[cyberpac9]

here'e my setup: PC wired to Linksys wrt54g wireless router, which connects to my cable modem. upgraded firmware on Linksys (dd-wrt) in order to enable WDS. Airport Express connected wirelessly to Linksys with WDS enabled. laptop connects wirelessly to network.

if i connect my AX (plug it in), my wireless network disconnects. if i unplug my AX, i am good to go with my wireless network. put kiwi syslog on my PC to log what is happening. here is a sample log file from my syslog when i connect my AX, thus causing my wireless network to drop:

2007-01-16 20:33:11   Kernel.Warning   192.168.1.1   kernel: DROP IN=vlan1 OUT= MAC=00:13:72:98:23:e2:00:01:5c:23:cd:42:08:00:45:00:01:f8 SRC=204.16.210.62 DST=74.131.xxx.xx LEN=504 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=33202 DPT=1026 LEN=484
2007-01-16 20:33:11   Kernel.Warning   192.168.1.1   kernel: DROP IN=vlan1 OUT= MAC=00:13:72:98:23:e2:00:01:5c:23:cd:42:08:00:45:00:01:f8 SRC=204.16.210.62 DST=74.131.xxx.xx LEN=504 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=33202 DPT=1027 LEN=484
2007-01-16 20:33:21   Kernel.Warning   192.168.1.1   kernel: DROP IN=vlan1 OUT= MAC=00:13:72:98:23:e2:00:01:5c:23:cd:42:08:00:45:00:00:30 SRC=64.236.47.54 DST=74.131.xxx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=80 DPT=4038 SEQ=3318004730 ACK=2694466358 WINDOW=5840 RES=0x00 ACK SYN URGP=0 OPT (020405B401010402)
2007-01-16 20:34:09   Kernel.Warning   192.168.1.1   kernel: DROP IN=vlan1 OUT= MAC=00:13:72:98:23:e2:00:01:5c:23:cd:42:08:00:45:00:00:30 SRC=64.236.47.54 DST=74.131.xxx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=80 DPT=4038 SEQ=3318004730 ACK=2694466358 WINDOW=5840 RES=0x00 ACK SYN URGP=0 OPT (020405B401010402)

some of this i understand (i think) but some i don't:
2007-01-16 20:33:11 - date
Kernel.Warning - type of warning
192.168.1.1 - router IP
kernel: DROP IN=vlan1 OUT= - i don't know
MAC=00:13:72:98:23:e2:00:01:5c:23:cd:42:08:00:45:00:01:f8 - the first part is the MAC address of my PC that is wired to my router
SRC=204.16.210.62 - i don't know what ip address this represents
DST=74.131.xxx.xx - router IP
LEN=504 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=33202 DPT=1026 LEN=484 - don't know what any of this is

if anyone can assist me and help me figure out what this is telling me so that i can properly use my AX for WDS, i'd really appreciate...

 

[cyberpac9]

even if you don't know the answer, if anyone can tell me where i can go to get help with my router logs, i'd really appreciate it..

 

[O111111O]

here'e my setup: PC wired to Linksys wrt54g wireless router, which connects to my cable modem. upgraded firmware on Linksys (dd-wrt) in order to enable WDS. Airport Express connected wirelessly to Linksys with WDS enabled. laptop connects wirelessly to network.

if i connect my AX (plug it in), my wireless network disconnects. if i unplug my AX, i am good to go with my wireless network. put kiwi syslog on my PC to log what is happening. here is a sample log file from my syslog when i connect my AX, thus causing my wireless network to drop:

