I changed both firewalls to everything accept and I put the option ignor lines into the dhcp files
I restarted both firewalls
and I added the interfaces to both lan zones (car and lane)
also, I don't think that I need any ipv6 stuff
Right. I've got some updates. First things first: bear in mind that my lab is virtual only, and does not have any wireless interfaces. I had to extemporise with the configuration and cannot be 100% confident that I haven't overlooked something. You may well have to adapt the information here, especially the physical device names for the network; don't just copy and paste blindly.
That said, here goes:
Car /etc/config/network:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '10.249.31.251'
option netmask '255.255.255.0'
config device
option name 'br-wan'
option type 'bridge'
list ports 'eth1'
config interface 'wan'
option device 'br-wan'
option proto 'static'
option ipaddr '10.249.1.36'
option netmask '255.255.255.0'
Car /etc/config/wireless:
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/10300000.wmac'
option channel '1'
option band '2g'
option htmode 'HT20'
option disabled '0'
config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'sta'
option ssid 'ATRS-A7'
option key 'P4ssw0rd7'
option encryption 'psk2'
option network 'wan'
Car /etc/config/firewall:
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward ACCEPT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1
config zone
option name lan
list network 'lan'
list network 'mgmt'
list network 'wan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
option input ACCEPT
option output ACCEPT
option forward ACCEPT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
config forwarding
option src wan
option dest lan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
config rule
option name Allow-IGMP
option src wan
option proto igmp
option family ipv4
option target ACCEPT
# Allow DHCPv6 replies
# see https://github.com/openwrt/openwrt/issues/5066
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option dest_port 546
option family ipv6
option target ACCEPT
config rule
option name Allow-MLD
option src wan
option proto icmp
option src_ip fe80::/10
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family ipv6
option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
config rule
option name Allow-IPSec-ESP
option src wan
option dest lan
option proto esp
option target ACCEPT
config rule
option name Allow-ISAKMP
option src wan
option dest lan
option dest_port 500
option proto udp
option target ACCEPT
Lane /etc/config/network:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '10.249.1.253'
option netmask '255.255.255.0'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
config route
option interface 'lan'
option target '10.249.31.0/24'
option gateway '10.249.1.35'
Lane /etc/config/wireless:
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/10300000.wmac'
option channel '1'
option band '2g'
option htmode 'HT20'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'ATRS-A7'
option encryption 'psk2'
option key 'P4ssw0rd7'
Lane /etc/config/firewall:
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward ACCEPT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1
config zone
option name lan
list network 'lan'
list network 'mgmt'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
config forwarding
option src wan
option dest lan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
config rule
option name Allow-IGMP
option src wan
option proto igmp
option family ipv4
option target ACCEPT
# Allow DHCPv6 replies
# see https://github.com/openwrt/openwrt/issues/5066
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option dest_port 546
option family ipv6
option target ACCEPT
config rule
option name Allow-MLD
option src wan
option proto icmp
option src_ip fe80::/10
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family ipv6
option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
config rule
option name Allow-IPSec-ESP
option src wan
option dest lan
option proto esp
option target ACCEPT
config rule
option name Allow-ISAKMP
option src wan
option dest lan
option dest_port 500
option proto udp
option target ACCEPT
The example configuration files in my previous post set up two subnets: 10.249.1.0/24 and 10.249.31.0/24, with a route configured on the Lane device to send any traffic destined for 10.249.31.0/24 to the other router at 10.249.1.36.
"Master's" IP address will have to be changed to sit in the 10.249.1.0/24 subnet, for logical communication to be possible.
ok, I will configure my system shortly and report back to you in about an hour. My wife just fixed me a good lunch, so I am going to eat and then test your configuration. Thank you very much for all your input.
1 Like
You're welcome. Enjoy your lunch (I took a break for my supper an hour ago).
so, my lane open wrt is running. the wlan0 interface came up with no IP address but I manually entered ifconfig wlan0 10.249.1.35 netmask 255.255.255.0 and it worked. the car however is not.
