Can't disable Host Isolation

Ciao!

I’m trying to replace my ClearOS home server with Nethserver.
I’m not very expert on “networks” so I rely a lot on the UI.

The server acts as a gateway / firewall.
I have 3 ethernet ports and a wifi screen in bridge br0, and with portainer I have the “APPs” as if it were exposed on the local network… (this is the killer feature!!!)

I just have one problem to solve …

I installed hostapd to run the server as a “wifi router” (as root). The card works perfectly in AC and 2.4 / 5Gz mode

The only problem that arises is that host isolation is always active. Or rather, the clients cannot see each other.
In other words, an android smartphone does not see the chromecast or a laptop does not see the wifi printer.

On hostapd there is a special “ap_isolation” configuration to enable or disable host isolation.
But it seems to have no effect …
Reading on various forums seems to be an “old” problem common to many users.

To solve the problem I run the following commands:

echo 1> / sys / devices / virtual / net / br0 / lower_wlp2s0 / brport / hairpin_mode
echo 0> / sys / devices / virtual / net / br0 / lower_wlp2s0 / brport / hairpin_mode

and I’m able to let the hosts communicate in wifi and the chromecast is correctly recognized.
But when I disable host isolation I am no longer able to access the WIFI … to access again I have to re-enable host isolation from the command line.

Do you have any idea how to fix it permanently?

Here my hostapd.conf

interface=wlp2s0
bridge=br0
driver=nl80211

ctrl_interface=/var/run/hostapd
#ctrl_interface_group=0

IEEE 802.11

ssid=asd
country_code=IT
ieee80211d=1
ieee80211h=1
hw_mode=a
channel=60
auth_algs=1
wmm_enabled=1

IEEE 802.11n

ieee80211n=1
ht_capab=[HT40-] [SHORT-GI-40] [DSSS_CCK-40]

IEEE 802.11ac

ieee80211ac=1
vht_capab=[VHT160] [SHORT-GI-80] [SHORT-GI-160] [BF-ANTENNA-4] [SOUNDING-DIMENSION-4] [MU-BEAMFORMER] [MU-BEAMFORMEE]
vht_oper_chwidth=1
vht_oper_centr_freq_seg0_idx=66

ap_isolate=0

WPA/IEEE 802.11i

wpa=2
wpa_passphrase=asd
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP

My warmest congratulations on what you have achieved with nethserver

The behavior happends also if my laptop and nvidia shield (chromecast builtin) is connected via cable at 2 different port…

whit “echo 1 > / sys / devices / virtual / net / br0 / lower_wlp2s0 / brport / hairpin_mode” i am able from chrome (on laptop) to find the chromecast built in nvidia shield

but if i from a wifi device i try to loggout and login again can’t join…

Some specs of my realy basic configs

image1582×536 31.7 KB

image1492×224 14.6 KB

thanks in advice for you time

Anyone can help Fabrizio with this?