2018-03-29-ubuntu-16.04-mate-desktop-bpi-r2

Hello

Now I try 2018-03-29-ubuntu-16.04-mate-desktop-bpi-r2 It was good. I was remove Network-manager. I think it was still good.

But today, it’s don’t work and i don’t understand why.

My dhcp server see the mac address of the bpi-r2. The server gives the address and the bpi-r2 does not take it. The server thinks it’s good, it memorizes the address.

If I put manualy a address, the bpi-r2 don’t see the network !

How-do the file interfaces !

[root@localhost root]# grep -v \# /mnt/sdb2/etc/network/interfaces
source-directory /etc/network/interfaces.d
auto lo
iface lo inet loopback

auto eth1
iface eth1 inet manual
  pre-up ip link set $IFACE up
  post-down ip link set $IFACE down

auto wlan0
iface wlan0 inet static
  address 192.168.1.10
  netmask 255.255.255.0
  gateway 192.168.1.1

auto eth0
iface eth0 inet manual
  pre-up ip link set $IFACE up
  post-down ip link set $IFACE down

auto br0
iface br0 inet static
  address 192.168.40.1
  netmask 255.255.255.0
  bridge_ports lan0 lan1 lan2 lan3
  bridge_fd 5
  bridge_stp no
  gateway 192.168.1.1

I have remove br0, I have changed wlan0 in dhcp, nothing…

You cannot use wlan0/ap0 from internal wifi in interfaces because it is created after interfaces-file is applied.

You have to manual configure device (bring up,dhclient -r) after device is created. Have not done dhcp-client manually (i use only ap)

It’s good yes. This is how I got there

I was not sure that’s wlan0 in a Wifi-Lan, but no the World-Lan ?
But, if I remove lan0 from bridge and put lan0 in dhcp, the network it good. wlan0 is the problem.
iwconfig say wlan0 has no wireless extension.
network-admin say it’s a wired connection. network-admin see only lan0-3, wlan, eth0-1, and a point to point connection. Where is the World-lan ? What is is name ?

“ip a” found :

4: wan@eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop switchid 00000000 state DOWN group default qlen 1000
    link/ether b6:94:f2:91:65:7c brd ff:ff:ff:ff:ff:ff

I try this :

auto wan
allow-hotplug wan	
  iface wan inet dhcp
  pre-up ip link set $IFACE address 32:D1:55:7D:03:39 up

And it’s good. network-admin don’t see wan ! Why ?

This lines was the problem :

   #hwaddress ether 32:D1:55:7D:03:39
   #post-down ip link set $IFACE down

I have a question where put the activation of eth0 and eth1. And why ? I see

  • wan need only the eth1.
  • br0 need eth0 or eth1. why ?

Later, I will work WiFi. Since I have remove Network-Manager, I think that’s it’s don’t work. Now, I go to work.

thank’s for your help.

br0 is a software-bridge that only needs the bridged-ports and their depencies (eth0/1). if you create a bridge without bridge-ports nothing else is needed. What do you try with the bridge? if you put a port in the bridge, config has to be done on the bridge and not on the client-interface (remove it)

we know that wlan-driver is buggy…have you only wlan0 or wlan1/ap0 in “ip a”? Network-Manager has Problems with the buggy wifi-driver…

commented lines are no Problem…that’s why they are commented :wink: to deactivate them.

but what ist state of eth1 in ip a?

it’s hard to help with such few information…

again,

  • what do you try to do (ap/client)
  • which kernel (uname -a)
  • complete config (check if interfaces is used…maybe networkd is running and your interfaces is ignored)
  • logs, logs, logs
  • and full “ip a”

I try to do :
World => modem => bpi-R2 => lan with wifi and RJ45. I do not trust the modem. Before, I did that with a raspberry pi2.

My kernel (your)

root@bpi-iot-ros-ai:~# uname -a
Linux bpi-iot-ros-ai 4.14.79-bpi-r2-main #1 SMP Mon Nov 5 19:42:56 UTC 2018 armv7l armv7l armv7l GNU/Linux

Now, I try only to test the network. After, I will configure the firewall, gateway and servers on the bpi-r2.

