WiFi hotspot with hostapd (part 2)

Submitted by Ron on Thu, 2014/07/24 - 03:12

This post is dealing with the issues that have arisen from trying to turn my PC into a WiFi hotspot using hostapd in CentOS 6.5.

I have neglected this site so badly that I'd completely forgotten part 1, it is worth checking out.

I have a D-Link WiFi router (WBR-2310) that loses its ability to serve up WiFi connections to various mobile devices, requiring semi-frequent reboots of the router. This takes the network down for 30-35 seconds - a huge and unbearable burden.

The fix (number one) was to use an ancient LinkSys non-WiFi router as the household router and the D-Link as a WiFi Access Point.

Then I scavenged a USB WiFi card, which I mounted into my main tower.

This is to become a secondary WiFi access point.

hostapd to the rescue. Initially, I got a working setup, but that was prior to bringing the LinkSys into the equation. Now that I have two routers, I decided to revisit the hostapd backup solution.

Initially I'm aiming for an open (non-password-protected) AP, and the details of how to set up hostapd.conf are covered many other places elsewhere.
This has proven more difficult than anticipated, particularly since simply bringing up wlan0 and starting the hostapd service failed with unloaded driver error.

First of all, some details on the card:

lsusb |grep -i gem
Bus 003 Device 002: ID 15a9:0004 Gemtek WUBR-177G [Ralink RT2571W]

As we can see, the card self-identifies as an Ralink RT2571W. However, the kernel drivers needed for it are not rt2500usb, nor rt2x00usb, nor what the kernel somehow auto-loaded, rndis_wlan.

Instead, one needs to load the rt73usb driver, and in my case, also unload the rndis_wlan:

modprobe -iv rt73usb
modprobe -ir rndis_wlan

Then, I want to make a persistent wlan0 interface that is active upon boot, so I made a file /etc/sysconfig/network-scripts/ifcfg-wlan0, and added these to it:

NAME=w00fi
ESSID=w00fi
DEVICE=wlan0
# HWADDR refers to physical, MACADDR is for reassigning (don't use both)
HWADDR=00:C0:A8:F0:E8:AB

IPADDR=192.168.1.169
NETMASK=255.255.255.0

NETWORK=192.168.1.0
GATEWAY=192.168.1.1
ONBOOT=yes

MODE=AP
TYPE=Wireless
BOOTPROTO=none

IPV4_FAILURE_FATAL=yes
IPV6INIT=no

# KEY_MGMT=WPA-PSK
# WPA_ALLOW_WPA=yes
# CIPHER_PAIRWISE=NONE
# CIPHER_GROUP=TKIP

PEERDNS=no

I run a DHCP server on the PC - you'll need something that will have the same functionality.

Now, one ought to be able to obtain an IP address on a WiFi enabled mobile device (at least if DHCPD is running on the main PC).

But in order to, say, ping that device, a routing table entry must be made to tell the PC how to find the mobile. In my case, the mobile is 192.168.1.96 and the WiFi card is wlan0:

route add 192.168.1.96 dev wlan0

Presto - the running ping from mobile to PC that was failing is now successful.

Now, a couple of iptables rules need to be applied, and this is where I'm having problems. I understand basic iptables rules just fine, but the ones I have just don't seem to be working.

I'll save my post for now and add more when I've dug into why the final steps are failing.

SOLVED: See solution added in comment

Comments

Ron

Fri, 2014/07/25 - 04:05

Well, that was ridiculously difficult yet now seems so easy.

All the guides I've seen show a pair of iptables rules being required:

iptables -A FORWARD --in-interface wlan0 --jump ACCEPT
iptables --table nat -A POSTROUTING -o eth0 --jump MASQUERADE

I had those, and several variations of those -- no luck. And, I had to add this to reach the phone:

route add 192.168.1.96 dev wlan0

This tells the computer that to find the phone (192.168.1.96), it needs to look on the wifi card (wlan0).

And CentOS has a default rule at the end of the FORWARD chain of:

target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-net-prohibited

so I had to -I insert my rules instead of -A append. No problem.

Problem.

The packet counter was incrementing on the REJECT rule - the final rule, while not incrementing by matching rules number 1 or 3 below:

iptables -L FORWARD -v
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
3457 290K ACCEPT all -- any any 192.168.0.100 anywhere
41 2609 ACCEPT all -- any any HTC anywhere
82 6068 ACCEPT all -- wlan0 any anywhere anywhere
926 77696 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable

Yet once rule number 4 (REJECT) was removed -- the first rule's packet counter began incrementing!

