The web link doesn't open in my case.
Hi again Zenzen.
I tried each of the mentioned new rules. I took screenshot before and after turning on hotspot to identify what becomes active(the new rules) in UFW for the hotspot. Then I tried these new rules for the ports one by one.
Interestingly, allowing port 53's udp and tcp both or one by one did nothing. But when I added port 67 udp port, the android device could connect to the hotspot but doesn't get internet access. I have attached relevant photos:
Before activating hotspot:
After activating hotspot:
So the ones belonging to port 53 udp and tcp, port 67 udp of application dnsmasq are responsible for hotspot in my case.
Current condition of connecting to the hotspot from my android device:
Can you show the firewall rules that get you to this point?
Content of page you could not access:
"Creating a WiFi hotspot on Ubuntu 22.04 is a straightforward process that can be very useful for sharing your internet connection with other devices. Turning your Ubuntu machine into a WiFi access point is a handy solution, whether at home or in a setting where a traditional WiFi network isn’t available. Here’s a detailed guide on configuring WiFi Access Points using the network-manager snap.
Prerequisites
Before we begin, ensure that you have the following:
- A computer running Ubuntu 22.04.
- A wireless network interface on your Ubuntu device.
- The
network-managersnap installed on your system.
Step-by-Step Guide to Create a WiFi Hotspot
Open the Terminal: First, open your terminal. You can do this by pressing Ctrl + Alt + T or searching for ‘Terminal’ in your applications menu.
Identify Your WiFi Interface: You need to know the name of your WiFi network interface. You can find this by running the command nmcli device status. Look for the device under the “DEVICE” column that has “wifi” listed in the “TYPE” column.
Configure the WiFi Hotspot: Use the following command to set up your WiFi hotspot:php
nmcli d wifi hotspot ifname <wifi_iface> ssid password ;
Replace <wifi_iface> with your WiFi interface name, <ssid> with your desired network name (SSID) and <password> with your chosen password. Remember, the password should be between 8-63 characters or 64 hexadecimal characters.
For example, if your WiFi interface is wlan0, your desired SSID is MyHotspot, and your password is MyStrongPassword123, the command will look like this:
Connection Verification: If the command is successful, network-manager will create a connection named ‘Hotspot ’, where is a number. This indicates your hotspot is active.
Shared Internet Connection: The created hotspot offers a shared connection by default. This means any device connected to your hotspot should be able to access the internet if your Ubuntu device has internet access.
Connecting Devices: Search for available WiFi networks on your other devices (like smartphones or laptops). You should see the SSID you set (MyHotspot in our example). Connect to it using the password you configured.
Tips and Considerations
Ensure your device has a stable internet connection if you intend to share it via the hotspot.
Keep your hotspot secure by using a strong, unique password.
Remember that using your computer as a hotspot may impact its battery life more quickly if not plugged in.
Conclusion
Creating a WiFi hotspot on Ubuntu 22.04 is a useful feature, especially when you need to share your internet connection quickly and efficiently. Following these simple steps, you can turn your Ubuntu machine into a reliable WiFi access point for various devices.
ncmli device wifi hotspot [ifname ifname] [con-name name] [ssid SSID] [band {a | bg}] [channel channel] [password password]
Create a Wi-Fi hotspot. The command creates a hotspot connection profile according to Wi-Fi device capabilities and activates it on the device. The hotspot is secured with WPA if device/driver supports that, otherwise WEP is used. Use connection down or device down to stop the hotspot.
Parameters of the hotspot can be influenced by the optional parameters:
ifname
what Wi-Fi device is used.
con-name
name of the created hotspot connection profile.
ssid
SSID of the hotspot.
band
Wi-Fi band to use.
channel
Wi-Fi channel to use.
password
password to use for the created hotspot. If not provided, nmcli will generate a password. The password is either WPA pre-shared key or WEP key.
Note that --show-secrets global option can be used to print the hotspot password.
It is useful especially when the password was generated.
That all looks fine to me... the rules clearly state that all incoming traffic to wlp2s0 is allowed, and you can connect to the hotspot, which proofs that it works, up to a point anyway.