ifconfig in the lane prior to my command
br-lan Link encap:Ethernet HWaddr 40:A3:6B:C3:20:17
inet addr:10.249.1.253 Bcast:10.249.1.255 Mask:255.255.255.0
inet6 addr: fe80::42a3:6bff:fec3:2017/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:59 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2950 (2.8 KiB) TX bytes:816 (816.0 B)
eth0 Link encap:Ethernet HWaddr 40:A3:6B:C3:20:17
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:107 errors:0 dropped:0 overruns:0 frame:0
TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9172 (8.9 KiB) TX bytes:1242 (1.2 KiB)
Interrupt:5
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:52 errors:0 dropped:0 overruns:0 frame:0
TX packets:52 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4264 (4.1 KiB) TX bytes:4264 (4.1 KiB)
wlan0 Link encap:Ethernet HWaddr 40:A3:6B:C3:20:16
inet6 addr: fe80::42a3:6bff:fec3:2016/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:64 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:5644 (5.5 KiB)
ifconfig command after
br-lan Link encap:Ethernet HWaddr 40:A3:6B:C3:20:17
inet addr:10.249.1.253 Bcast:10.249.1.255 Mask:255.255.255.0
inet6 addr: fe80::42a3:6bff:fec3:2017/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:219 errors:0 dropped:0 overruns:0 frame:0
TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:11052 (10.7 KiB) TX bytes:1194 (1.1 KiB)
eth0 Link encap:Ethernet HWaddr 40:A3:6B:C3:20:17
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:267 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:19514 (19.0 KiB) TX bytes:1620 (1.5 KiB)
Interrupt:5
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:120 errors:0 dropped:0 overruns:0 frame:0
TX packets:120 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9840 (9.6 KiB) TX bytes:9840 (9.6 KiB)
wlan0 Link encap:Ethernet HWaddr 40:A3:6B:C3:20:16
inet addr:10.249.1.35 Bcast:10.249.1.255 Mask:255.255.255.0
inet6 addr: fe80::42a3:6bff:fec3:2016/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:220 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:18414 (17.9 KiB)
the car is not configured properly (or I made a mistake) there is no wlan0 interface
br-lan Link encap:Ethernet HWaddr 40:A3:6B:C3:21:7F
inet addr:10.249.31.251 Bcast:10.249.31.255 Mask:255.255.255.0
inet6 addr: fe80::42a3:6bff:fec3:217f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:94 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:14168 (13.8 KiB) TX bytes:1480 (1.4 KiB)
br-wan Link encap:Ethernet HWaddr 2A:22:36:60:C0:0D
inet addr:10.249.1.36 Bcast:10.249.1.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0 Link encap:Ethernet HWaddr 40:A3:6B:C3:21:7F
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:343 errors:0 dropped:0 overruns:0 frame:0
TX packets:41 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:61145 (59.7 KiB) TX bytes:4842 (4.7 KiB)
Interrupt:5
root@OpenWrt:/etc/config# ifconfig wlan0
ifconfig: wlan0: error fetching interface information: Device not found
also I need the ip address to automatically go into the wlan0 device in the lane, because i will have no access to enter it manually
This strikes me as odd. The Wi-Fi should, if working as expected, be bridged to the LAN interface, so would share the same IP address. It shouldn't be necessary to give the Wi-Fi interface its own IP address. This is unusual.
Let's take a look at where you are now, and try to work out some next steps.
What are the contents of /etc/config/network, /etc/config/wireless, and /etc/config/firewall as they are right now, on both OpenWRT instances?
ok I will get them. on a side note, in the car I have no eth1 device
config device
option name 'br-wan'
option type 'bridge'
list ports 'eth1'
ifconfig in the car device
br-lan Link encap:Ethernet HWaddr 40:A3:6B:C3:21:7F
inet addr:10.249.31.251 Bcast:10.249.31.255 Mask:255.255.255.0
inet6 addr: fe80::42a3:6bff:fec3:217f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:263 errors:0 dropped:0 overruns:0 frame:0
TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:42606 (41.6 KiB) TX bytes:1598 (1.5 KiB)
br-wan Link encap:Ethernet HWaddr 2A:22:36:60:C0:0D
inet addr:10.249.1.36 Bcast:10.249.1.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0 Link encap:Ethernet HWaddr 40:A3:6B:C3:21:7F
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:512 errors:0 dropped:0 overruns:0 frame:0
TX packets:42 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:91949 (89.7 KiB) TX bytes:4960 (4.8 KiB)
Interrupt:5
I will double check myself and post your requests in a couple minutes
This is not unusual; every device is different and, as I indicated earlier, I had to extemporise as my lab doesn't have wireless networking. It's highly likely you may have to use my results only as a building block, changing elements to suit your deployment.
possibly this should be in the car network file but it is currently in the lane network file
or maybe I am confused.
