous post. I m very pleased to read this article.<a href="[techvaidya.com];
|
Re: Wireless router not receiving broadcast packets October 23, 2018 02:02AM |
In this mode, the switch does now not answer to ARP ask for from different gadgets on the equivalent subnet. Essay Writing Service UK Dice and board computer games. From card works of art like play mahjongg measurements online to prepackaged games that guarantee long stretches of recreation.
|
Re: Wireless router not receiving broadcast packets April 24, 2019 05:29AM |
Army of any country is very important in any war or We can say easily army play main strong role helix jump