[arch-general] hostapd + ap_isolate

Uwe Sauter uwe.sauter.de at gmail.com
Sat Oct 23 13:30:51 UTC 2021

>> From my experience, tcpdump connects to the interface and you will see
>> all traffic regardless of firewall settings, given you have the
>> permissions.
>> In your case I'd first verify that layer 2 is working correctly (layer
>> 2 is ethernet or wifi). So I'd use the utilities provided by
>> "wpa_supplicant" or "iw" to see if the "hardware connection" is
>> working as expected.
>> If your wifi card didn't connect on layer 2 it has no reasons to
>> configure layer 3 (IP, IPv6) and above.
> Well, layer 2 works, if it is needed for connections between the client
> and the access point.
> Layer 2 should already see mac addresses, right? Can you point me to a
> command, which scans on layer 2 for all macs? I seem to only find how to
> see the available access points (which works as expected) and using nmap
> to ping around - which fails as expected :-/
> Do you know any command to query the interface regarding routing
> information (similar to what `ip route` does on layer 3 for the whole
> machine)?

On layer 2 there is no routing. That's the reason why you need to 
configure a default route and possibly static routes.

Unfortunately I'm not very experienced in debugging wifi but I'd 
probably start to investigate using some sniffer, e.g. Kismet [1] (not a 
recommendation, just the first reasonable search result).

One hunch though: was there any update to hostapd that might have 
enabled WPA3? This might be the totally wrong direction but I've read on 
multiple occasions that old hardware (e.g. Android tablets from 2012) 
and WPA3-enabled APs don't work well together.



[1] https://www.kismetwireless.net/

>> Regards,
>>     Uwe
> regards,
> Erich

More information about the arch-general mailing list