Oh, boy I've got a situation. The router I am using is a TL-WDR3600. Fresh OpenWrt 18.06. I don't have any fixed Internet at my house. We live out in the middle of nowhere, so our only option is cellphones using USB or WiFi tethering. I have opted for USB. The hard part is that I have my phone that I want to provide Internet for my computers, (which are all wired Ethernet), but my Mom wants her USB jetpack to provide the WiFi for the house. I want all the devices to be able to communicate over LAN. I installed the packages that were listed on here.
My Mom's jetpack is always interface usb0 because it is always there and goes into USB tethering mode instantly. My phone is always usb1 because I need to tell the phone to enter that mode so it connects after the jetpack.
The router has 4 Ethernet jacks, all of which should use the usb1 interface for the Internet-bound data. I want a wireless network that will use usb0 for Internet-bound data. I want everything that is either connected over wired or wireless to be able to communicate as one LAN.
I am very comfortable with the command line, if it is easier to do like that, but I can use LuCI too. Thanks in advance.
Maybe you need to create a few rules
and static routes for each internet connection?
For more complex configurations and fine tuning, mwan3 would be the way to do it.
Alright, I tried some stuff. Here is the contents of /etc/config/firewall:
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option forward 'REJECT'
option output 'ACCEPT'
option name 'JET_wan'
option masq '1'
option mtu_fix '1'
option network 'JET'
option input 'REJECT'
config forwarding
option dest 'JET_wan'
option src 'lan'
config forwarding
option dest 'wan'
option src 'lan'
and here is the contents of /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fda3:3b68:0c70::/48'
config interface 'lan'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ifname 'eth0.1'
config interface 'wan'
option proto 'dhcp'
option ifname 'usb1'
option type 'bridge'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '0t 2 3'
config interface 'JET'
option proto 'dhcp'
option type 'bridge'
option ifname 'usb0'
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '0t 4 5'
option vid '2'
config switch_vlan
option device 'switch0'
option vlan '4'
option ports '0t 1'
option vid '3'
and /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'platform/ar934x_wmac'
option htmode 'HT20'
option country 'US'
option legacy_rates '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'psk2'
option key '<THE KEY>'
option network 'lan JET'
The way I tried setting it up was with the usb1 interface attached to wan, and usb0 on JET. The Internet traffic goes to the correct device, but the LAN traffic does not work when over WiFi.
No wonder, I don't see that you tried anything I mentioned earlier.
Moreover this is wrong:
You cannot bridge the lan with the wan
I got it finished. I used mwan3, but just for the rules, not the load balancing. I have 2 wans, wan and wanb. wan uses the usb0 interface, wanb uses usb1. I have 4 mwan3 members: wan_m1_w1, wanb_m1_w1, wan_m2_w1, and wanb_m2_w1. (m is the metric, all the weights are 1). I have 4 policies: wan_only, wanb_only, wan_wanb, and wanb_wan. All of these have the last resort of unreachable. The members of each policy are respectively as follows:
wan_m1_w1,
wanb_m1_w1,
wan_m1_w1, wanb_m2_w1,
wanb_m1_w1, wan_m2_w1.
I then set the default rule to use wan, which was the JET interface before. I made a rule for each of MY devices, (which have reserved IPs), to use the wanb policies.
In the firewall I configured wanb exactly the same as the default wan interface.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.