1


I'm trying to set up an access point with my Pi 3 in order to capture and analyze traffic in a domestic network. I also have connected a Philips Hue bridge to the Raspberry via ehternet. The raspberry here simulates a standard wifi router.

At the moment, both my laptop and the bridge seem to be connected to the network (192.168.4.0/24) with IPs 192.168.4.16 and 192.168.4.12 respectively. I can ping the bridge from my raspberry, but I cannot ping my laptop which is connected via the wlan0 interface even though it has an IP assigned. I cannot ping my raspberry from my laptop either.

         ---------
        |         | -> NIC1              ------> WiFi AP (pi-ap) (192.168.4.0/24)
        |         |    (wlan0 - 192.168.4.1/24)
        | PI      |                                       ------------
        |         | -> NIC2              -------> NIC1   | HUE bridge | 
         ---------     (eth0 - 192.168.4.2/24)            ------------
                                                         (eth0 - 192.168.4.12/24)

This is my /etc/dhcpcd.conf:

interface wlan0
static ip_address=192.168.4.1/24

interface eth0
static ip_address=192.168.4.2/24

net.ipv4.ip_forward is enabled in /etc/sysctl.conf

I have this in my /etc/dnsmasq.conf:

interface=wlan0
dhcp-range=192.168.4.10,192.168.4.20,255.255.255.0,24h

interface=eth0
dhcp-range 192.168.4.3,192.168.4.5,255.255.255.0,24h

And this is my /etc/hostapd/hostapd.conf

interface=wlan0
driver=nl80211
ssid=pi-ap
hw_mode=g
channel=7
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=raspberry123
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pariwise=CCMP

I updated my iptables with an ACCEPT ALL policy to ensure no traffic is being blocked:

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

How can't I ping between the raspberry and the laptop if it is connected to the network and has an IP assigned? Am I missing any configuration?

Edit: I think it might be a routing issue. If I run route -n in my raspberry the result is:

Destination    Gateway    Genmask        Flags Metric Ref Use    Iface
192.168.4.0    0.0.0.0    255.255.255.0  U     202    0   0      eth0
192.168.4.0    0.0.0.0    255.255.255.0  U     303    0   0      wlan0

Do I need to add or modify something to the routing table?

ahernandezmiro
  • 13
  • 1
  • 4

1 Answers1

1

I'm using systemd-networkd, so I'm not so familiar with your configuration. But there are some general issues that should be mentioned. You have enabled ip forwarding. This is for routing. But all your interfaces are on the same subnet 192.168.4.0/24, even eth0 and wlan0 on your raspi. This can only be done with bridging. So you have to decide in general what to do: bridging or routing.

For routing you have to reconfigure your network into at least two subnets, one subnet for eth0 and one different subnet for wlan0. Look here for Using the Raspberry Pi as a Router.

Simple bridging on OSI Layer 2 between ethernet and wifi does not work on a Raspberry Pi because lack of WDS (Wireless Distribution System) and limitations in 4addr. You have to use workarounds for a Raspberry Pi WiFi to Ethernet Bridge.

Ingo
  • 40,606
  • 15
  • 76
  • 189
  • Thanks for your reply. I ended setting up a bridge br0 between eth0 and wlan0, giving it a static IP and setting up dhcp service through br0. – ahernandezmiro Apr 29 '18 at 20:26
  • Interesting but I don't really understand it. On a bridge you don't need ip addresses to work. Maybe you have found another workaround? Can you test `sudo iw dev wlan0 set 4addr on` and then add `wlan0` to the bridge? Is there an error message? – Ingo Apr 30 '18 at 08:37
  • I don't think the ip address is necessary here, I just assigned it so I can log into the raspi through ssh – ahernandezmiro May 01 '18 at 12:34