Hi,
Can anyone help with this, I'm completely out of ideas? I'm trying to
follow the instructions here
http://wiki.openwrt.org/doc/recipes/routedclient . I've done a complete
reinstall of the client router, all I've done is change:
/etc/config/firewall
config 'zone'
option 'name' 'wan'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'
option 'mtu_fix' '1'
option 'masq' '0'
config 'forwarding'
option 'src' 'wan'
option 'dest' 'lan'
The wireless (wan) is on a fixed static lease from the main router
(192.168.1.3) and the bridged eth0 connections (lan) are set statically
as 192.168.2.1 and runs dhcp for clients.
When I connect my laptop via a wire to the client, I get an ip address
and can ping and log into the router. From this ssh connection, I can
ping everywhere. What I can't do is see anywhere beyond the client from
the laptop.
Any assistance you can offer would be greatly appreciated.
James
On 16/02/12 08:57, Christ Schlacta wrote:
On 2/15/2012 10:54, James Allsopp wrote:
Hi,
Having a tricky time connecting two routers. I've got 192.168.1.1/24
which is my main link to the outside world and I've set up a second
router with a wireless interface (static 192.168.1.3/24) connected to
the primary using wpa2/psk. On the client, I've set the interface up
to be (static 192.168.2.1/24). I've set primary and secondary
interfaces to 194.168.4.100, and 194.168.8.100 respectively.
At the moment my laptop (connected to the client) can ping the client,
but nothing else. When I log into the client from the laptop, I can
ping the main router, all computers on 192.168.1.0, the laptop, and
the outside world (only by ip address not url).
Can anyone help me with my routing, and getting the client router to
use dns to resolve addresses?
My networking file is
config 'switch' 'eth0'
option 'enable' '1'
config 'switch_vlan' 'eth0_0'
option 'device' 'eth0'
option 'vlan' '0'
option 'ports' '0 1 2 3 5'
config 'switch_vlan' 'eth0_1'
option 'device' 'eth0'
option 'vlan' '1'
option 'ports' '4 5'
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'interface' 'lan'
option 'type' 'bridge'
option 'proto' 'static'
option 'netmask' '255.255.255.0'
option 'ifname' 'eth0.0 eth0.1'
option 'ipaddr' '192.168.2.1'
option 'gateway' '192.168.1.3'
list 'dns' '194.168.4.100'
list 'dns' '194.168.8.100'
config 'interface' 'wan'
option '_orig_ifname' 'eth0.1'
option '_orig_bridge' 'false'
option 'proto' 'static'
option 'ipaddr' '192.168.1.3'
option 'netmask' '255.255.255.0'
list 'dns' '194.168.4.100'
list 'dns' '194.168.8.100'
config 'route'
option 'interface' 'lan'
option 'target' '192.168.2.1'
option 'netmask' '255.255.255.0'
option 'gateway' '192.168.1.3'
and my firewall is:
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1
config zone
option name lan
option network 'lan'
option input ACCEPT
option output ACCEPT
option forward REJECT
config zone
option name wan
option network 'wan'
option input ACCEPT
option output ACCEPT
option forward REJECT
option masq 0
option mtu_fix 1
config forwarding
option src lan
option dest wan
config forwarding
option src wan
option dest lan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
option limit 1000/sec
option family ipv6
option target ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
Thanks,
James
_______________________________________________
openwrt-users mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-users
try setting OPTION FORWARD ACCEPT in the proper zones, and post ip route
show on all the relevant devices. (main router, second router, client)
and no, this is not a WPS setup. This is a bridge setup. Don't use WPS,
as it will halve your bandwidth.
Do you have anything meaningful in /etc/firewall.user?
_______________________________________________
openwrt-users mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-users
_______________________________________________
openwrt-users mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-users
