Can you remind me -- what are the port numbers that connect to the router and the studio?
Port 1 = Studio AP
Port 2 = Connection between switches
Port 3 = Garage AP
Port 4 = Garden AP
Port 5 = connection from Main Router
To clarify (please correct anything that is wrong):
- your PC is getting an address via DHCP from VLAN 1?
- The PC is connected to port eth1?
- The connection to the managed switch is via eth0?
If this is all correct, one possible cause would be if eth1 is still attached to VLAN 1 (untagged) in addition to VLAN 4 (untagged).
Woohoo! That's why I asked those questions.
If it's all working now...
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks!
One last issue i am noticing is that i can't access my bridge modem WebUI anymore on DomNetwork
So you're trying to reach 10.0.1.1 from 10.0.3.0/24 and it's not working?
From the main router...
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </>
" button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
cat /etc/config/network
cat /etc/config/firewall
root@Cudy:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fc00:dead:beef::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
config interface 'lan'
option device 'br-lan.1'
option proto 'static'
option ip6assign '64'
option ip6weight '145'
option delegate '0'
option ip6ifaceid '::1'
list ipaddr '10.0.0.1/24'
list dns '127.0.0.1'
list dns '0::1'
option dns_metric '20'
config interface 'wan'
option device 'wan'
option proto 'pppoe'
option username 'xx'
option password 'xx'
option ipv6 'auto'
option peerdns '0'
list dns '1.1.1.1'
list dns '1.0.0.1'
option dns_metric '50'
config interface 'wan6'
option device '@wan'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option peerdns '0'
list dns '2606:4700:4700::1111'
list dns '2606:4700:4700::1001'
option dns_metric '55'
config interface 'WAN_MGMT'
option proto 'static'
option device 'wan'
list ipaddr '10.0.1.2/30'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan1:u*'
list ports 'lan2:u*'
list ports 'lan3:u*'
config bridge-vlan
option device 'br-lan'
option vlan '3'
list ports 'lan3:t'
config bridge-vlan
option device 'br-lan'
option vlan '4'
list ports 'lan3:t'
config interface 'Guest'
option proto 'static'
option device 'br-lan.3'
option delegate '0'
list ipaddr '10.0.2.1/24'
list dns '127.0.0.1'
list dns '0::1'
config interface 'DomNetwork'
option proto 'static'
option device 'br-lan.4'
list dns '127.0.0.1'
list dns '0::1'
list ipaddr '10.0.3.1/24'
root@Cudy:~# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'NAS'
option src 'wan'
option src_dport '445'
option dest_ip '10.0.0.180'
option dest_port '445'
config zone
option name 'mgmt'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
list network 'WAN_MGMT'
config forwarding
option src 'lan'
option dest 'mgmt'
config forwarding
option src 'mgmt'
option dest 'lan'
config nat
option name 'NoNAT'
option family 'ipv6'
list proto 'all'
option src 'lan'
option target 'ACCEPT'
config forwarding
option src 'mgmt'
option dest 'wan'
config rule
option name 'DNS-WAN-BLOCK'
option dest 'wan'
option target 'REJECT'
option src '*'
option dest_port '53'
config zone
option name 'GuestZone'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'Guest'
config forwarding
option src 'GuestZone'
option dest 'wan'
config rule
option name 'Vlan3-DHCP-DNS'
option src 'GuestZone'
option dest_port '53 67 68'
option target 'ACCEPT'
config zone
option name 'DomNetwork'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'DomNetwork'
config forwarding
option src 'DomNetwork'
option dest 'lan'
config forwarding
option src 'DomNetwork'
option dest 'mgmt'
config forwarding
option src 'lan'
option dest 'DomNetwork'
config forwarding
option src 'mgmt'
option dest 'DomNetwork'
config forwarding
option src 'DomNetwork'
option dest 'wan'
I see no reason the DomNetwork wouldn't be able to reach WAN_MGMT.
Does it work from the other networks?
can get the webui working from phone wi-fi so it seems to be accessible from main LAN.
Also i've noticed i can't access my NAS (10.0.0.180) shared drive but i can access it's webUI.
I am able to ping all of the devices though
If you connect your phone to the DomNetwork, can it reach the bridge modem's web UI?
How are you trying to access it and from where?
from my pc (vlan4)
The forwards seem correct (a bit more than is necessary, though, but that doesn't harm anything).
What is the method? IP address? something else?
hostname i have set up on main router
Try with the IP address directly.
Oh that works for the NAS but not for bridge modem, any ideas why i can't access them through hostnames?
Try your phone on the dom network to access the bridge modem.
Try testing the name resolution. On a Mac/Linux box, you can use nslookup <hostname_of_nas>
just tested access from android device on vlan4. the webui works. not sure why my windows device can't access it
No idea, either, but that means it is a Windows/browser issue, not related to OpenWrt.