Forwarding problem (DNS)

wlanmac wlan at mac.com
Fri Nov 7 05:28:36 UTC 2008 

What do your iptables rules look like during this test?

David


On Thu, 2008-11-06 at 22:54 +0100, Oliver Hinckel wrote:
> Hello,
> 
> we have setup multiple accesspoints using Chilli. Our clients gets a 
> nameserver somewhere in the network, everything works fine.
> 
> Now we thought about to use dnsmasq on the access points directly to 
> save some network traffic. We changed the chilli.conf dns1 & dns2 
> setting to use the IP address of the access point running chilli itself.
> 
> In case a client authenticates successfully, it'll get an IP address 
> assigned from chilli and will also get the IP address for the DNS server 
> which is the access point's IP. When the client now tries to resolve a 
> domain name, then DNS request will never be answered and resolving 
> domain names will fail (no response).
> 
> First of all, we thought about a firewall problem, but the firewall 
> doesn't list some packets which are dropped. After this we started 
> chilli in debug mode to see what's going on on the network.
> 
> In an older version we saw the following when doing a sime ping to an 
> outside IP address:
> 
> chilli.c: 2530: 0 (Success) cb_dhcp_data_ind. Packet received. DHCP 
> authstate: 2
> chilli.c: 1120: 0 (Success) cb_tun_ind. Packet received: Forwarding to 
> link layer
> chilli.c: 2530: 0 (Success) cb_dhcp_data_ind. Packet received. DHCP 
> authstate: 2
> chilli.c: 1120: 0 (Success) cb_tun_ind. Packet received: Forwarding to 
> link layer
> 
> As you can see, chilli reports that the packed was forwared to the link 
> layer. When doing a "nslookup somedomain.com" on the client the output 
> was this:
> 
> chilli.c: 2530: 0 (Success) cb_dhcp_data_ind. Packet received. DHCP 
> authstate: 2
> chilli.c: 2530: 0 (Success) cb_dhcp_data_ind. Packet received. DHCP 
> authstate: 2
> 
> No message "Forwarding to link layer" is logged. So I assumed that 
> chilli get the DNS packet and drops it.
> 
> After that we tried to use a newer chilli version. I downloaded coova 
> chilli 1.0.12, compiled it and installed it on the access point. Same 
> scenario as described about and we'll get the following messages when 
> doing a "nslookup somedomain.com" on the client:
> 
> dhcp.c: 1835: 0 (Debug) DHCP packet received
> dhcp.c: 1865: 0 (Debug) Address found
> chilli.c: 117: 0 (Debug) Leaky bucket timediff: 420, bucketup: 0, 
> bucketdown: 100, up: 69, down: 0
> 
> After a short period, this messages repeats again. No more messages. 
> When doing a simple ping to an outside IP address chilli logs the following:
> 
> dhcp.c: 1835: 0 (Debug) DHCP packet received
> dhcp.c: 1865: 0 (Debug) Address found
> chilli.c: 117: 0 (Debug) Leaky bucket timediff: 5, bucketup: 98, 
> bucketdown: 84, up: 98, down: 0
> chilli.c: 117: 0 (Debug) Leaky bucket timediff: 1, bucketup: 98, 
> bucketdown: 0, up: 0, down: 84
> 
> So the problem is, that when using the access points IP (we tried the 
> tun0 IP address and we tried the LAN IP address, both with same result), 
> the DNS lookup will fail. When using an other DNS server (e.g. some 
> public one) DNS lookup works fine.
> 
> Can anybody shed some light on it, why DNS lookup will fail when using 
> the access point's IP address as DNS server?
> 
> Thanks for your help!
> 
> Kind regards
> Oliver Hinckel
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: chilli-unsubscribe at coova.org
> For additional commands, e-mail: chilli-help at coova.org
> Wiki: http://coova.org/wiki/index.php/CoovaChilli
> Forum: http://coova.org/phpBB3/viewforum.php?f=4
>

More information about the Chilli mailing list