Access Point problem or not????

[Gilberto Ferreira]

Hi folks

I'm in big trouble here ...

I have two Access Point that is connecting two buildings and interconnected LAN .

My network gateway is 192 168 200 250 , which is Zentyal .

Within the AP 's, which has IP 192 168 200 241 192 168 200 242 and , respectively , is set the gateway IP Zentyal , ie 192 168 200 250 .

The equipment that is behind these APs can catch the Zentyal Server 's IP , the DHCP him .

But they do not drip on Zentyal do not resolve DNS Zentyal , not surf the web nor access the SAMBA .

I wonder if it's something with Zentyal . Apparently so , because the network had another server with Ubuntu and everything worked right! !

In Zentyal , the console , I see this warning :

Mar 5 14:04:22 server kernel : [ 48681.435315 ] Zentyal firewall drop - IN = eth0 OUT = MAC = 96:33:56 : e5 : 6d : ae : 08:10:74:3 e: 5c : 92:08 : 00 SRC = 192.168.200.14 DST = 192 168 200 250 LEN = 73 TOS = 0x00 PREC = 0x00 TTL = 128 ID = 12364 PROTO = UDP SPT = 54908 DPT = 53 LEN = 53 = 0x1 MARK

See that he is dropping the connection on port 53 ( BIND - DNS ) coming from the ip 192.168.200.14 that is behind these AP ` s .

I have created rules to release the AP 's IP 192.168.200.14 but nothing !

I need your help ....


Thanks

[Gilberto Ferreira]

Well

I figured out whats happen here...

Behind Access Point, I have some machines. But when I run arp -n command, the IP from that machines, match to MAC address setting on Access Point...

So, I believe that Zentyal build a iptable rules that block spoofing or something, because some IP's that are behind Access Point arrive on Zentyal with other mac than the original...

Like this:

fdrop      all  --  192.168.200.14       0.0.0.0/0            MAC ! 00:18:F3:1D:B1:E5

But I see that this MAC address belong to Access Point that IP 192.168.200.14 is behind it...

I don't know how can I solve this issue!

Some one can help, please??

Thanks a lot

[christian]

If you do not explain how your access points are configured, helping will be very difficult.
My guess is that you have not configure it as gateway therefore Zentyal (or whatever other equipment on you main network has to find a route to 192.168.200.x device that is behind 192.168.200.241 while setting up gateway here will make the AP transparent.
Otherwise, you have to define specify IP range for each AP with no overlap. 

[Gilberto Ferreira]

If you do not explain how your access points are configured, helping will be very difficult.
My guess is that you have not configure it as gateway therefore Zentyal (or whatever other equipment on you main network has to find a route to 192.168.200.x device that is behind 192.168.200.241 while setting up gateway here will make the AP transparent.
Otherwise, you have to define specify IP range for each AP with no overlap. 

OK... Sorry... My falt...

I have two AP: lets say AP01 and AP02.

AP stands for Access Point, just to be clear! =)

So, AP01 is placed nearby Zentyal Server... AP02 is placed on other build, and was configurated as Infrastructure mode ( acting like Bridge, I guest)... Both, has IP configured manually ( NOT DHCP from Zentyal).

Machines behind AP02 takes IP from DHCP but can ping or even access Samba installed on Zentyal Server... And even resolved names in order to use Internet...

That's it!

Thanks

[Gilberto Ferreira]

Just to complement....

Someone here on Portuguese Forum, suggest me to set IP over DHCP on AP02...

Perhaps this can help?

Thanks

[christian]

Someone here on Portuguese Forum, suggest me to set IP over DHCP on AP02...
Perhaps this can help?

Not that much.
I don't understand what "set IP over DHCP" means
I don't understand what, at the end, your problem is.
In first point, you said you can't resolve names nor access Samba,

The equipment that is behind these APs can catch the Zentyal Server 's IP , the DHCP him .
But they do not drip on Zentyal do not resolve DNS Zentyal , not surf the web nor access the SAMBA .

While 2 posts later you explain the opposite

Machines behind AP02 takes IP from DHCP but can ping or even access Samba installed on Zentyal Server... And even resolved names in order to use Internet...

So I suppose there is something I don't understand 

[Gilberto Ferreira]

Someone here on Portuguese Forum, suggest me to set IP over DHCP on AP02...
Perhaps this can help?

