Hostapd 为 Windows 7 客户端提供所有网页，而不为 XP 或 Android 客户端提供

我已经在运行 Linux Mint 15 的笔记本电脑上安装了 hostapd 和 dnsmasq，作为无线中继：来自远程 wifi 路由器的传入是通过 wlan0，为客户端机器提供服务的 pcmcia wifi 卡是 wlan1。

这种安排与我的 Win7 64 位机器完美配合；所有网站加载迅速，没有任何问题，即使是流式传输视频也是如此。我的 Win7 盒子双启动 Win7 或 Linux Mint 14。两个操作系统都没有问题。

在我的 Windows XP 32 位计算机和 Android 平板电脑上，我无法加载某些网站。其中包括 amazon.com 和 imdb.com（这两个网站都无法从任何机器上 ping 通，我相信这是网站设计的原因）。偶尔，这些网站会在浏览器顶部加载页面标题（有时不会），但我仍然看到空白页。

Startpage.com 和 google.com 都不太稳定：奇怪的是，其中一个网站可以正常加载，而另一个却加载不上，或者需要很长时间，而且似乎没有办法判断哪个网站可以加载。一都可以正常加载。ubuntuforums.org 和其他网站通常也是如此。

XP 机器上的 Firefox、Google Chrome 和 IE 以及 Android 上的所有浏览器都存在此问题。与 hostapd 机器的距离不是影响因素。

如果我在客户端机器上使用远程 VPN（例如 vpnbook.com）（OpenVPN 或 PPTP），则所有站点都可以访问。

我尝试在 XP 和 Android 机器上使用直接 DCHP（通过 dnsmasq），让它们严格从 hostapd 服务器接收网络设置。在这些机器中，我还尝试添加非 DCHP 名称服务器（包括 google）、静态 IP 地址和/或添加默认网关（hostapd 框）。任何更改都无济于事。

任何帮助解决该问题的帮助都将非常感激。

我的配置如下。* 用于隐藏敏感数据

/etc/网络/接口

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

#Wifi Access Point Setup
auto wlan1

hostapd.conf

#hostapd.conf
# Define interface
interface=wlan1
# Select driver
driver=nl80211
# Set access point name
ssid=******
# Set access point harware mode to 802.11g
hw_mode=g
# Set WIFI channel (can be easily changed)
channel=11
# Enable WPA2 only (1 for WPA, 2 for WPA2, 3 for WPA + WPA2)
wpa=2
wpa_passphrase=************

dnsmasq配置文件

#dnsmasq.conf
# Bind to only one interface
bind-interfaces
# Choose interface for binding
interface=wlan1
# Specify range of IP addresses for DHCP leasses
dhcp-range=192.168.*.*,192.168.*.*,12h
no-hosts
addn-hosts=/etc/hosts.dnsmasq
#INTERFACE_NET=wlan0
server=208.67.222.222
server=208.67.220.220

主机名.dnsmasq

#hosts.dnsmasq
192.168.*.*  ******

网络

# symbolic names for networks, see networks(5) for more information
link-local 169.254.0.0

nsswitch.conf

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat
group:          compat
shadow:         compat

#hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

解析配置文件

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1

# OpenDNS Fallback (configured by Linux Mint in /etc/resolvconf/resolv.conf.d/tail).
nameserver 208.67.222.222
nameserver 208.67.220.220

系统配置参数

#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables
# See sysctl.conf (5) for information.
#

#kernel.domainname = example.com

# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3

##############################################################3
# Functions previously found in netbase
#

vm.swappiness = 10

# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1

# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

# Uncomment the next line to enable packet forwarding for IPv6
#  Enabling this option disables Stateless Address Autoconfiguration
#  based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1


###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
#net.ipv6.conf.all.accept_ra = 0
#disable ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
# TCP stack tweaking for lossy wireless networks (Added as test: Not particularly lossy)
net.ipv4.tcp_frto = 1
net.ipv4.tcp_frto_response = 2
net.ipv4.tcp_low_latency = 1

rc.本地

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

ifconfig wlan0 up
iwconfig wlan0 rate auto
iptables -t nat -A POSTROUTING -s 192.168.*.*/24 -o wlan0 -j MASQUERADE

