Computer: Onion Omega2S
OS: LEDE 17.01
I am setting up the Omega2S as a hotspot router and have connected a ME906s-158 modem to the USB port.
I can connect to the computer by running ssh root@omega-39FF.local on my MAC. "omega-39FF" is the SSID.
I can access the internet by ping 8.8.8.8.
But when I connect my mobile phone to the omega-39FF WiFi network & open a browser, I cannot connect to the internet.
I am not too familiar with LEDE. On Debian, I set up forwarding using iptables. So, I tried setting up using iptables, but it did not work.
iptables -t nat -A POSTROUTING -o usb0 -j MASQUERADE
iptables -A FORWARD -i wlan -o usb0 -j ACCEPT
Running ip addr shows
4: usb0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
link/ether 02:1e:10:1f:00:00 brd ff:ff:ff:ff:ff:ff
inet 100.xxx.96.3/29 brd 100.xxx.96.7 scope global usb0
valid_lft forever preferred_lft forever
inet6 fe80::1e:10ff:fe1f:0/64 scope link
valid_lft forever preferred_lft forever
6: apcli0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 1000
link/ether 40:a3:6b:c0:39:00 brd ff:ff:ff:ff:ff:ff
inet6 fe80::42a3:6bff:fec0:3900/64 scope link
valid_lft forever preferred_lft forever
7: br-wlan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 40:a3:6b:c0:39:ff brd ff:ff:ff:ff:ff:ff
inet 192.168.3.1/24 brd 192.168.3.255 scope global br-wlan
valid_lft forever preferred_lft forever
inet6 fd1d:48c4:7633::1/60 scope global
valid_lft forever preferred_lft forever
inet6 fe80::42a3:6bff:fec0:39ff/64 scope link
valid_lft forever preferred_lft forever
I tried configuring a usb zone in /etc/config/firewall, but I still could not access the internet from my mobile phone.
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option disable_ipv6 '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'wlan'
config zone
option name 'wan'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wwan'
option input 'ACCEPT'
config zone
option name 'usb'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
option mtu_fix '1'
list network 'usb'
list network 'wlan'
option input 'ACCEPT'
config forwarding
option src 'lan'
option dest 'wan'
config forwarding
option src 'lan'
option dest 'usb'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config rule
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
I believe FORWARDING is not set up properly. Any help is appreciated.