please don't misunderstand me I am exceedingly grateful for your help and I am in no way complaining
network file in the lane
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '10.249.1.253'
option netmask '255.255.255.0'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
config route
option interface 'lan'
option target '10.249.31.0/24'
option gateway '10.249.1.35'
network file in the car
interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '10.249.31.251'
option netmask '255.255.255.0'
config device
option name 'br-wan'
option type 'bridge'
list ports 'eth1'
config interface 'wan'
option device 'br-wan'
option proto 'static'
option ipaddr '10.249.1.36'
option netmask '255.255.255.0'
wireless file on the lane
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/10300000.wmac'
option channel '1'
option band '2g'
option htmode 'HT20'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'ATRS-A7'
option encryption 'psk2'
option key 'P4ssw0rd7'
wireless file on the car
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/10300000.wmac'
option channel '1'
option band '2g'
option htmode 'HT20'
option disabled '0'
config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'sta'
option ssid 'ATRS-A7'
option key 'P4ssw0rd7'
option encryption 'psk2'
option network 'wan'
firewall on the lane
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward ACCEPT
# Uncomment this line to disable ipv6 rules
option disable_ipv6 1
config zone
option name lan
list network 'lan'
list network 'mgmt'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
config forwarding
option src wan
option dest lan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
config rule
option name Allow-IGMP
option src wan
option proto igmp
option family ipv4
option target ACCEPT
# Allow DHCPv6 replies
# see https://github.com/openwrt/openwrt/issues/5066
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option dest_port 546
option family ipv6
option target ACCEPT
config rule
option name Allow-MLD
option src wan
option proto icmp
option src_ip fe80::/10
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family ipv6
option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
config rule
option name Allow-IPSec-ESP
option src wan
option dest lan
option proto esp
option target ACCEPT
config rule
option name Allow-ISAKMP
option src wan
option dest lan
option dest_port 500
option proto udp
option target ACCEPT`
firewall in the car
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward ACCEPT
# Uncomment this line to disable ipv6 rules
option disable_ipv6 1
config zone
option name lan
list network 'lan'
list network 'mgmt'
list network 'wan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
option input ACCEPT
option output ACCEPT
option forward ACCEPT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
config forwarding
option src wan
option dest lan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
config rule
option name Allow-IGMP
option src wan
option proto igmp
option family ipv4
option target ACCEPT
# Allow DHCPv6 replies
# see https://github.com/openwrt/openwrt/issues/5066
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option dest_port 546
option family ipv6
option target ACCEPT
config rule
option name Allow-MLD
option src wan
option proto icmp
option src_ip fe80::/10
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family ipv6
option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
config rule
option name Allow-IPSec-ESP
option src wan
option dest lan
option proto esp
option target ACCEPT
config rule
option name Allow-ISAKMP
option src wan
option dest lan
option dest_port 500
option proto udp
option target ACCEPT
Nothing wrong with being confused; we're not all born learning TCP/IP networking in the womb.
A firewall answers the question, "Is this traffic permitted?"
A router answers the question, "Where do I send this traffic next?"
To send traffic to 10.249.31.0/24, the router has to know a route - a path - to that subnet. And the directive you highlighted provides the route - the path - to that subnet.
"I need to send this to 10.249.31.0/24. Is that subnet directly attached to me?"
"No, it is not."
"Do I know a route for that subnet?"
"Yes, I do. Send everything for 10.249.31.0/24 via 10.249.1.35."
I did say not to copy and paste everything blindly. I made a mistake when pasting those configurations. I also included the temporary configuration I had to add to be able to manage my lab guests from my workstation.
I removed some of the temporary configuration, but not all of it. That's my error, and I apologise, but it does show the importance of sanity-checking everything first.
You don't have a mgmt network on either device, so while those lines are there your firewall will whine about the network not existing. Remove all references to mgmt and instead add the wan interface to the lan zone so that both the lan and wan interfaces sit in the same zone.
Then try this...
Remove this section:
onfig device
option name 'br-wan'
option type 'bridge'
list ports 'eth1'
And then edit the next section thus:
config interface 'wan'
option proto 'static'
option ipaddr '10.249.1.36'
option netmask '255.255.255.0'
I read your comment about the "don't blindly copy and paste, but I am so ignorant that i didn't have the ability to see your management stuff. i read the files but I ended up just copy because I thought they looked good. sorry. I have your configuration but I still have no communication between the car (10.249.31.33) and the lane (10.249.1.32). the car openwrt client device (10.249.1.36) can ping the lane (10.249.1.32) and it can also ping the car (10.249.31.33) .
You can try to put all IP in one 10.249.31.xx range, I think it's easier. Besides, all AP and all device are in the local network.
For Openwrt AP, you can set it with DUMB AP, try to check on openwrt dumb AP documentation or check it on youtube.
On dumb AP, you will disable firewall, dnsmasq and odhcpd (not needed on dumb AP).