# Line below starts hostapd on system start
/bin/sh /etc/APstart.sh

exit 0

iptables.rules

# Generated by iptables-save v1.4.12 on Sat Nov 30 16:08:41 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD -s 192.168.*.*/24 -o wlan0 -j ACCEPT
-A FORWARD -d 192.168.*.*/24 -i wlan0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Sat Nov 30 16:08:41 2013
# Generated by iptables-save v1.4.12 on Sat Nov 30 16:08:41 2013
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [2:333]
:POSTROUTING ACCEPT [2:333]
    -A POSTROUTING -s 192.168.*.*/24 -o wlan0 -j MASQUERADE
COMMIT
# Completed on Sat Nov 30 16:08:41 201

APstart.sh（启动脚本。在系统启动时运行，或手动运行）

#!/bin/bash
# Start
# Configure IP address for WLAN
sudo ifconfig wlan1 192.168.*.*
# Start DHCP/DNS server
sudo service dnsmasq restart
# Enable routing
sudo sysctl net.ipv4.ip_forward=1
# Enable NAT
# Run access point daemon
sudo hostapd /etc/hostapd.conf
# Stop
# Disable NAT
sudo iptables -D POSTROUTING -t nat -o wlan0 -j MASQUERADE
# Disable routing
sudo sysctl net.ipv4.ip_forward=0
# Disable DHCP/DNS server
sudo service dnsmasq stop
sudo service hostapd stop

hostapd 框内的一些终端命令输出：

输出：主机 amazon.com

amazon.com has address 205.251.242.54
amazon.com has address 72.21.194.212
amazon.com has address 72.21.215.232
amazon.com has address 176.32.98.166
amazon.com mail is handled by 5 amazon-smtp.amazon.com.

输出：traceroute amazon.com（192.168.1.1 是通过 wlan0 的远程 wifi 路由器）

traceroute to amazon.com (72.21.194.212), 30 hops max, 60 byte packets
 1  192.168.1.1 (192.168.1.1)  4.137 ms  4.270 ms  6.582 ms
 2  192.168.0.1 (192.168.0.1)  22.555 ms  22.773 ms  22.995 ms
 3  blng-dsl-gw16.blng.qwest.net (67.42.227.16)  74.420 ms  74.481 ms  75.151 ms
 4  blng-agw1.inet.qwest.net (65.100.79.121)  39.057 ms  40.915 ms  43.690 ms
 5  dca2-edge-01.inet.qwest.net (67.14.28.110)  105.108 ms  106.398 ms  108.563 ms
 6  65.120.78.82 (65.120.78.82)  107.699 ms  87.128 ms  91.314 ms
 7  72.21.220.121 (72.21.220.121)  91.507 ms  91.612 ms 72.21.220.153 (72.21.220.153)  91.723 ms
 8  72.21.222.139 (72.21.222.139)  92.965 ms  94.833 ms  96.127 ms
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * 205.251.248.11 (205.251.248.11)  95.998 ms
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

输出：host imdb.com

imdb.com has address 72.21.202.149
imdb.com has address 72.21.210.29
imdb.com has address 72.21.206.80
imdb.com mail is handled by 10 smtp-fw-31001.amazon.com.
imdb.com mail is handled by 10 smtp-fw-33001.amazon.com.
imdb.com mail is handled by 10 smtp-fw-4101.amazon.com.
imdb.com mail is handled by 10 smtp-fw-2101.amazon.com.
imdb.com mail is handled by 10 smtp-fw-9101.amazon.com.

输出：主机 google.com

google.com has address 74.125.225.174
google.com has address 74.125.225.165
google.com has address 74.125.225.162
google.com has address 74.125.225.168
google.com has address 74.125.225.163
google.com has address 74.125.225.161
google.com has address 74.125.225.169
google.com has address 74.125.225.167
google.com has address 74.125.225.166
google.com has address 74.125.225.160
google.com has address 74.125.225.164
google.com has IPv6 address 2607:f8b0:400f:800::1002
google.com mail is handled by 20 alt1.aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.

输出：host startpage.com

startpage.com has address 69.90.210.119
startpage.com mail is handled by 10 mail.startpage.com.