2007-01-16 20:33:11   Kernel.Warning   192.168.1.1   kernel: DROP IN=vlan1 OUT= MAC=00:13:72:98:23:e2:00:01:5c:23:cd:42:08:00:45:00:01:f8 SRC=204.16.210.62 DST=74.131.xxx.xx LEN=504 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=33202 DPT=1026 LEN=484
2007-01-16 20:33:11   Kernel.Warning   192.168.1.1   kernel: DROP IN=vlan1 OUT= MAC=00:13:72:98:23:e2:00:01:5c:23:cd:42:08:00:45:00:01:f8 SRC=204.16.210.62 DST=74.131.xxx.xx LEN=504 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=33202 DPT=1027 LEN=484
2007-01-16 20:33:21   Kernel.Warning   192.168.1.1   kernel: DROP IN=vlan1 OUT= MAC=00:13:72:98:23:e2:00:01:5c:23:cd:42:08:00:45:00:00:30 SRC=64.236.47.54 DST=74.131.xxx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=80 DPT=4038 SEQ=3318004730 ACK=2694466358 WINDOW=5840 RES=0x00 ACK SYN URGP=0 OPT (020405B401010402)
2007-01-16 20:34:09   Kernel.Warning   192.168.1.1   kernel: DROP IN=vlan1 OUT= MAC=00:13:72:98:23:e2:00:01:5c:23:cd:42:08:00:45:00:00:30 SRC=64.236.47.54 DST=74.131.xxx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=80 DPT=4038 SEQ=3318004730 ACK=2694466358 WINDOW=5840 RES=0x00 ACK SYN URGP=0 OPT (020405B401010402)

Looks like you have a couple of different issues. Thanks for taking the time to actually look at syslog.

some of this i understand (i think) but some i don't:

I like problems like this. Let's start with the flow below, and we'll go from there. Please review notes.

2007-01-16 20:33:11 - date -
Kernel.Warning - type of warning
192.168.1.1 - router IP
kernel: DROP IN=vlan1 OUT= - i don't know - * note 1
MAC=00:13:72:98:23:e2:00:01:5c:23:cd:42:08:00:45:00:01:f8 - the first part is the MAC address of my PC that is wired to my router * note 2
SRC=204.16.210.62 - i don't know what ip address this represents * note 3
DST=74.131.xxx.xx - router IP
LEN=504 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=33202 DPT=1026 LEN=484 - don't know what any of this is * note 4

note 1: This is showing the direction of the flow. The input of the flow is vlan1 (outside, if your config is default), and the output isnt specified.

note 2: You're seeing three MAC's in one. Did you configure the router in AP mode, client, or bridge mode?

note 3: Sorry to be obvious, but this is the source IP that this flow is referencing.

note 4: This one will be long. It doesn't matter for your purpose, but I'd like to explain - what you're seeing is the IP header.
LEN=504 - Length of the header + payload of the packet.
TOS=0x00 - Type of service bits (0, or the default) This is Layer3 queuing mech.
PREC=0x00 - IP precedence bits (0, default) This is layer2 queue.
TTL=47 - Time to Live. Loosely the number of router hops for packet expiry.
ID=0 - Type of packet
DF - Don't Fragment. This is telling devices not to fragment packet if it exceeds MTU.
PROTO=UDP - This is a UDP protocol payload.
SPT=33202 - UDP port of the host that sent this packet
DPT=1026 - UDP port of the destination that it's sending this to
LEN=484 - Length of the payload of the packet (The data contained in the packet)

So, now that we're through all of that. That isn't even your most interesting drop. The other one is kind of fun, because unless you were trying to open an AOL website (64.236.47.54) the TCP SYN was spoofed with your source address (pretty common)

In any event. The drop messages you see are both from AOL and FastColocation services. FastColocation is a DSL/dialup/datacenter provider, and they constantly make it to the SANS top 10 list for abuse. This means that they have a myriad of customers that are zombied/virii'd/spywared that are targeting random destinations looking for another host to infect. UDP 1026 is a very common port for backdoors.

The drop messages you have are valid messages, your firewall is doing it's job. Unless YOU initiate the connection (or port forward), the firewall won't let the connection through from the Internet to your host.

Having said ALL of that. It "smells" like an 802.11 issue, and your WRT doesn't log that.

Can you telnet/ssh into your WRT? If you can, do you think you can get tcpdump to fit on it?

To troubleshoot, it would be nice to have:

List of all of the MAC addresses of your wired/wireless devices
if no TCPDUMP, a pcap compatible 802.11 capture from wireshark or otherwise of "normal" 802.11 frames, and frames when you plug in your airport.

I'm GUESSING that the WRT is sending a 802.11 deauth for one reason or another when you plug in your Airport.

 

[O111111O]

A couple of more thoughts.

