Modify

Opened 2 years ago

Last modified 2 years ago

#21377 new defect

DD Bleeding Edge r47884 - "option isolate 1" doesn't work

Reported by: etadex386@… Owned by: developers
Priority: normal Milestone: Designated Driver (Trunk)
Component: base system Version: Trunk
Keywords: Cc:

Description

fresh install of OpenWRT Designated Driver Bleeding Edge r47884
"option isolate 1" is present in the /etc/config/wireless in "config wifi-iface" section.

When connected to that network, ping of other clients and everything else associated with data exchange is possible without any problems or restrictions.Setting "option isolate" to 0 hoping it's just reversed didn't show any results either.

Attachments (0)

Change History (5)

comment:1 follow-up: Changed 2 years ago by jow

Did you also set the lan zone forward firewall policy to reject?

comment:2 in reply to: ↑ 1 Changed 2 years ago by Anton Rotanov

Replying to jow:

Did you also set the lan zone forward firewall policy to reject?

config zone
option name lan
list network 'lan'
option input accept
option output accept
option forward accept

In the past I didn't set the forward rule to reject, just added isolate 1 and it worked, not the firewall has #1 priority?
I am not sure how setting this to reject will affect my local network.Thing is - I have ethernet lan, and two wifi networks, in one of them I want to limit client connectivity to "only internet, no lan at all".Previously isolate option was perfect for this, and I didn't have to set forward to reject.
If I set it to reject, won't it break my ethernet and other wifi lan connectivity? I need clients to communicate with each other there.

comment:3 follow-ups: Changed 2 years ago by linus.luessing@…

Could you post the complete content of the following files when you have the isolate option set in your UCI wireless config, please?

  • /etc/config/network
  • /etc/config/wireless
  • /sys/class/net/<wifi-ap>/brport/hairpin_mode
  • /sys/class/net/<wifi-ap>/brport/multicast_to_unicast
  • /tmp/run/hostapd-<wifi-ap-phy>.conf

Cheers

comment:4 in reply to: ↑ 3 Changed 2 years ago by Anton Rotanov

Replying to linus.luessing@…:

Could you post the complete content of the following files when you have the isolate option set in your UCI wireless config, please?
Cheers


  • /etc/config/network
config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd78:9a93:e4b3::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option ifname 'eth1'
        option proto 'dhcp'

config interface 'wan6'
        option ifname 'eth1'
        option proto 'pppoe'
        option username 'myusername'
        option password 'mypassword'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 0'
  • /etc/config/wireless
config wifi-device  radio0
        option type     mac80211
        option channel  1
        option hwmode   11g
        option path     'platform/ar933x_wmac'
        option htmode   HT40
        option noscan   1
        # REMOVE THIS LINE TO ENABLE WIFI:
        option disabled 0

#this is the wifi network in which want clients to be isolated (for friends of the company)
config wifi-iface
        option device   radio0
        option network  lan
        option mode     ap
        option ssid     real
        option encryption       psk2
        option key      password
        option isolate  1

#this is wifi network in which clients should communicate with each other (internal company network)     
config wifi-iface
        option device   radio0
        option network  lan
        option mode     ap
        option ssid     real_internal
        option encryption       psk2
        option key      password
  • /sys/class/net/<wifi-ap>/brport/hairpin_mode

when I use "ls" in "cd /sys/class/net/", I see

root@OpenWrt:/sys/class/net# cd /sys/class/net/
root@OpenWrt:/sys/class/net# ls
br-lan      eth0        eth1        lo          pppoe-wan6  wlan0       wlan0-1
root@OpenWrt:/sys/class/net#

and when I try to read what you asked with "vi"

1
~
...
can't read '/sys/class/net/wlan0-1/brport/hairpin_mode'

I tried to get smart and used "cat" since I'm a noob but with a hope to progress...

root@OpenWrt:~# cat /sys/class/net/wlan0/brport/hairpin_mode
0
root@OpenWrt:~#
root@OpenWrt:/sys/class/net# cat /sys/class/net/wlan0-1/brport/hairpin_mode
1
root@OpenWrt:/sys/class/net#

I hope it tells you something.

  • /sys/class/net/<wifi-ap>/brport/multicast_to_unicast
root@OpenWrt:~# cat /sys/class/net/wlan0/brport/multicast_to_unicast
1
root@OpenWrt:~#
root@OpenWrt:~# cat /sys/class/net/wlan0-1/brport/multicast_to_unicast
1
root@OpenWrt:~#
  • /tmp/run/hostapd-<wifi-ap-phy>.conf
driver=nl80211
logger_syslog=127
logger_syslog_level=2
logger_stdout=127
logger_stdout_level=2
hw_mode=g
channel=1

noscan=1
ieee80211n=1
ht_coex=0
ht_capab=[HT40+][SHORT-GI-20][SHORT-GI-40][RX-STBC1][DSSS_CCK-40]

interface=wlan0
ctrl_interface=/var/run/hostapd
ap_isolate=1
disassoc_low_ack=1
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
wpa_passphrase=qwertyuiop
auth_algs=1
wpa=2
wpa_pairwise=CCMP
ssid=real
bridge=br-lan
wpa_key_mgmt=WPA-PSK
okc=0
disable_pmksa_caching=1
wds_sta=1
bssid=c0:4a:00:32:8c:92


bss=wlan0-1
ctrl_interface=/var/run/hostapd
ap_isolate=1
disassoc_low_ack=1
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
wpa_passphrase=asdfghjklzxcvbnm
auth_algs=1
wpa=2
wpa_pairwise=CCMP
ssid=real_internal
bridge=br-lan
wpa_key_mgmt=WPA-PSK
okc=0
disable_pmksa_caching=1
wds_sta=1
bssid=c2:4a:00:32:8c:92


- hostapd-phy0.conf 55/55 100%

comment:5 in reply to: ↑ 3 Changed 2 years ago by anonymous

Replying to linus.luessing@…:

Could you post the complete content of the following files when you have the isolate option set in your UCI wireless config, please?

  • /etc/config/network
  • /etc/config/wireless
  • /sys/class/net/<wifi-ap>/brport/hairpin_mode
  • /sys/class/net/<wifi-ap>/brport/multicast_to_unicast
  • /tmp/run/hostapd-<wifi-ap-phy>.conf

Cheers

Oh, and btw I upgraded to r48005 but isolation still not working.Those configs were from 48005.

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.