Accessing internet from device connected to AP

bgaurav1718 · ‎10-31-2023

I have two interfaces uap0 and eth0 in my iMX8MPEVK. uap0 acts as an access point for other devices to connect to this device. eth0 interface is connected to my router. And my router is connected to internet.

Details about the interfaces:

uap0 - 172.24.100.1/24
DHCP range for devices connecting to AP: 172.24.100.50 - 172.24.100.100

eth0 - 192.168.1.26/24
Router's IP (which is gateway): 192.168.1.253

route add default gw 192.68.1.253 since this is the router's IP. I tried with 172.24.100.1 as well. But it also didn't work.

I have allowed ipv4 forwarding in sysctl.conf file. I have also added following entries to the iptables:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o uap0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i uap0 -o eth0 -j ACCEPT

Ping results:

ping 172.24.100.50 -I uap0 ---> Success (.50 is one of the devices connected to AP)
ping 8.8.8.8 -I uap0 ---> Failure
ping 192.168.1.26 -I uap0 ---> Failure
ping 172.24.100.1 -I eth0 ---> Failure

Whenever I have a device connected to AP, there is no internet access in the device. Almost every solution I have gone through in the web recommends to add entries to the iptables which I have already done.

I had implemented AP+STA mode in Raspberry Pi previously. I had to configure dnsmasq and hostapd in RPi. But since this is a minimal linux system, I don't have the dnsmasq preinstalled. Also, package managers don't work as expected.

Network diagram as per my current setup:

Current Network Setup.png

The green part is the EVK.

Output of iptables-save:

Output of iptables-save.png

Output of sysctl:

bgaurav1718 · ‎11-12-2023

Thank you for the response.
My current setup requires the devices connected to the AP to have address in the subnet 172.24.X.X. As you mentioned, I changed the uap0 interface's address to the same subnet as that of eth0(i.e 192.168.1.X). I also set the udhcpd.conf to allocate addresses in the range of 172.24.100.50-172.24.100.100. But there is no internet access yet.
The iptables settings are fine.

I tried bridging method as well and this method works.

I am now guessing that using different subnet doesn't work in this device.

Christine_Li · ‎11-13-2023

Hi, @bgaurav1718

Yes, we have to make sure they are in one subnet. Otherwise, they could not ping each other.

Do you have any other queries on this thread?

If no, would you mind help to close this ticket?

Thank you so much and have a nice day~

Best regards,

Christine.

bgaurav1718 · ‎11-13-2023

I actually found that in the current system, the eth0(connected to internet) and uap0(access point interface) don't ping each other. But the devices connecting to AP can access internet.

So, it seems to me that the interfaces don't need to ping each other. The only adjustments made for internet connectivity were in the iptables and ip forwarding.
But trying the similar approach doesn't work in case of iMX SoC. Is there anything you recommend me to work on to solve this problem?

Christine_Li · ‎11-14-2023

Hi， @bgaurav1718

As I mentioned before, please refer to my previous attachment: AP Configurations Based On 88W8987 of iMX8MN-EVK And L5.4.70_2.3.0.pdf to configure 88W8997 on i.MX8MPlus to Access Point.

It was our detailed test steps and test results and we had verified it works fine.

After reading this document, and if you still have other query, we can discuss further.

Best regards,

Christine.

Christine_Li · ‎10-31-2023

Hi, @bgaurav1718

I think you are using eth0 as the internet source for uap0. Then uap0 can access to internet.

So you should make sure eth0 and uap0 are in one subnet.

It means, uap0 should also use 192.168.xx.xx, otherwise, they can not ping successfully.

Please follow attached guide to configure AP.

If still have any problem, we can discuss further.

Best regards,

Christine.

bgaurav1718 · ‎06-11-2024

@Christine_Li

I tried the exact method mentioned in the attached document and I still cannot access the Internet. The client devices seem to request for services from the Internet but the device responds unreachable. I have attached a snippet of output from tcpdump below:

01:53:41.901331 IP 172.24.100.5.41720 > nrt12s47-in-f10.1e100.net.https: Flags [S], seq 332091786, win 65535, options [mss 1460,sackOK,TS val 2069380644 ecr 0,nop,wscale 9], length 0

01:53:41.934260 IP 172.24.100.5.43714 > server-18-172-31-104.nrt20.r.cloudfront.net.https: Flags [S], seq 3938392598, win 65535, options [mss 1460,sackOK,TS val 1154171877 ecr 0,nop,wscale 9], length 0

01:53:41.963676 IP 172.24.100.1 > 172.24.100.5: ICMP host server-18-172-31-104.nrt20.r.cloudfront.net unreachable, length 68

Also, I noticed the document is based on 88w8987 WiFi modules. But I have an iw612 based WiFi module. Could this be the reason for difference in the results?

After doing some digging in the web, I found following article, from Toradex where it is said:

Toradex's provided Kernel configurations are insufficient for configuring NAT, thus it is important to add and enable the required kernel configs. For this, you can use the menuconfig

Is it necessary to do same with the board I have?

Christine_Li · ‎06-11-2024

Hi, @bgaurav1718

Thanks for you reply.

This thread is too old, it is from last year. The case related to this thread has been closed in our SFDC system.

Please help to create a new case to us, we will provide support for sure. To better understand the history, you can mention it is related to this thread.

Sorry for the inconvenience.

Best regards,

Christine.

bgaurav1718 · ‎06-11-2024

@Christine_Li

The discussion for this issue is continued here.