Not that much.
I don't understand what "set IP over DHCP" means
I don't understand what, at the end, your problem is.
In first point, you said you can't resolve names nor access Samba,

The equipment that is behind these APs can catch the Zentyal Server 's IP , the DHCP him .
But they do not drip on Zentyal do not resolve DNS Zentyal , not surf the web nor access the SAMBA .

While 2 posts later you explain the opposite

Machines behind AP02 takes IP from DHCP but can ping or even access Samba installed on Zentyal Server... And even resolved names in order to use Internet...

So I suppose there is something I don't understand 

Ok... Let's break down!!!

Firewall Zentyal -> Acess Point 01 -> Access Point 02

Access Point 01 and Access Point 02 has fixed IP! You got it?
Access Point 01 was placed on same building where Zentyal Server was placed.

Both Access Point has fixed IP! No DHCP!!!!

Access Point 02 was placed in other building... And this AP was set up as Infrastructure Mode, and has it IP setup manually, I meant, fixed IP!!!

Machines behind Access Point 02, can get IP from Zentyal Server, through DHCP server!

Thoses machines can, after catch the IP, ping to other machines on some building and on other building, but is unable to ping to Zentyal Server, nor using the DNS server installed on Zentyal Server. If can using DNS Server from Zentyal, the machines behind Access Point 02 is unable to browse internet or samba shares...

Got it?

I hope make myself clear...

Thanks

[christian]

Well, I will have to give up because I realize I can't really help 
Despite all your exclamations marks, my understanding doesn't improve.
I'm confused because on one hand, it looks like your want to use wireless to inter-connect LAN, therefore using it in bridge mode while elsewhere you describe it as access point configured in infrastructure mode 

I'm definitely not wireless guru but as far as I know, at least on consumer grade products, you can't do both.

In case it help, have a look at this link.  (assuming my understanding of what you target is correct but I'm even not sure about this).

You may finally have more success asking your question in forum dedicated to wireless and network inter-connection.
From your problem description, it really looks like routing issue. You can show it trying to find route from any device, including Zentyal, to any device in the other building once IP address is allocated via DHCP.

[peterpugh]

I am not sure if this is the answer but I have made this mistake myself a couple of times.

I have connected the AP on its WAN port . The routing of the AP throws a wobbler into the system.

After some thought and a Doh!

I connected zentyal to a lan port on the AP.

Bypasses the router functionality and all goes well.

Is that the way you are doing it?

[Gilberto Ferreira]

@peterpugh

I'm using the LAN port... Otherwise the machines behind the Access Point do not get IP from DHCP server...

In fact, Access Point is connected on Switch LAN Port...

BTW, thanks for your answer...

[Gilberto Ferreira]

Well, I will have to give up because I realize I can't really help 
Despite all your exclamations marks, my understanding doesn't improve.
I'm confused because on one hand, it looks like your want to use wireless to inter-connect LAN, therefore using it in bridge mode while elsewhere you describe it as access point configured in infrastructure mode 

I'm definitely not wireless guru but as far as I know, at least on consumer grade products, you can't do both.

In case it help, have a look at this link.  (assuming my understanding of what you target is correct but I'm even not sure about this).

You may finally have more success asking your question in forum dedicated to wireless and network inter-connection.
From your problem description, it really looks like routing issue. You can show it trying to find route from any device, including Zentyal, to any device in the other building once IP address is allocated via DHCP.

Thanks for the link Christian... It will help....

[peterpugh]

I dunno Gilberto,

I think that is where maybe Christian is confused.

I think it might just be your router AP settings.

I just have cheap wifi broadband routers.

I don't really do anything have them setup as I say.

In fact I can't even remember if I bothered to setup AP mode.

I would check the internal settings make sure all the router items such as firewall and nat are turned off.

Its sort of plug and play. I thought.

If you get really stuck I am sure if you can gather more information Christian will crack it.
If he doesn't know then I am stuck.

All I can suggest is to go back to basics. Set up defaults and build up slowly.

Apols.

[Gilberto Ferreira]

Hi guys...

I'm stuck here!!!

I checked and rechecked all the configuration... From Access Point to Zentyal Firewall... Nothing wrong, so far...

I noted that if some machine is not registred on Network Object, and defined as Fixed Host on DHCP Server, that machine get a random IP from DHCP... And voilà! The machine can navegate over internet, access samba shares and so on...

