Need help fixing the bridge connection between Linux Devuan 5 and FreeBSD 13.2 (virtualized with qemu + kvm + libvirt)

Status
Not open for further replies.
On Linux :

Code: 
# tcpdump -i mlan0 -nl icmp
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on mlan0, link-type EN10MB (Ethernet), snapshot length 262144 bytes

0 packets captured
0 packets received by filter
0 packets dropped by kernel

On FreeBSD :

Code: 
92 bytes from 192.168.99.1: Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 839b   0 0000  3f  01 c453 192.168.99.2  8.8.8.8
 
are you sure you have ip forwarding enabled on the linux box?
sysctl net.ipv4.ip_forward
or
cat /proc/sys/net/ipv4/ip_forward
 
yes :

Code: 
# ping -I 192.168.99.1 8.8.8.8

PING 8.8.8.8 (8.8.8.8) from 192.168.99.1 : 56(84) bytes of data. 
64 bytes from 8.8.8.8: icmp_seq=1 ttl=114 time=19.2 ms 
64 bytes from 8.8.8.8: icmp_seq=2 ttl=114 time=22.2 ms 
64 bytes from 8.8.8.8: icmp_seq=3 ttl=114 time=19.1 ms 
64 bytes from 8.8.8.8: icmp_seq=4 ttl=114 time=18.3 ms 
64 bytes from 8.8.8.8: icmp_seq=5 ttl=114 time=18.8 ms
 
no firewalls,not sure about iptables. Tell me how to check this,please.Its ok only for the internal network,but does not work "outside" of it.
 
Code: 
# traceroute -n 8.8.8.8

traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 40 byte packets

1  192.168.99.1  1.925 ms  0.762 ms  0.500 ms
2  192.168.99.1  3084.008 ms !H  3117.762 ms !H  3110.548 ms !H
 
It seems there is a serious problem. I've repeated the command on Linux and this time does not work (I did nothing special,I have only started the vm) :

Code: 
# ping -I 192.168.99.1 8.8.8.8 

PING 8.8.8.8 (8.8.8.8) from 192.168.99.1 : 56(84) bytes of data. 
From 192.168.99.1 icmp_seq=1 Destination Host Unreachable 
From 192.168.99.1 icmp_seq=2 Destination Host Unreachable 
From 192.168.99.1 icmp_seq=3 Destination Host Unreachable 
From 192.168.99.1 icmp_seq=4 Destination Host Unreachable 
From 192.168.99.1 icmp_seq=5 Destination Host Unreachable 
From 192.168.99.1 icmp_seq=6 Destination Host Unreachable
 
On Linux :

Code: 
# iptables -L

# Warning: iptables-legacy tables present, use iptables-legacy to see them

Chain INPUT (policy ACCEPT) 
target     prot opt source               destination          

Chain FORWARD (policy ACCEPT) 
target     prot opt source               destination          

Chain OUTPUT (policy ACCEPT) 
target     prot opt source               destination


# iptables -S

# Warning: iptables-legacy tables present, use iptables-legacy to see them

-P INPUT ACCEPT 
-P FORWARD ACCEPT 
-P OUTPUT ACCEPT
 
ziomario said:
ok thanks. Can you point me to a tutorial that I can follow to try this kind of configuration ?
Click to expand...
First of all, you need a WiFi adapter which can do AP mode. Not all adapters can.
Apart from this, hostapd is not difficult to configure.
my /etc/hostapd.conf:
# Interface to add to bridge
interface=wlan0
# Bridge name after start of hostapd.
# No additional bridge configuration needed (e.g. no /etc/network/interfaces.d etc.)
bridge=br0
# No need to change next line
driver=nl80211
# 802.11n support
ieee80211n=1
# QoS support, also required for full speed on 802.11n/ac/ax
wmm_enabled=1
# Determines country in order to set allowed channels and transmit power
# e.g. "US", "DE", IT"
country_code=IT
# Determines available channels within frequency band (as configured by "country_code" and "hw_mode" below)
ieee80211d=1
ssid=<your_ssid_goes_here>
# hw_mode (g:= 2,4GHz, a:= 5GHz)
hw_mode=g
# When running "hw_mode=g" / 2,4GHz make sure to pick a
# channel with few participants and little frequency overlap
channel=6
# All MAC addresses allowed to connect
macaddr_acl=0
# If we had MAC address filtering, allowed MAC addresses would go here
# accept_mac_file=/etc/hostapd/hostapd.accept
# deny_mac_file=/etc/hostapd/hostapd.deny
auth_algs=1
ignore_broadcast_ssid=0
# "wpa" is Bit-coded: Bit 0 enables WPA1, Bit 1 enables WPA2.
wpa=2
wpa_passphrase=<your_wpa_passphrase_goes_here>
# No need to change the rest
wpa_pairwise=TKIP CCMP
rsn_pairwise=CCMP
logger_syslog=1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
Click to expand...
 
hooray, bridged int without ip's at all worked perfectly, now my ubuntu is something like l2 sw, now it's time to sniff something) thnx.
 