On your phone, when you tap the settings icons for the TP-Link access point (after you've connected to it), does it assign an IP address? For example, 192.168.1.50 or something similar?
And, have you test the connection just in case it actually does work despite the message?
thanks I will try.
the prerequisites suggested a snap package named network manager. Is it the one?
I tested browsing, youtube etc with that connection. It doesn't work.
The hotspot does show an IP adress but it shows IP settings as DHCP. Then again the IP address is a bit weird per say. It's 10.xx.x.xxx. Although I don't know if the settings is showing the android devices IP address or the hotspot's IP address.
That is weird. IP addresses starting 10.xxx.xxx.xxx are usually reserved for business networks. Joe public IP addresses start with 192.
Yep. pretty weird. I can confirm that I am not in a business. Fun fact, my ethernet's IP is 192.xxx.... . Idk why the hotspot gets a business one.
I wonder which one matters for @zenzen 's question. The router's IP address or the android device's IP address
Are you running an instance of dnsmasq in Zorin OS by any chance?
sudo systemctl status dnsmasq
If yes, try to disable it:
sudo systemctl disable dnsmasq
And hope for the best 
I guess activating the hotspot runs dnsmasq. I don't see dnsmasq anywhere else except for that. But I don't run it on my own wish. I don't even know what dns masq is.
dnsmasq is a service that can, among other things, assign IP addresses to devices on a network. And yes, the Network Manager spawns it's own internal version of it, so that's expected. I wanted to check in case there were two separate instances running that may be in conflict, but that does not seem to be the case.
Network Manager comes installed by default, btw, you don't need to install it.
Let's see if there's anything being logged by the firewall about blocked packages.
-
Turn off the hotspot, to have a clear fresh starting poing.
-
Increase the logging activity for UFW.
sudo ufw logging full -
Reload the firewall.
sudo systemctl restart ufwI'm not sure right now if this would work, but you can also try with:
sudo ufw disable sudo ufw enable -
Turn the hotspot back on, and attempt to connect from your phone. Give it a few minutes.
-
Check the logs for any blocked packages.
grep -i "ufw block" /var/log/ufw.log
There are many blocked packages in the ufw.log . I waited 10 mins after connecting so maybe that's why there are so many things there. I can't give everything within a few photos. But I will try to give unique ones. I wished I could give a record instead of giving 9 photos.
result of [grep -i "ufw block" /var/log/ufw.log]:
That's definitely a lot more than what I was expecting. You can try to narrow it down a bit by specifying the interface that your connecting to (the hotspot):
grep -iE "UFW BLOCK.*IN=wlp2s0"
If that's also too much, you can take the last 100 entries (for example) and then apply the filter. Ideally, you'd want to run this shortly after connecting from your phone:
tail -n 100 | grep -iE "UFW BLOCK.*IN=wlp2s0"
Btw, there seems to be a network interface named wlo1. Can you double check the name of the interface for the hotspot? Just in case. It's a bit odd that there's not one entry for wlp2s0.
wlp2s0 is the altname of wlo1. I found it in
ip -a
I actually told wlp2s0 is the altname before. But nobody told me anything, so I kept telling it. Sorry, if this becomes the reason of failure of troubleshooting.
I will be running the commands tomorrow morning as soon as possible.
I will give a pic of the results of ip-a as well.
1 Like
I told it here.
Oh, sorry I forgot about that... at this point, I'm trying to see any thing that stands out and blame it all on that 
I do wonder though, if maybe switching the UFW rule to use that specific name will have an affect, since that's what it seems to be aware of (and blocking it). You can reset all the firewall rules first, and then re-apply them using the new interface:
sudo ufw reset
sudo ufw allow in on wlo1
sudo ufw reload
grep -iE "UFW BLOCK.*IN=wlp2s0"
tail -n 100 | grep -iE "UFW BLOCK.*IN=wlp2s0"
Both of these commands didn't yield any result. In both cases the cursor went to the next line in terminal and kept blinking. So I don't know about this.
Result of ip a command:
I edited the pic to hide the IP addresses. I know it's not good to expose IP.