My config :

root@bpi-iot-ros-ai:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether d6:b2:a8:ef:53:eb brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 3a:81:b4:2f:41:a2 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::3881:b4ff:fe2f:41a2/64 scope link 
       valid_lft forever preferred_lft forever
4: wan@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue switchid 00000000 state UP group default qlen 1000
    link/ether 32:d1:55:7d:03:39 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.10/24 brd 192.168.1.255 scope global wan
       valid_lft forever preferred_lft forever
    inet6 2a01:cb14:aba:d900:30d1:55ff:fe7d:339/64 scope global mngtmpaddr dynamic 
       valid_lft 1754sec preferred_lft 554sec
    inet6 fe80::30d1:55ff:fe7d:339/64 scope link 
       valid_lft forever preferred_lft forever
5: lan0@eth0: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop master br0 switchid 00000000 state DOWN group default qlen 1000
    link/ether d6:b2:a8:ef:53:eb brd ff:ff:ff:ff:ff:ff
6: lan1@eth0: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop master br0 switchid 00000000 state DOWN group default qlen 1000
    link/ether d6:b2:a8:ef:53:eb brd ff:ff:ff:ff:ff:ff
7: lan2@eth0: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop master br0 switchid 00000000 state DOWN group default qlen 1000
    link/ether d6:b2:a8:ef:53:eb brd ff:ff:ff:ff:ff:ff
8: lan3@eth0: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop master br0 switchid 00000000 state DOWN group default qlen 1000
    link/ether d6:b2:a8:ef:53:eb brd ff:ff:ff:ff:ff:ff
9: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether d6:b2:a8:ef:53:eb brd ff:ff:ff:ff:ff:ff
    inet 192.168.40.1/24 brd 192.168.40.255 scope global br0
       valid_lft forever preferred_lft forever
10: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 00:08:22:7c:1e:fc brd ff:ff:ff:ff:ff:ff
11: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:4e:f8:79:c2 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 scope global docker0
       valid_lft forever preferred_lft forever
root@bpi-iot-ros-ai:~# iwconfig
wlan0     no wireless extensions.

lan1      no wireless extensions.

lo        no wireless extensions.

wan       no wireless extensions.

eth1      no wireless extensions.

br0       no wireless extensions.

lan3      no wireless extensions.

lan2      no wireless extensions.

docker0   no wireless extensions.

lan0      no wireless extensions.

eth0      no wireless extensions.

And I have to many logs… What do you want ?

And how give you the complete config ?

Your br0 is down and has no assigned ports. Also eth0 is down (for lan-ports).

Try:

ip link set eth0 up
brctl addif br0 lan0 #for other ports repeat this step,but start with 1
ip link set br0 up

Please try to 1 thing work and then another…so first ethernet and if that works wifi…

Your complete interfaces will be interesting

OK. I have no time for tested eth and the bridge now.

root@bpi-iot-ros-ai:~# ip link set eth0 up
root@bpi-iot-ros-ai:~# brctl addif br0 lan0
device lan0 is already a member of a bridge; can't enslave it to bridge br0.
root@bpi-iot-ros-ai:~# ip link set br0 up
root@bpi-iot-ros-ai:~# brctl addif br0 lan1
device lan1 is already a member of a bridge; can't enslave it to bridge br0.

Yes, I try after the Wifi. I don’t know who give you my complete interfaces. What do you want ? Now, I have :

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether d6:b2:a8:ef:53:eb brd ff:ff:ff:ff:ff:ff
    inet6 fe80::d4b2:a8ff:feef:53eb/64 scope link 
       valid_lft forever preferred_lft forever

Have you tried traffic over lan0 to r2 after bring eth0 and br0 up?

I mean your /etc/network/interfaces file

Now, my bpi-r2 is between my computer and the world. My computer is connected to br0 and the network is in wan. The bpi-r2 has a bind9 and dhcpd server. But, I don’t understand why it’s very slow. A ssh between my computer and the bpi-r2 is slow (I can do a less or a grep with big file, I do “killall ssh” ), internet is very slow. Why ?