So, thanks to OiPolloi on #centos over at Freenode, this rule, inserted into position number 1, will match packets and prevent the REJECT from being matched:

iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

And with that, the routing table entry can be deleted:

route del 192.168.0.100 dev wlan0

Yet there's more! The POSTROUTING MASQUERADE rules are no longer incrementing while a ping runs continuously, so those may not be required either. This I'll need to test.

The #iptables guys on Freenode fairly strongly suggest using SNAT and DNAT instead of MASQUERADE anyway, unless a PPP connection is in play.

Now to put the default network settings back into place (the libvirtd / kvm / qemu iptables FORWARD and POSTROUTING chain rules, and make my new iptables rules persistent.)

R o n
- - -
Vancouver

Ron

Fri, 2014/07/25 - 04:29

Not getting 100% results... yet.

Do want to add that this command was extremely handy for checking on ping packets coming from wlan0:

tcpdump icmp[icmptype] = icmp-echo or icmp[icmptype] = icmp-echoreply -nn -i wlan0 -vv -p

Note that it's dumping network traffic that's either a ping request or a ping reply, and -nn means "Don't convert protocol and port numbers etc. to names", -vv is like very verbose, and -i is interface wlan0.

R o n
- - -
Vancouver

Ron

Mon, 2014/08/04 - 23:49

I woke up to the urgent situation whereby the WiFi router tripped over its own dick (again) and the WiFi access point in the CentOS box wasn't working either.

ifconfig wlan0
^C^C^C^C^C^Z
^C^C^C
^C
^Z
^T
^X^X^X^C^C^C^C^C

In another tab:

ifconfig
^C
^C
^C
^C
^C
^C
^C
^C

Bad. News.

Checking /var/log/messages:

Aug 4 22:58:10 www kernel: ieee80211 phy0: rt2x00usb_watchdog_tx_dma: Warning -
TX queue 0 DMA timed out, invoke forced forced reset

...

Aug 4 23:02:14 www kernel: ieee80211 phy0: rt2x00queue_flush_queue: Warning - Queue 0 failed to flush
Aug 4 23:02:14 www dhcpd: receive_packet failed on wlan0: Network is down
Aug 4 23:03:05 www kernel: ieee80211 phy0: rt2x00usb_vendor_request: Error - Vendor Request 0x06 failed for offset 0x3048 with error -110
Aug 4 23:03:55 www kernel: ieee80211 phy0: rt2x00usb_vendor_request: Error - Vendor Request 0x07 failed for offset 0x304c with error -110
Aug 4 23:04:45 www kernel: ieee80211 phy0: rt2x00usb_vendor_request: Error - Vendor Request 0x06 failed for offset 0x304c with error -110
Aug 4 23:05:35 www kernel: ieee80211 phy0: rt2x00usb_vendor_request: Error - Vendor Request 0x07 failed for offset 0x305c with error -110
Aug 4 23:05:45 www kernel: INFO: task lldpad:2339 blocked for more than 120 seconds.

...

