Creating separate network interface for Wi-Fi

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi. I have problem with creating new network interface. I want to use it only for Wi-Fi connection so that I can specify it in adblock for mobile only adblocking.
However, I can't do that. I created WiFi_adb interface, set it up just like LAN interface but with only Wireless Network in "physical settings" tab. Then I went to Wireless tab and changed interface from LAN to WiFi_adb, connected to it on my phone and it does connect, but internet doesn't work.

What am I doing wrong?

2

The firewall needs to be set up. An interface that is not in a firewall zone can't forward to the WAN and internet.

1 Like
3

I did set firewall up. I guess. In "Firewall" tab I assigned it to existing LAN network.

4

You removed the WiFi from the LAN while setting it up..but did you create a new VLAN and Bridge for WiFi_adb to be moved to?

  • It's possible you have no DHCP server on WiFi_adb, and therefore, no IP
  • It could also be that when you setup another firewall zone, you didn't permit forwarding from WiFi_adb to WAN
  • You don't seem to have created/assigned a VLAN or bridge for the WiFi. Usually, WiFi is bridged to a VLAN

If you do this, you still need a traffic rule to allow forwarding between two interfaces/LANs in the same zone.

5

I'm pretty newbie when it comes to anything router or network related, so I guess I will provide screenshots of my configuration: Imgur album

WiFi-adblock is wireless network that I tried to make this work, WiFi is the one with default settings.

Also, I don't know what did you mean by creating new VLAN and Bridge, as I said I'm pretty new to this

6

Earlier, you noted:

If you observe your default system configuration, you'll notice the following things:

  • The original WiFi was attached to a Bridge, which was connected to VLAN1 (the "LAN")
  • If you create a WiFi for a another network, you must also create a Bridge and VLAN for it to connect with (i.e. create a LAN2, or add it to LAN)
  • Since you have no bridge, there's no way for the data to leave WiFi and go to the "LAN"

It seems you want your WiFi to do special adblocking different from your wired LAN...I'm not sure why you can't simply use WiFi as default, and apply the script to your WiFi interface (without need to reconfigure your router's interfaces, VLANs and WiFi). Adblock seems to include an option for this out-the-box.

Hope this helps.

7

Thanks for help, but I gave up, I can't do this.

8

No problem. Best wishes.

If you want to try later (using an easier method)...you don't have to remove the orginal LAN WiFi from the default. Leave it as it, if it causes you confusion.

You would go to Interfaces page and make an entirely new interface...adding a VLAN3 and Bridge - then just setup forwarding to WAN accordingly under the Firewall-General page. You'd then build a whole new WiFi under Wireless: with a new SSID and attach it to the newly built Interface.

The only caveat is, all SSIDs will be on the same WiFi channel for each PHY used (e.g. the 2.4 or 5.4 GHz chip).

9

Only thing that I don't understand is "adding a VLAN3 and Bridge", could you tell me where should I look for it?

10

You find it under the Interfaces page during the process of creating a new one.

  • Make an interface with the "Static Address" protocol
  • Number and mask your network
  • Setup DHCP
  • Under Physical Settings, add the Interface to a new "Custom Interface" that you name ethx.3, x being the number of the Ethernet card in your router (usually 0, you will write it exactly as you see VLANs 1 and 2, simply changing the number following the period to a 3).
  • From there, you also check the box "Bridge interfaces help creates a bridge over specified interface(s)"
  • Add it to a new Firewall Zone

Now, wireless:

  • You then proceed to creating a new SSID and adding it to the new Interface created on the Interface page

Lastly, confirm firewall:

  • Remember to visit the Firewall page and allow forwarding from the new zone to the WAN
1 Like
11

Okay, sooo I did everything that you wrote, but it still doesn't work.
Should I set up Network -> switch somehow?

12

If you need a wired LAN for the new network, yes....that was just WiFi. You mentioned a switch, so I'm guessing you want to plug in a device now.

Next...what "doesn't work?"
At this point, you should have a new WiFi network that can reach the Internet and that you can apply adblock to.

I happened to have just finished assisting someone in adding their new VLAN to a switch port, here: Separate subnet on physical port #4

Be sure to read the whole thread and understand how your router's CPU is tagged, and to properly identify the port you want to convert to VLAN 3. Each device running LEDE is different.