root@bpi-iot-ros-ai:~# cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

# The loopback network interface
#auto lo
#iface lo inet loopback

auto wan
#iface wan inet static
#  address 192.168.1.10
#  netmask 255.255.255.0
allow-hotplug wan	
  iface wan inet dhcp
  pre-up ip link set $IFACE address 32:D1:55:7D:03:39 up
  up /etc/init.d/firewall start

auto eth1
iface eth1 inet manual
  pre-up ip link set $IFACE up
  post-down ip link set $IFACE down

auto eth0
iface eth0 inet manual
  pre-up ip link set $IFACE up
  post-down ip link set $IFACE down

auto br0
iface br0 inet static
  address 192.168.2.1
  netmask 255.255.255.0
  bridge_ports lan0 lan1 lan2 lan3
  bridge_fd 5
  bridge_stp no
  gateway 192.168.1.1

The ping is good, but not very good :

--- 192.168.2.1 ping statistics ---
68 packets transmitted, 64 received, 5% packet loss, time 67862ms
rtt min/avg/max/mdev = 0.430/1.019/1.511/0.347 ms

I try with a new wire :

--- 192.168.2.1 ping statistics ---
82 packets transmitted, 76 received, 7% packet loss, time 82177ms
rtt min/avg/max/mdev = 0.378/1.022/1.643/0.338 ms

As i see the r2 ist between your client and your gateway and you have packetloss on ping.

Try to ping br0 from client and your gateway from r2 to check where ping fails. Also try to deactivate firewall…maybe there is a ratelimiting.

Btw we see that ethernet seems to be limited to near 100MBit/s

Hello

It’s the firewall. I don’t understand why… I have made myself the firewall with iptables. And he walked several years already with a computer and after with a pi2.

root@bpi-iot-ros-ai:~# LOCAL="br0"
root@bpi-iot-ros-ai:~# NET="wan"
root@bpi-iot-ros-ai:~# $ipt -t nat -A POSTROUTING -o $NET -j MASQUERADE
root@bpi-iot-ros-ai:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@bpi-iot-ros-ai:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination       

The ping :

 --- 192.168.2.1 ping statistics ---
150 packets transmitted, 150 received, 0% packet loss, time 150987ms
rtt min/avg/max/mdev = 0.388/0.968/1.534/0.312 ms

The iptables rules :

 root@bpi-iot-ros-ai:~# grep -v \# /etc/init.d/firewall
ipt=/sbin/iptables
LOCAL="br0"
NET="wan"
RESEAU='192.168.1.0/24'
PPP="ppp0"

echo "Mise en place du mur de feu"

$ipt -F
$ipt -t nat -F
$ipt -t nat -X
$ipt -P INPUT DROP
$ipt -P FORWARD ACCEPT
$ipt -P OUTPUT ACCEPT
$ipt -A OUTPUT -o lo -j ACCEPT
$ipt -A INPUT -i lo -j ACCEPT
$ipt -A OUTPUT -o $LOCAL -j ACCEPT
$ipt -A INPUT -i $LOCAL -j ACCEPT

$ipt -A INPUT -p icmp -j ACCEPT
$ipt -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$ipt -A INPUT -p tcp --dport 22 -j ACCEPT
$ipt -A INPUT -p tcp -i $LOCAL --dport 53 -j ACCEPT
$ipt -A INPUT -p udp -i $LOCAL --dport 53 -j ACCEPT
$ipt -A INPUT -p tcp --dport 80 -j ACCEPT
$ipt -A INPUT -p tcp --dport 115 -j ACCEPT
$ipt -A INPUT -p udp -i $LOCAL --dport 123 -j ACCEPT
$ipt -A INPUT -i $LOCAL -p tcp --dport 3128  -j ACCEPT
$ipt -A INPUT -i $LOCAL -p udp --dport 3128  -j ACCEPT 
$ipt -A INPUT -i $LOCAL -p tcp --dport 8080 -j ACCEPT
$ipt -A INPUT -i $LOCAL -p udp --dport 8080 -j ACCEPT
$ipt -A INPUT -i $LOCAL -p udp -m multiport --dport 111,2049,4000:4003 -j ACCEPT
$ipt -A INPUT -i $LOCAL -p tcp -m multiport --dport 137,139,445 -j ACCEPT
$ipt -A INPUT -i $LOCAL -p udp -m multiport --dport 137,139,445 -j ACCEPT
$ipt -A INPUT -i $NET -p tcp -m multiport --dport 6969,6881:6889 -j ACCEPT
$ipt -A INPUT -i $NET -p udp  --dport 6881  -j ACCEPT
$ipt -A INPUT -i $NET -p udp  --dport 6880  -j ACCEPT

$ipt -t nat -A POSTROUTING -o $NET -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

I have a problem with speedtest : ping 2 ms, Download : 0.78MBPS, upload : 299,33 Mbps I try without the r2.

