I have a WRT3200ACM and I would like to create wifi 2.4GHz and 5GHz. The wifi spot exists but I cannot access to Internet, neither in WIFI nor LAN. Here are my config files :
The modification I made on the default configuration was assigning firewall-zone of WAN to LAN.
Edit : I also changed IP Address of the LAN from 192.168.1.1 to 192.168.2.1.
Now I changed my configuration to get back to firewall-zone assigned to WAN (instead of LAN), and I disabled the 2.4GHz WAN connection.
Here are the results of my Ethernet connection :
Even with it, I can't access to Internet through the LAN cable.
In Network>Interfaces, I edited WAN to be under LAN firewall zone to check if this was about it. I thought we needed to do this to get an access from Internet. But even without it, I couldn't access to Internet. (with default configuration).
Then, I put it back to default configuration.
Indeed, there is two radio by default and I had to Enable wifi network on both of them.
#!/bin/sh
# BCP38 filtering implementation for CeroWrt.
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation; either version 3 of the License, or (at your option) any later
# version.
#
# Author: Toke Høiland-Jørgensen <toke@toke.dk>
STOP=$1
IPSET_NAME=bcp38-ipv4
IPTABLES_CHAIN=BCP38
. /lib/functions.sh
config_load bcp38
add_bcp38_rule()
{
local subnet="$1"
local action="$2"
if [ "$action" == "nomatch" ]; then
ipset add "$IPSET_NAME" "$subnet" nomatch
else
ipset add "$IPSET_NAME" "$subnet"
fi
}
detect_upstream()
{
local interface="$1"
subnets=$(ip route show dev "$interface" | grep 'scope link' | awk '{print $1}')
for subnet in $subnets; do
# ipset test doesn't work for subnets, so strip out the subnet part
# and test for that; add as exception if there's a match
addr=$(echo $subnet | sed 's|/[0-9]\+$||')
ipset test "$IPSET_NAME" $addr 2>/dev/null && add_bcp38_rule $subnet nomatch
done
}
run() {
local section="$1"
local enabled
local interface
local detect_upstream
config_get_bool enabled "$section" enabled 0
config_get interface "$section" interface
config_get detect_upstream "$section" detect_upstream
if [ "$enabled" -eq "1" -a -n "$interface" -a -z "$STOP" ] ; then
setup_ipset
setup_iptables "$interface"
config_list_foreach "$section" match add_bcp38_rule match
config_list_foreach "$section" nomatch add_bcp38_rule nomatch
[ "$detect_upstream" -eq "1" ] && detect_upstream "$interface"
fi
exit 0
}
setup_ipset()
{
ipset create "$IPSET_NAME" hash:net family ipv4
ipset flush "$IPSET_NAME"
}
setup_iptables()
{
local interface="$1"
iptables -N "$IPTABLES_CHAIN" 2>/dev/null
iptables -F "$IPTABLES_CHAIN" 2>/dev/null
iptables -I output_rule -m conntrack --ctstate NEW -j "$IPTABLES_CHAIN"
iptables -I input_rule -m conntrack --ctstate NEW -j "$IPTABLES_CHAIN"
iptables -I forwarding_rule -m conntrack --ctstate NEW -j "$IPTABLES_CHAIN"
# always accept DHCP traffic
iptables -A "$IPTABLES_CHAIN" -p udp --dport 67:68 --sport 67:68 -j RETURN
iptables -A "$IPTABLES_CHAIN" -o "$interface" -m set --match-set "$IPSET_NAME" dst -j REJECT --reject-with icmp-net-unreachable
iptables -A "$IPTABLES_CHAIN" -i "$interface" -m set --match-set "$IPSET_NAME" src -j DROP
}
destroy_ipset()
{
ipset flush "$IPSET_NAME" 2>/dev/null
ipset destroy "$IPSET_NAME" 2>/dev/null
}
destroy_iptables()
{
iptables -D output_rule -m conntrack --ctstate NEW -j "$IPTABLES_CHAIN" 2>/dev/null
iptables -D input_rule -m conntrack --ctstate NEW -j "$IPTABLES_CHAIN" 2>/dev/null
iptables -D forwarding_rule -m conntrack --ctstate NEW -j "$IPTABLES_CHAIN" 2>/dev/null
iptables -F "$IPTABLES_CHAIN" 2>/dev/null
iptables -X "$IPTABLES_CHAIN" 2>/dev/null
}
destroy_iptables
destroy_ipset
config_foreach run bcp38
exit 0
It seems to work now : I reset all to defaults once again and just changed my IP address to 192.168.2.1 (by ssh logging), and enabled 2 wifi. I must have done something wrong, modifying the interface and all. Thank you all !