Réseau Libre/ documentation/ batman/ discussion
  1. Bug with 3 hop setup and OpenWRT outside of main bridge
  2. Bug with regular ad-hoc access mode
    1. First test: trying to fix the firewall
    2. Second test: trying to fix the bridge
    3. Third test: dropping the firewall
  3. Problèmes sur Debian

Bug with 3 hop setup and OpenWRT outside of main bridge

With a previous configuration, I cannot ping the third hop in a three-hop relay. In my test setup, my laptop (angela, 192.168.3.44) is connected through the mesh to a Linksys AP (?carton, 192.168.3.99), which is strong enough to reach the Bullet on my roof (?boulette, 192.168.3.90).

?carton is configured to have batman outside of the main bridge, br-lan. In effect, I have skipped the following instructions:

uci set batman-adv.bat0.interfaces="wlan0 br-lan"
uci set network.lan.ifname="eth0 bat0"

.. and I have assigned an IP to the bat0 interface. carton can ping boulette, and angela can ping carton, but not boulette. I get Destination port unreachable, I assume because of that nasty firewall, because I see ARP requests go through fine. --anarcat

anarcat, je n'ai pas 3 noeuds pour faire des tests de pings avec plusieurs hop. Cependant, j'ai trouve ceci dans la doc batman-adv, qui parle de ICMP avec batman-adv:

http://www.open-mesh.org/wiki/batman-adv/Understand-your-batman-adv-network/#ICMP

Fais-tu tes tests avec un ping IP normal, ou avec batctl?

Aussi interessant: http://www.open-mesh.org/wiki/batman-adv/Troubleshooting#Does-a-ping-to-the-other-node-via-the-mesh-work

--spoked

This works now, the problem was I was trying to live outside the main bridge: don't try, you will fail. --anarcat

Interesting. In my tests, I'm also "living outside the main bridge", but I don't have equipment to test another hop. Did you try batctl ping, before adding br-lan to batman interfaces? -- spoked

Yes, I did: batman ping works. --anarcat

Bug with regular ad-hoc access mode

So we can still reproduce the above bug with the complete configuration, probably even the howto, by trying to connect to the AP with ad-hoc, without Batman. This could be useful for regular people or mobile devices, for example.

Configuration:

  1. configure an AP far away, named boulette (192.168.3.90)
  2. configure a powerful AP that can reach boulette, named carton (192.168.3.99)
  3. do basic ad-hoc and ip configuration on a laptop, named angela, which can't reach boulette directly but can reach carton
    • adhoc: iwconfig wlan0 essid mesh-mtl channel 6 ap 02:51:48:72:03:11
    • ip: 192.168.3.42

Expected results:

  • carton pings boulette
  • angela pings carton
  • angela pings boulette through carton

Actual results:

  • carton pings boulette (./)
  • angela pings carton (./)
  • angela can't ping boulette [!] the carton returns Destination port unreachable

So it looks like the firewall on carton is kicking in. Note that angela can ping boulette if it joins the mesh with a batman configuration. --anarcat

First test: trying to fix the firewall

following the routedap guide in the openwrt wiki

uci set network.wifi=interface
uci set network.wifi.proto=static
uci set network.wifi.ipaddr=192.168.2.1
uci set network.wifi.netmask=255.255.255.0
uci set wireless.@wifi-iface[0].network=wifi

make sure the IP is different from all the others

fix the firewall:

uci add firewall zone
uci set firewall.@zone[2].name=wifi
uci set firewall.@zone[2].network=wifi
uci set firewall.@zone[2].input=ACCEPT
uci set firewall.@zone[2].output=ACCEPT
uci set firewall.@zone[2].forward=REJECT

uci add firewall forwarding
uci set firewall.@forwarding[1].src=wifi
uci set firewall.@forwarding[1].dest=lan
uci commit
ifup wifi
wifi
/etc/init.d/firewall restart

the above yields some warnings:

iptables: No chain/target/match by that name.
iptables v1.4.10: Couldn't load target `zone_wifi':File not found

Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.10: Couldn't load target `zone_wifi_forward':File not found

Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.10: Couldn't load target `zone_wifi_prerouting':File not found

Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.10: Couldn't load target `zone_wifi_notrack':File not found

Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.10: Couldn't load target `zone_wifi_nat':File not found

optional DHCP config:

uci set dhcp.wifi=dhcp
uci set dhcp.wifi.interface=wifi
uci set dhcp.wifi.start=100
uci set dhcp.wifi.limit=150
uci set dhcp.wifi.leasetime=12h
uci commit
/etc/init.d/dnsmasq restart

unfortunately, this breaks batman.

Second test: trying to fix the bridge

Reverting the segregation of the lan/wifi interfaces:

uci set wireless.@wifi-iface[0].network=lan
uci set batman-adv.bat0.interfaces="br-lan"
uci set network.lan.ifname="eth0.0"

This basically bricks the device. I then can't reach it on either the wired or wireless port, with or without batman. batman pings don't even work. --anarcat

Third test: dropping the firewall

This is the way to do it, apparently: see the services page.

Problèmes sur Debian

J'essaie d'installer BATMAN sur mon laptop Debian (pour les tests), il y a une étape qui manque, clairement dans la configuration IP. Il y a un lien pour configurer ça, mais c'est sur OpenWRT (uci). Ça serait bien d'avoir un guide plus complet là-dessus, j'ai cherché longtemps, rien trouvé. --gboudrias

C'est quoi le problème avec la config qui manque? Est-ce que tu as fait la configuration manuelle indiquée plus bas? Si oui, il suffit ensuite de suivre ip... anarcat

Le problème est que ip n'as pas de section Debian. Ça peut paraître simple comme ça, mais j'ai essayé de faire l'équivalent sur Debian, sans succès. --gboudrias