2

I'm working on getting a Raspberry Pi setup on a WPA2-Enterprise network. Right now it gets an IP address from the DHCP server on both eth0 and wlan0. This pi is going somewhere where it can't reach an ethernet port, so it needs to work over wifi. I can ping, ssh, and otherwise access the pi over the IP address given to eth0. However, I can no to anything to access the IP address given to wlan0. When I ping the IP given to wlan0, tcpdump sees the echo requests (and even goes so far to resolve the hostname). I don't understand why the echo isn't being routed back to its origin.

Here are some outputs from programs for more information:

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.yyy.142.1   0.0.0.0         UG    202    0        0 eth0
0.0.0.0         xxx.yyy.234.1   0.0.0.0         UG    303    0        0 wlan0
xxx.yyy.142.0   0.0.0.0         255.255.255.0   U     202    0        0 eth0
xxx.yyy.234.0   0.0.0.0         255.255.255.0   U     303    0        0 wlan0

# ifconfig
eth0      Link encap:Ethernet  HWaddr ...:bd  
          inet addr:xxx.yyy.142.226  Bcast:xxx.yyy.142.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:72200 errors:98 dropped:740 overruns:0 frame:0
          TX packets:3381 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:4682949 (4.4 MiB)  TX bytes:331697 (323.9 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:108 errors:0 dropped:0 overruns:0 frame:0
          TX packets:108 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:9216 (9.0 KiB)  TX bytes:9216 (9.0 KiB)

wlan0     Link encap:Ethernet  HWaddr ...:e5  
          inet addr:xxx.yyy.234.195  Bcast:xxx.yyy.234.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:271 errors:0 dropped:49 overruns:0 frame:0
          TX packets:199 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:47373 (46.2 KiB)  TX bytes:26125 (25.5 KiB)

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

# ip route
default via xxx.yyy.142.1 dev eth0  metric 202 
default via xxx.yyy.234.1 dev wlan0  metric 303 
xxx.yyy.142.0/24 dev eth0  proto kernel  scope link  src xxx.yyy.142.226  metric 202 
xxx.yyy.234.0/24 dev wlan0  proto kernel  scope link  src xxx.yyy.234.195  metric 303

# ip rule
0:      from all lookup local 
32766:  from all lookup main 
32767:  from all lookup default

When I ping xxx.yyy.234.195, tcpdump shows:

listening on wlan0, link-type EN10MB (Ethernet), capture size 65535 bytes
16:34:31.664494 IP <My Computer> > raspberrypi: ICMP echo request, id 1, seq 1426, length 40
16:34:36.452314 IP <My Computer> > raspberrypi: ICMP echo request, id 1, seq 1427, length 40
16:34:41.451536 IP <My Computer> > raspberrypi: ICMP echo request, id 1, seq 1428, length 40
16:34:46.464017 IP <My Computer> > raspberrypi: ICMP echo request, id 1, seq 1429, length 40

I am on a university network, so I can't reconfigure anything about the network. I don't have enough network experience to figure this out myself, so I appreciate any help I can get.

Thank you in advance.

Osmium USA
  • 153
  • 8
  • Looks like routing issue. You have two default gateways on RasPi and it has direct routes via both eth0 and wlan0 to their respective networks. If you ping wlan0 address from a host which has address in eth0 network, RasPi will try to send reply from eth0, not wlan0 (but with source address of wlan0) If there is stateful firewall between networks, it could break such asymmetric routing. So: which address your computer has? Does it belong to xxx.yyy.142.0/24 (wired) network? Have you tried to ping RasPi wlan address while eth0 disconnected (cable pulled out)? – Nikita Kipriyanov Dec 07 '15 at 17:18
  • Pinging with eth0 works! If you make this an answer, I'll mark it as accepted! Thanks for helping, seems trivial now that it's done. – Osmium USA Dec 07 '15 at 17:44

1 Answers1

2

Looks like routing issue.

You have two default gateways on RasPi and it has direct routes via both eth0 and wlan0 to their respective networks. If you ping wlan0 address from a host which has address in eth0 network, RasPi will try to send reply from eth0, not wlan0 (but with source address of wlan0).

If there is stateful firewall between networks, it could break such asymmetric routing.

Try to disconnect eth0 (shut it down, pull out the cable or something like this) to remove redundant routes, then ping wlan address again.

Nikita Kipriyanov
  • 8,033
  • 1
  • 21
  • 39