Hello,
Can you help with one of my router configuration?
I have a master router directly connected to the internet by using "bridge mode on port4" of ISP router. My router is using openwrt and it is working fine doing its job of managing my house network. This router local IP is 192.168.1.1 and is the DHCP server of my network.
I have another router (TP-Link Archer C2 v1) with latest version openwrt (stable OpenWrt 23.05.0) that I use as a "dumb" switch and wifi AP to extend the internet to the other end of my house. This router local IP is 192.168.1.14 and is connected by cable to the master router, and I need to use the other 4 ports to connect other devices to it and also wifi of this router to extend wifi coverage. I want all of the devices to be in the same network (visible to each other) and the management to be done on the "master" router.
Following some guides here, I managed to configure WAN port as a LAN port and Wifi as desired - all of the devices connected to it have access to the internet and can "see" each other device on the network. But the router itself cannot "access" the internet, because it cannot update openwrt packages or even do its time synchronization.
What configuration should I change?
Here are my network, wireless and firewall configurations:
network file configuration:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd4a:bd32:fc0b::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.14'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'eth0.2'
option macaddr 'c4:e9:84:f3:77:4d'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '0'
config switch
option name 'switch1'
option reset '1'
option enable_vlan '1'
option enable_vlan4k '1'
config switch_vlan
option device 'switch1'
option vlan '1'
option ports '0 1 2 3 4 6t'
wireless file configuration:
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11a'
option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
option country 'PT'
option channel 'auto'
option htmode 'HT40'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option encryption 'psk-mixed'
option ft_over_ds '0'
option dtim_period '3'
option ft_psk_generate_local '1'
option ieee80211r '1'
option key 'password'
option ssid 'xx5G'
option mobility_domain '456A'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11g'
option path 'platform/10180000.wmac'
option country 'PT'
option htmode 'HT40'
option channel 'auto'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option encryption 'psk-mixed'
option ft_over_ds '0'
option dtim_period '3'
option ssid 'xx'
option mobility_domain '123F'
option ft_psk_generate_local '1'
option ieee80211r '1'
option key 'password'
firewall configuration file:
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
list network 'wan6'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
config rule
option name Allow-IGMP
option src wan
option proto igmp
option family ipv4
option target ACCEPT
# Allow DHCPv6 replies
# see https://github.com/openwrt/openwrt/issues/5066
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option dest_port 546
option family ipv6
option target ACCEPT
config rule
option name Allow-MLD
option src wan
option proto icmp
option src_ip fe80::/10
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family ipv6
option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
config rule
option name Allow-IPSec-ESP
option src wan
option dest lan
option proto esp
option target ACCEPT
config rule
option name Allow-ISAKMP
option src wan
option dest lan
option dest_port 500
option proto udp
option target ACCEPT
Thank you very much.
Carlos Oliveira