OpenWrt Forum Archive

Topic: Ping works if I ssh in OpenWRT . Cant ping further devices

The content of this topic has been archived on 7 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
ptascon
7 Jan 2014, 22:01

I am having a strange problem. I can ping from the router to anywhere on the network, but cannot from any device connected to the router.  See Network Diagram in http://i.imgur.com/wRyiQxG.png?1
For example
- If I log into my router via ssh onto any interface - Everything works great. I can ping any of the interfaces and and other node on the Mesh network.
- If I ping from a device connected to the router - I can only ping the interface that device connects to. eg. A computer connected via Eth1 can ping alan1. Cannot ping anything else. Same with any computer connecting to alan1 via the Access Point on this interface.

I have the following 2 interfaces:
- alan0 : 1 x Mesh Ad-Hoc antenna. IP  10.50.49.242
- alan1 : 1 x AP antenna and Eth1.  IP 10.50.49.241

It appears that if the ping originates from an external computer then the interface it is connecting to is visible (eg. alan1), but the ping will not go across the interfaces (eg to alan0). Forwarding is setup between the interfaces. If I ssh into alan1 - no problem seeing anything on the network.

I am using the Atheros 9k driver.

ANY help anyone can give me I would GREATLY appreciate.

I have included the wireless, network and firewall files below. Note the firewall refers to an interface wan. This is not being used but I have included it. The system was configured using luci.

/etc/config/wireless:

config 'wifi-device' 'radio0'
       option 'type' 'mac80211'
       option 'macaddr' '00:80:92:43:f3:ff'
       list 'ht_capab' 'SHORT-GI-40'
       list 'ht_capab' 'DSSS_CCK-40'
       option 'hwmode' '11a'
       option 'country' 'US'
       option 'channel' '149'
       option 'txpower' '17'

config 'wifi-iface'
       option 'device' 'radio0'
       option 'encryption' 'none'
       option 'ssid' 'ActiveMesh'
       option 'mode' 'adhoc'
       option 'network' 'alan0'

config 'wifi-device' 'radio1'
       option 'type' 'mac80211'
       option 'macaddr' '00:80:92:43:f3:f8'
       list 'ht_capab' 'SHORT-GI-40'
       list 'ht_capab' 'DSSS_CCK-40'
       option 'txpower' '18'
       option 'country' 'US'
       option 'channel' 'auto'

config 'wifi-iface'
       option 'device' 'radio1'
       option 'mode' 'ap'
       option 'encryption' 'none'
       option 'ssid' 'StructuredMeshTest'
       option 'network' 'alan1'


/etc/config/network

config 'interface' 'loopback'
       option 'ifname' 'lo'
       option 'proto' 'static'
       option 'ipaddr' '127.0.0.1'
       option 'netmask' '255.0.0.0'

config 'interface' 'lan'
       option 'type' 'bridge'
       option 'proto' 'static'
       option 'netmask' '255.255.0.0'
       option 'ifname' 'eth0'
       option 'ipaddr' '10.60.0.1'

config 'interface' 'alan0'
       option 'type' 'bridge'
       option 'proto' 'static'
       option 'ipaddr' '10.50.49.242'
       option 'netmask' '255.255.0.0'
       option 'gateway' '10.50.0.1'
       option 'broadcast' '10.50.255.255'
       option 'dns' '8.8.8.8 4.4.4.4'
       option 'stp' '1'
       option '_orig_ifname' 'eth1 wlan0 wlan1'
       option '_orig_bridge' 'true'

config 'interface' 'alan1'
       option 'proto' 'static'
       option 'ipaddr' '10.50.49.241'
       option 'netmask' '255.255.0.0'
       option 'type' 'bridge'
       option '_orig_ifname' 'eth1 wlan1'
       option '_orig_bridge' 'true'
       option 'ifname' 'eth1'