The problem is speedtest I think. https://www.speedtest.net

1 Like

Now as you know it’s the firewall you can include your rules step by step starting with manually applied rules (nat) and the others commented out (#). It’s a script it’s easy to enable 1 rule and start script again

I try to do it…

I run xmtr ( http://www.bitwizard.nl/mtr/ ) => no problem with the firewall now ! But I do

cat /var/log/syslog In 2 computer. One by wan and the other by br0. By wan, it’s come immediately. By br0, il’s need more als 1 minute. It’s block… a few line come. It’s block… A few minute after, it’s not good : I can wait.

Today my network have a little problem. I do all my test with my firewall => my firewall is good.

I think that speedtest is not a good idea ! But, his results are abnormal. My computer is behind the r2 in br0 (I have try lan0-3). Up is .5 with my computer and 20 with the r2 (0,5<20 => normal) Down is 250 with my computer and 50 with the r2. (250>50 abnormal)

I have do a reboot of the r2 (my ssd was protected in write… why ? ). And now “cat /var/log/syslog” is good.

I don’t nothing understand, it’s good, it’s not good. I do only reboot…

Has this kernel metadata_csum ? My sdd was formated with this I think.

I don’t know what you want to say with your numbers… can you stay on one problem and not mix with different others…it’s hard to follow what you want to do and what you expect

I try to connect my computer at internet with the r2 as router. It is not perfect. I don’t kwon why.

Now, the connection between my computer and the r2 is bester. Why ? I have nothing do. I just unplugged and reconnected the RJ45 in the br0 (lan0-3). I have just do a reboot in the r2.

I have never have problem with wan. Why with br0 ? If I remove the bridge ? In writing this message, I had this idea.

I have do a error in /etc/network/interfaces

The entry gateway is for the “world” interface : wan, but only if it’s static. Here, wan is dhcp => I don’t need the entry gateway.

I don’t unsderstand why the display with ssh blocks when it has to display too many lines. The lines arrive by block and it stops, it starts again … long after sometimes.

Can you test https://www.speedtest.net/

This morning I have do 4 test:
Modifiy /etc/network, /etc/default/isc-dhcp-server, and my firewall.

  • The word is in lan0, the bridge have lan1-3 : the same problem.
  • The world is in lan0, the bridge have only wan and it’s good. After : no problem.
  • The world is in lan0, my PC connected in wan (no bridge). After : no problem.
  • The world is in lan0, my PC connected in lan3 (no bridge). After : problem.

“No problem” is:

  • “cat /var/log/syslog.1” very fast
  • internet very fast

The problem seems to be that I have to have my internal network on wan.

yesterday I have try speedtest at work : speedtest have a problem now. It’s not a good idea ti test network with speedtest.

Apart from this problem, everything seems ok now. I work with my PC on the network generated by the bananapi. I can work both in wire or WiFi.

I even made a bridge with my two wan and ap0 connections to have only one home network.

Hello

It’s my simplified network :

The Box 192.168.0.1 is in wan 192.168.0.10 The Computer 2 is in 192.168.0.2 The box have a dhcpd server The box redirect to 192.168.0.10 all the https call “https://my.troumad.org” for example

Exemple 1 : The lan0 (bridged or not bridged) is in ip 192.168.1.1 and the Computer 192.168.1.2 BPI-R2 have a dhcpd server If I do a ping with Computer 1 : ping 192.168.1.1 : I have a lot of error. The network don(t work good in the computer 1.

Exemple 2 : All the lan and ap0 are bridged with wan. The computer 1 (or all the wifi device and all device connected in lan[0-3]) recover their network configuration by the box. Computer 1 have a good internet. But if computer 1 call https://192.168.0.10 it’s not all good. Il computer 2 call https://192.168.0.10, it’s good. If computer 1 or 2 call https://my.troumad.org, it’s good. And… ssh beetwin Computer 1 and BPI-R2 direct is not good. BUT If with the computer I do a ssh in Computer 2 and after I do a ssh in BPI-R2, it’s good.

I can’t do a firewall with the BPI-R2, but I can use it.