Are you using WPA, or WEP? (WPA2 doesn't work with WDS, and WPA is buggy)

dd-wrt has a very nice wiki for WDS with Airport.... Before we go down the sniffer route, you may want to verify that you've completed all of the items in the wiki.

http://www.dd-wrt.com/wiki/index.php/WDS_Linked_router_network

 

[cyberpac9]

wow, thanks for the info, this is great...let's go through this:
note 2: it is configured as AP
note 3: i knew this was an outside IP, but i didn't know that this was what was causing the problem
notes 1&4: great info, that's good to know...

"Can you telnet/ssh into your WRT? If you can, do you think you can get tcpdump to fit on it?" not sure how to "get tcpdump on it"...i have putty, if that is a good program to use...

i'll get the MAC addresses (router, wired PC, laptop, AX)...i'm using WEP and i've looked at that wiki before - mine is setup according to the directions...

thanks so much for ALL the info you've given me, that's a lot...i'll get the MAC addresses for ya and if you could give me some guidance on how to get tcpdump on it i'd appreciate it...

 

[O111111O]

Well, if you haven't already done it let's not start now. Once you start trying to install stuff on your router, you could make it useless. Let's not do that.

Do you have another PC with a wireless card? You can download Ethereal/Wireshark to run "sniffer" on your wireless side to watch when you try to power the Airport.

 

[cyberpac9]

10-4

i have the wireless laptop that i'm using right now...i'll download wireshark...does this work even if my network drops? (i assume it will log something once it drops, but better to ask)

 

[O111111O]

10-4

i have the wireless laptop that i'm using right now...i'll download wireshark...does this work even if my network drops? (i assume it will log something once it drops, but better to ask)

Oops. I forgot. Windows.

Well, we can see Layer2/3 frames with Wireshark + Windows. We won't see 802.11 frames in Windows. My fault.

Well, you can still do it. We'll see what leads up to the disconnect.

 

[cyberpac9]

ok, so for the little bit this has been running it hasn't crashed...go figure...it is getting late, so i'll do this when i get home from work tomorrow...

you mentioned only layer2/3 for windows...i installed AirPcap with wireshark...it sounds like that will capture what you want, is that correct?

thanks again for your help...i'll be posting tomorrow evening anything i can...

 

[cyberpac9]

well, i turned on wireshark, setup my AX, waited for it to disconnect and stopped wireshark...got a readout, but not sure what it is you want...i don't see anything regarding layers...

 

[cyberpac9]

something of note here:
- i run ethernet cable from AX to router and get good signal
- signal is never dropped as long as the AX is wired to router
- unplug ethernet cable from AX and eventually lose the AX connection
- router is set to renew the client lease every 10 minutes
- AX loses connections 10 minutes after being unplugged, thus the IP isn't renewed
- when i first logged onto the AX it had an issued IP of 192.168.1.103, but after it lost connection and i was able to connect again (only after plugging the ethernet cable back in) it gave me an IP of 102...don't know if that matters
- noticed in the syslog that the AX (with an IP of 103) was trying to connect (ack) and was refected, router offered 102 and AX accepted...but this is only when it is plugged in...

i'm wondering if this isn't something with the AX and not the router, or could it be a router setting that is preventing the AX from renewing the IP....

 

[O111111O]

Did you save the capture file?

It does sound like it's sending DHCP via Ethernet.

What happens if you configure the AX for client mode?

 

[cyberpac9]

the file was too big to upload so i put it online http://www.filefactory.com/file/eb711a/

since i upgrading my router's firmware i have only had it setup w/ WDS...i have thought about switching that off to see if that would help, although that is the reason i flashed to the newer firmware was for WDS.

 

[cyberpac9]

changed the AX and it is now just a client and not part of WDS...the connection still drops, HOWEVER after the connection comes back online it gives the AX an IP address whereas before (when using WDS) it would not register a new IP....

 

[O111111O]

Yeah, so DHCP is working now. Still sounds like deauth.

I had issues downloading that file, I'll turn my FTP on tomorrow and PM you the IP, you can send it directly there.

You may check Preamble/RTS to self/burst frame size/etc. Make sure those match up between the AX and the access-point.

 

[cyberpac9]

well i took the "drastic" step and flashed the router to another firmware...this has appeared to fix the situation...i have WDS working and AirTunes running throughout the house...

O111111O: thank you so much for your help and patience...your input was very thorough and appreciated...

 

[O111111O]

Awesome. I'm glad that fixed it!

(don't know that I solved your issue, but ok.... )