Creating seperate WLAN network

Hm, yes. I followed your instruction exactly and it did indeed work.

The sad part is I don't understand why, but that's my problem.

Just FYI: I also did the way where I not create a new interface under network -> interfaces but while configuring the new wireless network (checkbox at "create" and then typing in the new network name). Following the rest of your steps worked as well, then.

Thank you guys, again, for helping me, it works now.

greetings
Max

Flippin' heck.
I just redid the whole configuration (trying to understand it better), I'm pretty sure I did it exactly like before. But now if I'm trying to join my wireless IOT net, I get stuck at getting an ip adress. Like DHCP isn't running. Even if I restore the backup I made while it was actually working, it doenst work.

I'm sorry...but I gotta ask again

• I reset the device
• typed in the new password twice
• set the ip adress of LAN (192.168.10.253 /24, Gateway and DNS 192.168.10.254 (my isp modem router), deactivated dhcp and ipv6 functions (save and apply)
• logged in with the new ip adress, created my internal wireless network, set up all the settings (save and apply) and tested it sucessfully
• deactivated firewall, dnsmasq and odhpcd, rebootet the device via gui
• went into network - interfaces and created a new interface, named "G_LAN", physical connection eth0 (I changed nothing, Submit)
• set up the ip address (10.10.10.254 /24, GW and DNS still 192.168.10.254) (hit save)
• activated dhcp on this network, start at 100, max 150 leases
• went in the next tab to firewall settings, created a new zone called "glanzone" (save and apply)
• went to the network > firewall section, edited the "glanzone"-zone, changed "forward" to accept, allowed LAN as forwarded destination zone (save and apply)
• checked both boxes "masquerade" and "MSS clamp" at the "LAN"- interface, removed it from the "WAN" zone (save and apply)
• went into my wireless settings, created a new wireless network + SSID and assigned "G_LAN" as its network (save) then I went into advanced settings and activated Client Isolation (save and apply)

Then I was trying to test it and oh look, it doesn't work. What have I done wrong? Tried rebooting the device with no success. The internal wireless network is still working fine. Please, I'm going crazy over this

/etc/config/firewall:

root@OpenWrt:/etc/config# cat firewall

config defaults
       option syn_flood '1'
       option input 'ACCEPT'
       option output 'ACCEPT'
       option forward 'REJECT'

config zone
       option name 'lan'
       option input 'ACCEPT'
       option output 'ACCEPT'
       option forward 'ACCEPT'
       option network 'lan'
       option masq '1'
       option mtu_fix '1'

config zone
       option name 'wan'
       option input 'REJECT'
       option output 'ACCEPT'
       option forward 'REJECT'
       option network 'wan wan6'

config forwarding
       option src 'lan'
       option dest 'wan'

config rule
       option name 'Allow-DHCP-Renew'
       option src 'wan'
       option proto 'udp'
       option dest_port '68'
       option target 'ACCEPT'
       option family 'ipv4'

config rule
       option name 'Allow-Ping'
       option src 'wan'
       option proto 'icmp'
       option icmp_type 'echo-request'
       option family 'ipv4'
       option target 'ACCEPT'

config rule
       option name 'Allow-IGMP'
       option src 'wan'
       option proto 'igmp'
       option family 'ipv4'
       option target 'ACCEPT'

config rule
       option name 'Allow-DHCPv6'
       option src 'wan'
       option proto 'udp'
       option src_ip 'fc00::/6'
       option dest_ip 'fc00::/6'
       option dest_port '546'
       option family 'ipv6'
       option target 'ACCEPT'

config rule
       option name 'Allow-MLD'
       option src 'wan'
       option proto 'icmp'
       option src_ip 'fe80::/10'
       list icmp_type '130/0'
       list icmp_type '131/0'
       list icmp_type '132/0'
       list icmp_type '143/0'
       option family 'ipv6'
       option target 'ACCEPT'