/etc/config/firewall

config 'defaults'
       option 'syn_flood' '1'
       option 'input' 'ACCEPT'
       option 'output' 'ACCEPT'
       option 'drop_invalid' '1'
       option 'forward' 'ACCEPT'

config 'zone'
       option 'name' 'lan'
       option 'network' 'lan'
       option 'input' 'ACCEPT'
       option 'output' 'ACCEPT'
       option 'forward' 'ACCEPT'

config 'zone'
       option 'name' 'wan'
       option 'network' 'wan'
       option 'output' 'ACCEPT'
       option 'mtu_fix' '1'
       option 'forward' 'ACCEPT'
       option 'input' 'ACCEPT'

config 'rule'
       option 'name' 'Allow-DHCP-Renew'
       option 'src' 'wan'
       option 'proto' 'udp'
       option 'dest_port' '68'
       option 'target' 'ACCEPT'
       option 'family' 'ipv4'

config 'rule'
       option 'name' 'Allow-Ping'
       option 'src' 'wan'
       option 'proto' 'icmp'
       option 'icmp_type' 'echo-request'
       option 'family' 'ipv4'
       option 'target' 'ACCEPT'

config 'rule'
       option 'name' 'Allow-DHCPv6'
       option 'src' 'wan'
       option 'proto' 'udp'
       option 'src_ip' 'fe80::/10'
       option 'src_port' '547'
       option 'dest_ip' 'fe80::/10'
       option 'dest_port' '546'
       option 'family' 'ipv6'
       option 'target' 'ACCEPT'

config 'rule'                           
       option 'name' 'Allow-ICMPv6-Input'
       option 'src' 'wan'               
       option 'proto' 'icmp'             
       list 'icmp_type' 'echo-request'   
       list 'icmp_type' 'destination-unreachable'
       list 'icmp_type' 'packet-too-big'         
       list 'icmp_type' 'time-exceeded'         
       list 'icmp_type' 'bad-header'             
       list 'icmp_type' 'unknown-header-type'   
       list 'icmp_type' 'router-solicitation'   
       list 'icmp_type' 'neighbour-solicitation'
       option 'limit' '1000/sec'                 
       option 'family' 'ipv6'                   
       option 'target' 'ACCEPT'                 

config 'rule'                                     
       option 'name' 'Allow-ICMPv6-Forward'     
       option 'src' 'wan'                       
       option 'dest' '*'                         
       option 'proto' 'icmp'                     
       list 'icmp_type' 'echo-request'           
       list 'icmp_type' 'destination-unreachable'
       list 'icmp_type' 'packet-too-big'         
       list 'icmp_type' 'time-exceeded'         
       list 'icmp_type' 'bad-header'             
       list 'icmp_type' 'unknown-header-type'   
       option 'limit' '1000/sec'                 
       option 'family' 'ipv6'                   
       option 'target' 'ACCEPT'                 

config 'include'                                 
       option 'path' '/etc/firewall.user'       

config 'zone'                                     
       option 'name' 'alan0'                     
       option 'input' 'ACCEPT'                   
       option 'output' 'ACCEPT'                 
       option 'forward' 'ACCEPT'                 
       option 'network' 'alan0'                 

config 'forwarding'                               
       option 'dest' 'wan'                       
       option 'src' 'alan0'                     

config 'forwarding'                               
       option 'dest' 'alan0'                     
       option 'src' 'wan'                       

config 'zone'                                     
       option 'name' 'alan1'                     
       option 'input' 'ACCEPT'                   
       option 'forward' 'ACCEPT'                 
       option 'output' 'ACCEPT'                 
       option 'network' 'alan1'                 

config 'forwarding'                               
       option 'dest' 'alan0'                     
       option 'src' 'alan1'   

config 'forwarding'                               
       option 'dest' 'wan'                       
       option 'src' 'alan1'

config 'forwarding'                               
       option 'dest' 'alan1'                     
       option 'src' 'alan0'                     

config 'forwarding'                               
       option 'dest' 'alan1'                     
       option 'src' 'wan'                       

config 'forwarding'                               
       option 'dest' 'alan0'                     
       option 'src' 'lan'                       

config 'forwarding'                               
       option 'dest' 'alan1'                     
       option 'src' 'lan'                       

config 'forwarding'                               
       option 'dest' 'wan'                       
       option 'src' 'lan'                       

config 'forwarding'                               
       option 'dest' 'lan'                       
       option 'src' 'alan0'                     

config 'forwarding'                               
       option 'dest' 'lan'                       
       option 'src' 'alan1'                     

config 'forwarding'                               
       option 'dest' 'lan'                       
       option 'src' 'wan'