But, when I resgister the same machine and put that machine into a Network Object, like RestrictAccess, the machine is able to get IP from DHCP server, but nothing works! Nor Internet Acces even access to Samba Shares.... The machine can send ping request to other machines on LAN but not to Zentyal Server...

Some screenshots to clearify what I try to say:

First screen show the Network Object... Ok.. I'm using Portuguese here...

But as you can see, I put the Name host, IP and MAC Address...

After that, on second screenshot, I put the Object as Fixed host on DHCP server...

So machine behind the Access Point acting as Bridge takes the same IP, all over the time...
But this machine can't go on and browse the internet or samba share... It's stuck!

But if I take off that machine from DHCP server and let the machine takes a random IP, everything works well...

This is a kind of mistery to me!...

Others machins on lan work properly...

Thanks for any help...

[peterpugh]

Gilberto can you send images of the dhcp scope?

plus static declarations, zentyal core and module versions.

You scope isn't overlapping your static addresses?

[Gilberto Ferreira]

Here we go!

The range IP for DHCP Server distribution is below range IP that was defined for fixed IP's...


Packages:

ii  bind9                                2:9.8.1.dfsg.P1-4ubuntu0.8+zentyal1     Internet Domain Name Server
ii  bind9-host                           2:9.8.1.dfsg.P1-4ubuntu0.8+zentyal1     Version of 'host' bundled with BIND 9.X
ii  bind9utils                           2:9.8.1.dfsg.P1-4ubuntu0.8+zentyal1     Utilities for BIND
ii  dnsutils                             2:9.8.1.dfsg.P1-4ubuntu0.8+zentyal1     Clients provided with BIND
ii  language-pack-zentyal-pt-br          3.3                                     Zentyal translations for language Portuguese (Brazil)
ii  libbind9-80                          2:9.8.1.dfsg.P1-4ubuntu0.8+zentyal1     BIND9 Shared Library used by BIND
ii  libdns81                             2:9.8.1.dfsg.P1-4ubuntu0.8+zentyal1     DNS Shared Library used by BIND
ii  libisc83                             2:9.8.1.dfsg.P1-4ubuntu0.8+zentyal1     ISC Shared Library used by BIND
ii  libisccc80                           2:9.8.1.dfsg.P1-4ubuntu0.8+zentyal1     Command Channel Library used by BIND
ii  libisccfg82                          2:9.8.1.dfsg.P1-4ubuntu0.8+zentyal1     Config File Handling Library used by BIND
ii  liblwres80                           2:9.8.1.dfsg.P1-4ubuntu0.8+zentyal1     Lightweight Resolver Library used by BIND
ii  libtrycatch-lite-perl                1.003001+zentyal4                       first class try catch semantics for Perl - lite version
ii  samba4                               4.1.4-zentyal2                          SMB/CIFS file, NT domain and active directory server (version 4)
ii  zentyal-antivirus                    3.3                                     Zentyal - Antivirus
ii  zentyal-ca                           3.3                                     Zentyal - Certification Authority
ii  zentyal-common                       3.3.1                                   Zentyal - Common Library
ii  zentyal-core                         3.3.4                                   Zentyal - Core
ii  zentyal-dhcp                         3.3                                     Zentyal - DHCP Service
ii  zentyal-dns                          3.3                                     Zentyal - DNS Service
ii  zentyal-firewall                     3.3.1                                   Zentyal - Firewall
ii  zentyal-monitor                      3.3                                     Zentyal - Monitor
ii  zentyal-network                      3.3                                     Zentyal - Network Configuration
ii  zentyal-ntp                          3.3                                     Zentyal - NTP Service
ii  zentyal-objects                      3.3.1                                   Zentyal - Network Objects
ii  zentyal-openvpn                      3.3                                     Zentyal - VPN Service
ii  zentyal-remoteservices               3.3.1                                   Zentyal - Cloud Client
ii  zentyal-samba                        3.3.3                                   Zentyal - File Sharing and Domain Services
ii  zentyal-services                     3.3                                     Zentyal - Network Services
ii  zentyal-software                     3.3.1                                   Zentyal - Software Management
ii  zentyal-squid                        3.3.2                                   Zentyal - HTTP Proxy (Cache and Filter)
ii  zentyal-users                        3.3.2                                   Zentyal - Users and Computers
ii  zentyal-webserver                    3.3                                     Zentyal - Web Server


Thanks