Code: 
# iptables -t nat -L

# Warning: iptables-legacy tables present, use iptables-legacy to see them 
Chain PREROUTING (policy ACCEPT) 
target     prot opt source               destination          

Chain INPUT (policy ACCEPT) 
target     prot opt source               destination          

Chain OUTPUT (policy ACCEPT) 
target     prot opt source               destination          

Chain POSTROUTING (policy ACCEPT) 
target     prot opt source               destination   
       

#  iptables-legacy -t nat -L

Chain PREROUTING (policy ACCEPT) 
target     prot opt source               destination          

Chain INPUT (policy ACCEPT) 
target     prot opt source               destination          

Chain OUTPUT (policy ACCEPT) 
target     prot opt source               destination          

Chain POSTROUTING (policy ACCEPT) 
target     prot opt source               destination
 
Maybe I've understood where is the problem. Look at this error messages that I've found giving a "dmesg" :

Code: 
[  136.916308] ieee80211 phy0: mwifiex_cfg80211_sched_scan_start : Invalid Sched_scan parameters
[  145.911469] ieee80211 phy0: mwifiex_cfg80211_sched_scan_start : Invalid Sched_scan parameters
[  168.792338] mwifiex_sdio mmc2:0001:1: info: trying to associate to 'ziomario' bssid b4:a5:ef:74:6f:ed
[  168.880926] mwifiex_sdio mmc2:0001:1: ASSOC_RESP: failed,    status code=2 err=0xfffc a_id=0x3fff
[  168.880968] mwifiex_sdio mmc2:0001:1: assoc failure: reason CONNECT_ERR_ASSOC_ERR_TIMEOUT
[  168.880999] mwifiex_sdio mmc2:0001:1: ASSOC_RESP: AUTH timeout
[  168.881099] mwifiex_sdio mmc2:0001:1: info: association to bssid b4:a5:ef:74:6f:ed failed
[  169.074779] mwifiex_sdio mmc2:0001:1: info: trying to associate to 'ziomario' bssid b4:a5:ef:74:6f:ed
[  169.102862] mwifiex_sdio mmc2:0001:1: info: associated to bssid b4:a5:ef:74:6f:ed successfully
[  169.141209] IPv6: ADDRCONF(NETDEV_CHANGE): mlan0: link becomes ready
[  169.146824] mwifiex_sdio mmc2:0001:1: CMD_RESP: cmd 0x23f error, result=0x2
[  269.531008] mwifiex_sdio mmc2:0001:1: CMD_RESP: cmd 0x23f error, result=0x2
[ 1320.659556] regulator regulator.41: reg 0xf enable ok after 1 tries

they seem a driver errors that may block the data transmission. Do you think the same ? Despite this,my wi-fi connection Works great.
 
its not the driver
but somehow the masquerading rule is missing

you should have something like this
Code: 
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all  --  any    mlan0     anywhere             anywhere
for the output of iptables -L -v -t nat
 
Is this the command that I should issue to apply the masquerading rule ?

iptables -t nat -A POSTROUTING -o mlan0 -j MASQUERADE
 
Code: 
# iptables -t nat -A POSTROUTING -o mlan0 -j MASQUERADE

# iptables -L -v -t nat

# Warning: iptables-legacy tables present, use iptables-legacy to see them 
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) 
 pkts bytes target     prot opt in     out     source               destination          

Chain INPUT (policy ACCEPT 0 packets, 0 bytes) 
 pkts bytes target     prot opt in     out     source               destination          

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) 
 pkts bytes target     prot opt in     out     source               destination          

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) 
 pkts bytes target     prot opt in     out     source               destination          
    1   120 MASQUERADE  all  --  any    mlan0   anywhere             anywhere
 
Status
Not open for further replies.
Back
Top