Ok my previous mailing list posts don't even seem to point to the nature
of this problem... I am running a Soekris net 4511 with a Senao
NL-2511CD wireless card. (listed as supporting hostap in the Docs)
When ever I try to connect via the Wireless/OPT1 interface, the
performance is.. well strange. I can go to a site, but then it hangs
when loading the next site, or resolves one site and then not the next.
I thought this was due to incorrect firewall rules on the OPT1
interface, but no changes in these rules have yielded any positive
results. Even worse, the firewall logs don't seem to show the OPT1
experiencing any dropped packets due to rules, as previously thought.
The LAN interface behaves beautifully, but no matter what I try to do
the OPT1 interface refuses to act the same. I have tried reloading the
M0n0wall software and resetting the rules, nothing works. It never
seems to perform correctly. I am not trying to be a PIA, but any help or
places I could look to resolve the issue would be greatly appreciated.
Scott
Scott Myers wrote:
PS. I have looked at the interface stats and the wifi connection shows
103 collision errors and 0 I/O errors.
Status associated
MAC address 00:02:6f:3c:3c:5c
Channel 2
SSID spicewifi
In/out packets 1870/917 (123 KB/421 KB)
In/out errors 0/0
Collisions 103
Scott Myers wrote:
Hi,
I have setup a net4511 running m0n0wall on a 340 MB IBM Microdrive. I am
using the latest release as of this email, (1.22).
Interfaces:
WAN - PPPOE with WAN DNS address forwarding turned off.
LAN - Default 192.168.1.0 Subnet
WIFI - Bridged with LAN for testing
Mode: hostap
Channel: 2
Station Name: Blank
No WEP
Quality during testing for Wireless Link is 45.
Whenever I use the LAN interface, the connection is flawless. It runs
smoothly and I experience no lag or slowness in the network.
Whenever I am attached to the WIFI connection, no matter the O/S used,
card used (in laptop), or distance from the AP, it slows down, normally
hanging up on resolving addresses (appears to have an issue resolving
names on that interface). My O/S shows that the servers it is using for
DNS is the ISP servers, not trying to use DNS forwarding.
Any help or if I can offer any more information in regards to this
setup, please let me know.
Chris,
Thanks for taking the time to assist me with this small, probably pebkac
based error. Below is my config.xml. I have edited out any security risk
based fields, so as to make it "Google Friendly".
My overall goal is to have the WIFI interface be on a seperate subnet
with firewall rules blocking any interaction between it and the LAN
subnet, (along with some basic subnet masking to ensure a client doesn't
just try to change their IP address to the LAN subnet, 192.168.1.0.)
I basically copied the default LAN firewall rule to the WIFI rule list,
with the important areas (specifically where the interfaces are defined
in the rule) set to WIFI instead of LAN. I suspect the incoming rule
needed to allow webservers,etc. to communicate back to the WIFI
interface is missing. (usually on the return web port, some random high
end port number). If so, does the m0n0wall just assume that LAN needs
this rule, but doesn't list it in the config? If this is the case, could
you give me a reasonable rule to allow the return packet data to cross
the firewall to the WIFI interface?
Thank you again,
Scott
<?xml version="1.0"?>
<m0n0wall>
<version>1.6</version>
<lastchange>1160601938</lastchange>
<system>
<hostname>firewall</hostname>
<domain>firewall.lan</domain>
<username>admin</username>
<password>password</password>
<timezone>Etc/UTC</timezone>
<time-update-interval>300</time-update-interval>
<timeservers>pool.ntp.org</timeservers>
<webgui>
<protocol>http</protocol>
<port/>
</webgui>
<dnsserver>64.203.254.30</dnsserver>
<dnsserver>64.203.254.31</dnsserver>
</system>
<interfaces>
<lan>
<if>sis0</if>
<ipaddr>192.168.1.1</ipaddr>
<subnet>24</subnet>
<media/>
<mediaopt/>
</lan>
<wan>
<if>sis1</if>
<mtu/>
<media/>
<mediaopt/>
<spoofmac/>
<ipaddr>pppoe</ipaddr>
</wan>
<opt1>
<descr>WIFI</descr>
<if>wi0</if>
<wireless>
<standard></standard>
<mode>hostap</mode>
<ssid>wifi</ssid>
<stationname/>
<channel>2</channel>
<wep>
</wep>
</wireless>
<ipaddr>192.168.2.1</ipaddr>
<subnet>24</subnet>
<bridge>lan</bridge>
</opt1>
</interfaces>
<staticroutes/>
<pppoe>
<username>user</username>
<password>password</password>
<provider/>
<timeout/>
</pppoe>
<pptp/>
<bigpond/>
<dyndns>
<type>dyndns</type>
<username/>
<password/>
<host/>
<mx/>
<server/>
<port/>
</dyndns>
<dnsupdate/>
<dhcpd>
<lan>
<enable/>
<range>
<from>192.168.1.100</from>
<to>192.168.1.199</to>
</range>
</lan>
<opt1>
<range>
<from>192.168.2.100</from>
<to>192.168.2.250</to>
</range>
<defaultleasetime/>
<maxleasetime/>
<enable/>
</opt1>
</dhcpd>
<pptpd>
<mode/>
<redir/>
<localip/>
<remoteip/>
</pptpd>
<dnsmasq/>
<snmpd>
<syslocation/>
<syscontact/>
<rocommunity>public</rocommunity>
</snmpd>
<diag>
<ipv6nat>
<ipaddr/>
</ipv6nat>
</diag>
<bridge/>
<syslog/>
<nat/>
<filter>
<rule>
<type>pass</type>
<interface>opt1</interface>
<source>
<network>opt1</network>
</source>
<destination>
<any/>
</destination>
<descr>Default Wifi --> ANY</descr>
</rule>
<rule>
<type>block</type>
<interface>opt1</interface>
<source>
<network>opt1</network>
</source>
<destination>
<network>lan</network>
</destination>
<disabled/>
<descr>Block WIFI traffic from LAN Subnet</descr>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
<descr>Default LAN -> any</descr>
</rule>
</filter>
<shaper/>
<ipsec/>
<aliases/>
<proxyarp/>
<wol/>
</m0n0wall>
On 10/12/06, Scott Myers <scott at paperstreettech dot com> wrote:
> Sorry, I know this seems trivial but I have setup a secondary interface
> on a m0n0wall box, and having little success in creating the proper
> firewall rules.
> I have duplicated (almost except the two fields where I switched LAN
> with OPT1) the default rule for the LAN interface, as well as tried to
> simply bridge the connections. No matter what I try, the OPT1 interface
> acts up, and the firewall log show numerous blocked packets, but only
> when using the OPT1 interface.
>
> What am I missing?
>
Sufficient detail to be able to tell you want the problem is. ;)
Easiest thing would be to post the entire interfaces and rules parts
of your config.xml. Or if you don't want them forever archived by
Google, you can email it to me offlist.
-Chris | 