Post #2
neryba
8 Jan 2014, 09:09

your alan0 and alan1 in same network

try this

config 'interface' 'alan0'
       option 'type' 'bridge'
       option 'proto' 'static'
       option 'ipaddr' '10.50.49.242'
       option 'netmask' '255.255.0.0'
       option 'gateway' '10.50.0.1'
       option 'broadcast' '10.50.255.255'
       option 'dns' '8.8.8.8 4.4.4.4'
       option 'stp' '1'

config alias 'alan1'
        option proto 'static'
        option interface 'alan0'
        option ipaddr '10.50.49.241'
        option netmask '255.255.0.0'
        
config 'wifi-iface'
       option 'device' 'radio0'
       option 'encryption' 'none'
       option 'ssid' 'ActiveMesh'
       option 'mode' 'adhoc'
       option 'network' 'alan0'

config 'wifi-iface'
       option 'device' 'radio1'
       option 'mode' 'ap'
       option 'encryption' 'none'
       option 'ssid' 'StructuredMeshTest'
       option 'network' 'alan0'
Post #3
ptascon
8 Jan 2014, 21:48

Thank you very much. That helps. We are one step closer

I can now ping alan0 and alan1 wirelessly (from alan1 Access Point). However I cannot ping the mesh via the computer:
- From the computer logged into the access point I cannot ping any of the nodes that are visible to alan0 over the mesh (all neighbors are shown with an etx of 1).
- If I ssh into alan0 or alan1 then I can ping everything on the network.

Post #4
neryba
9 Jan 2014, 07:36

Mesh is not only simple configuration, it also needs some protocol(ex. batman), witch will say where all network located on.
Like I understand from yours configuration, no one PC from wireless network doesn't know where 10.60.0.1/16 located.

alan1 additinal IP to alan0, so it is one bridge with 2 IP.
I think you can remove 10.60.0.0 network. Bellow is example howto your network can work without it.

config 'interface' 'lan'
       option 'type' 'bridge'
       option 'ifname' 'eth0'
       option 'proto' 'static'
       option 'ipaddr' '10.50.49.242'
       option 'netmask' '255.255.0.0'
       option 'gateway' '10.50.0.1'
       option 'broadcast' '10.50.255.255'
       option 'dns' '8.8.8.8 4.4.4.4'
       option 'stp' '1'

remove interfaces alan0 and alan1.

config 'wifi-iface'
       option 'device' 'radio0'
       option 'encryption' 'none'
       option 'ssid' 'ActiveMesh'
       option 'mode' 'adhoc'
       option 'network' 'lan'

config 'wifi-iface'
       option 'device' 'radio1'
       option 'mode' 'ap'
       option 'encryption' 'none'
       option 'ssid' 'StructuredMeshTest'
       option 'network' 'lan'

Now all PC in 10.50.0.0/16, don't forget disable DHCP on router.

Post #5
ptascon
10 Jan 2014, 19:00

Thanks for the reply. Unfortunately I cannot put eth0 or eth1 in the interface with the ad-hoc radio. The mesh will not work (I retried all this). If I move eth1 out of the interface, the mesh works - needs to be on it's own. Seemed simple solution to put eth1 in its own interface on the same network.

(I previously have had eth1 and radio0 in the same interface. Everything works. This was with a different radio and drivers. The new radios are atheros 9k). If I could put eth1 or eth0 in the interface this would work.


Playing around further it appears this could be solved with routing.

Computer ---> eth1 (alan1) ---> radio0 (alan0) 

On the computer I manually added a route to a remote node only available via the mesh network with eth1 as the gateway. This node could be pinged from the computer. Makes sense now why pinging after using ssh to get into the node works. Unfortunately I cannot do this for each node on the network as the remote devices move around.

Seems to be a routing issue. The device connecting to eth1 does not get all the routing information only if eth0 is a separate interface not part of the mesh interface. If eth1 is part of the mesh interface then all the correct routing information is available to the device.

Hope this brings some possible solution to mind.

Post #6
uvray313
25 Jan 2014, 02:18

Ad-hoc and AP/Client modes do NOT support bridging.  They only use source and destination addressing so traffic can not be addressed to pass through to additional devices on the bridge.  This explains your inability to access from one side of the bridge while being able to from the other.

WDS and 802.11s DO support bridging using additional addressing schemes.

If you want to stick with Adhoc you will need to route traffic rather than bridging it. Any other devices you wish to connect to the Adhoc network will need to be on a different subnet from the one you are using on your Adhoc network and traffic has to be routed between the two networks.

Hope this helps.

The discussion might have continued from here.