Aug 4 23:07:45 www kernel: Tainted: P --------------- 2.6.32-
431.20.5.el6.x86_64 #1
Aug 4 23:07:45 www kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" d
isables this message.
Aug 4 23:07:45 www kernel: ifconfig D 0000000000000005 0 10729 17530
0x00000084
Aug 4 23:07:45 www kernel: ffff88013bde7cc8 0000000000000082 ffff88013bde7c90 f
fff88013bde7c8c
Aug 4 23:07:45 www kernel: ffff88013bde7c48 ffff88043ec24b00 ffff880028216840 0
000000000000400
Aug 4 23:07:45 www kernel: ffff88042fb43ab8 ffff88013bde7fd8 000000000000fbc8 f
fff88042fb43ab8
Aug 4 23:07:45 www kernel: Call Trace:
Aug 4 23:07:45 www kernel: [] __mutex_lock_slowpath+0x13e/0x1
80
Aug 4 23:07:45 www kernel: [] mutex_lock+0x2b/0x50
Aug 4 23:07:45 www kernel: [] rtnl_lock+0x15/0x20
Aug 4 23:07:45 www kernel: [] devinet_ioctl+0x11d/0x6a0
Aug 4 23:07:45 www kernel: [] inet_ioctl+0x88/0xa0
Aug 4 23:07:45 www kernel: [] sock_ioctl+0x7a/0x280
Aug 4 23:07:45 www kernel: [] vfs_ioctl+0x22/0xa0
Aug 4 23:07:45 www kernel: [] do_vfs_ioctl+0x84/0x580
Aug 4 23:07:45 www kernel: [] sys_ioctl+0x81/0xa0
Aug 4 23:07:45 www kernel: [] ? __audit_syscall_exit+0x25e/0x
290
Aug 4 23:07:45 www kernel: [] system_call_fastpath+0x16/0x1b
Aug 4 23:08:55 www kernel: ieee80211 phy0: rt2x00usb_vendor_request: Error - Ve
ndor Request 0x07 failed for offset 0x3064 with error -110
Aug 4 23:09:45 www kernel: ieee80211 phy0: rt2x00usb_vendor_request: Error - Ve
ndor Request 0x06 failed for offset 0x3064 with error -110
Aug 4 23:09:45 www kernel: INFO: task lldpad:2339 blocked for more than 120 sec
onds.
Aug 4 23:09:45 www kernel: Tainted: P --------------- 2.6.32-
431.20.5.el6.x86_64 #1
Aug 4 23:09:45 www kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" d
isables this message.
Aug 4 23:09:45 www kernel: lldpad D 0000000000000002 0 2339 1
0x00000080
Aug 4 23:09:45 www kernel: ffff8804370a7cd8 0000000000000082 0000000000000000 0
000000000000000
Aug 4 23:09:45 www kernel: 0000000000000000 0000000000000000 ffffffff811a0750 f
fff880436586640
Aug 4 23:09:45 www kernel: ffff8804374a9098 ffff8804370a7fd8 000000000000fbc8 f
fff8804374a9098
Aug 4 23:09:45 www kernel: Call Trace:
Aug 4 23:09:45 www kernel: [] ? pollwake+0x0/0x60
Aug 4 23:09:45 www kernel: [] __mutex_lock_slowpath+0x13e/0x1
80
Aug 4 23:09:45 www kernel: [] mutex_lock+0x2b/0x50
Aug 4 23:09:45 www kernel: [] rtnl_lock+0x15/0x20
Aug 4 23:09:45 www kernel: [] vlan_ioctl_handler+0x95/0x420 [
8021q]
Aug 4 23:09:45 www kernel: [] sock_ioctl+0x21f/0x280
Aug 4 23:09:45 www kernel: [] vfs_ioctl+0x22/0xa0
Aug 4 23:09:45 www kernel: [] do_vfs_ioctl+0x84/0x580
Aug 4 23:09:45 www kernel: [] sys_ioctl+0x81/0xa0
Aug 4 23:09:45 www kernel: [] ? __audit_syscall_exit+0x25e/0x
290
Aug 4 23:09:45 www kernel: [] system_call_fastpath+0x16/0x1b
Aug 4 23:10:35 www kernel: ieee80211 phy0: rt2x00usb_vendor_request: Error - Vendor Request 0x06 failed for offset 0x307c with error -110
Aug 4 23:11:25 www kernel: ieee80211 phy0: rt2x00usb_vendor_request: Error - Vendor Request 0x07 failed for offset 0x3018 with error -110
Aug 4 23:12:15 www kernel: ieee80211 phy0: rt2x00usb_vendor_request: Error - Vendor Request 0x06 failed for offset 0x3018 with error -110
Aug 4 23:13:05 www kernel: ieee80211 phy0: rt2x00usb_vendor_request: Error - Vendor Request 0x06 failed for offset 0x3028 with error -110
Aug 4 23:13:55 www kernel: ieee80211 phy0: rt2x00usb_vendor_request: Error - Vendor Request 0x07 failed for offset 0x3030 with error -110

Indicates a problem with rt2x00usb (which is loaded by rt73usb kernel module).

This fixed it:

modprobe -rv rt73usb && modprobe -iv rt73usb && ifdown wlan0 && ifup wlan0 && service hostapd restart && service dhcpd restart

I've never seen Linux hang like that before... Not pleased.

R o n
- - -
Vancouver

Ron

Fri, 2015/04/03 - 01:13

Just had my hostapd Wifi AP disappear while running Manjaro (long story...). It had been functioning perfectly, then two sets of updates to Linux kernel 3.18 and to hostapd happened, then I noticed no more Wifi AP.

Lots of poking around, tweaking systemd unit file, loading and unloading kernel module, no success.

Then, on an unrelated matter, I was examining the output of "top" command and noticed that NetworkManager was in the list.

But, but, but I had stopped and disabled that!

Well, it got re-enabled. Simply running

systemctl stop NetworkManager
systemctl disable NetworkManager
systemctl start hostapd
system enable hostapd
system restart dhcpd4

and my AP was back, good as ever.

Something to watch out for...

R o n
- - -
Vancouver

Add new comment

More information about text formats

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.