Re: [OpenWrt-Users] Routed Client

Thu, 16 Feb 2012 14:28:24 -0800 

Hi,
Thanks everyone for taking a look at this.

The route command for the client gives:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface 
default         192.168.2.1     0.0.0.0         UG    0      0        0 eth0
loopback        localhost       255.0.0.0       UG    0      0        0 lo
192.168.2.0     *               255.255.255.0   U     1      0        0 eth0

On the first router,
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.2.0 * 255.255.255.0 U 0 0 0 br-lan 192.168.1.0 * 255.255.255.0 U 0 0 0 wlan0 

On the external facing router.
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface 
92.239.174.0    *               255.255.255.0   U     0      0        0 eth1
192.168.1.0 * 255.255.255.0 U 0 0 0 br-lan 
default         cpc20-shef11-2- 0.0.0.0         UG    0      0        0 eth1
My /etc/firewall.user is empty.I'm not sure how exactly to set OPTION FORWARD ACCEPT. 
Any ideas would be gratefully received.
James

On 16/02/12 08:57, Christ Schlacta wrote:

On 2/15/2012 10:54, James Allsopp wrote:

Hi,
Having a tricky time connecting two routers. I've got 192.168.1.1/24
which is my main link to the outside world and I've set up a second
router with a wireless interface (static 192.168.1.3/24) connected to
the primary using wpa2/psk. On the client, I've set the interface up
to be (static 192.168.2.1/24). I've set primary and secondary
interfaces to 194.168.4.100, and 194.168.8.100 respectively.

At the moment my laptop (connected to the client) can ping the client,
but nothing else. When I log into the client from the laptop, I can
ping the main router, all computers on 192.168.1.0, the laptop, and
the outside world (only by ip address not url).

Can anyone help me with my routing, and getting the client router to
use dns to resolve addresses?

My networking file is
config 'switch' 'eth0'
option 'enable' '1'

config 'switch_vlan' 'eth0_0'
option 'device' 'eth0'
option 'vlan' '0'
option 'ports' '0 1 2 3 5'

config 'switch_vlan' 'eth0_1'
option 'device' 'eth0'
option 'vlan' '1'
option 'ports' '4 5'

config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'

config 'interface' 'lan'
option 'type' 'bridge'
option 'proto' 'static'
option 'netmask' '255.255.255.0'
option 'ifname' 'eth0.0 eth0.1'
option 'ipaddr' '192.168.2.1'
option 'gateway' '192.168.1.3'
list 'dns' '194.168.4.100'
list 'dns' '194.168.8.100'

config 'interface' 'wan'
option '_orig_ifname' 'eth0.1'
option '_orig_bridge' 'false'
option 'proto' 'static'
option 'ipaddr' '192.168.1.3'
option 'netmask' '255.255.255.0'
list 'dns' '194.168.4.100'
list 'dns' '194.168.8.100'

config 'route'
option 'interface' 'lan'
option 'target' '192.168.2.1'
option 'netmask' '255.255.255.0'
option 'gateway' '192.168.1.3'

and my firewall is:
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1

config zone
option name lan
option network 'lan'
option input ACCEPT
option output ACCEPT
option forward REJECT

config zone
option name wan
option network 'wan'
option input ACCEPT
option output ACCEPT
option forward REJECT
option masq 0
option mtu_fix 1

config forwarding
option src lan
option dest wan

config forwarding
option src wan
option dest lan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4

# Allow IPv4 ping
config rule
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT

# Allow essential incoming IPv6 ICMP traffic
config rule
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
option limit 1000/sec
option family ipv6
option target ACCEPT

# Allow essential forwarded IPv6 ICMP traffic
config rule
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT

# include a file with users custom iptables rules
config include
option path /etc/firewall.user


Thanks,
James
_______________________________________________
openwrt-users mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-users

try setting OPTION FORWARD ACCEPT in the proper zones, and post ip route
show on all the relevant devices. (main router, second router, client)

and no, this is not a WPS setup. This is a bridge setup. Don't use WPS,
as it will halve your bandwidth.

Do you have anything meaningful in /etc/firewall.user?
_______________________________________________
openwrt-users mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-users

_______________________________________________
openwrt-users mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-users

Reply via email to