config rule
       option name 'Allow-ICMPv6-Input'
       option src 'wan'
       option proto 'icmp'
       list icmp_type 'echo-request'
       list icmp_type 'echo-reply'
       list icmp_type 'destination-unreachable'
       list icmp_type 'packet-too-big'
       list icmp_type 'time-exceeded'
       list icmp_type 'bad-header'
       list icmp_type 'unknown-header-type'
       list icmp_type 'router-solicitation'
       list icmp_type 'neighbour-solicitation'
       list icmp_type 'router-advertisement'
       list icmp_type 'neighbour-advertisement'
       option limit '1000/sec'
       option family 'ipv6'
       option target 'ACCEPT'

config rule
       option name 'Allow-ICMPv6-Forward'
       option src 'wan'
       option dest '*'
       option proto 'icmp'
       list icmp_type 'echo-request'
       list icmp_type 'echo-reply'
       list icmp_type 'destination-unreachable'
       list icmp_type 'packet-too-big'
       list icmp_type 'time-exceeded'
       list icmp_type 'bad-header'
       list icmp_type 'unknown-header-type'
       option limit '1000/sec'
       option family 'ipv6'
       option target 'ACCEPT'

config rule
       option name 'Allow-IPSec-ESP'
       option src 'wan'
       option dest 'lan'
       option proto 'esp'
       option target 'ACCEPT'

config rule
       option name 'Allow-ISAKMP'
       option src 'wan'
       option dest 'lan'
       option dest_port '500'
       option proto 'udp'
       option target 'ACCEPT'

config include
       option path '/etc/firewall.user'

config zone
       option name 'glanzone'
       option input 'ACCEPT'
       option output 'ACCEPT'
       option network 'G_LAN'
       option forward 'ACCEPT'

config forwarding
       option dest 'lan'
       option src 'glanzone'

/etc/config/network:

root@OpenWrt:/etc/config# cat network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fddf:f528:f198::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.10.253'
        option gateway '192.168.10.254'
        option dns '192.168.10.254'

config interface 'wan'
        option ifname 'eth1'
        option proto 'dhcp'

config interface 'wan6'
        option ifname 'eth1'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 0t'

config interface 'G_LAN'
        option proto 'static'
        option ifname 'eth0'
        option ipaddr '10.10.10.254'
        option netmask '255.255.255.0'
        option gateway '192.168.10.254'
        option dns '192.168.10.254'
        option type 'bridge'

/etc/config/wireless:

root@OpenWrt:/etc/config# cat wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11g'
        option path 'pci0000:00/0000:00:00.0'
        option channel 'auto'
        option htmode 'HT40'
        option legacy_rates '1'
        option country 'DE'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'LummTest'
        option encryption 'psk2'
        option key '<secret>'

config wifi-iface
        option device 'radio0'
        option mode 'ap'
        option ssid 'GastTest'
        option network 'G_LAN'
        option encryption 'psk2'
        option key '<secret>'
        option isolate '1'

and finally /etc/config/dhcp:

root@OpenWrt:/etc/config# cat dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option ignore '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'G_LAN'
        option start '100'
        option leasetime '12h'
        option limit '150'
        option interface 'G_LAN'

config dhcp 'test'
        option start '100'
        option leasetime '12h'
        option limit '150'
        option interface 'test'

This "test" interface was only created to be able to replicate the steps I actually did...I deleted it already.

Thanks in advance, I hope you can help me again

Don't do that. You need those processes running for the IoT. dnsmasq serves DHCP addresses, and firewall will forward the packets. You do change the configuration so they are not active on LAN.

Well I'll be dammed.
After reactivating the 3 services it works !
But earlier I was told that I need to get the "dumb ap" working first. And in phaes 6 the guide says "In the top menu go to System → Startup, and disable firewall, dnsmasq and odhcpd in the list of startup scripts.". Infact you supported that.
Oh well, ok.

I know now, thank you very much, again !

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.