Hm, yes. I followed your instruction exactly and it did indeed work.
The sad part is I don't understand why, but that's my problem.
Just FYI: I also did the way where I not create a new interface under network -> interfaces but while configuring the new wireless network (checkbox at "create" and then typing in the new network name). Following the rest of your steps worked as well, then.
Thank you guys, again, for helping me, it works now.
Flippin' heck.
I just redid the whole configuration (trying to understand it better), I'm pretty sure I did it exactly like before. But now if I'm trying to join my wireless IOT net, I get stuck at getting an ip adress. Like DHCP isn't running. Even if I restore the backup I made while it was actually working, it doenst work.
I'm sorry...but I gotta ask again
I reset the device
typed in the new password twice
set the ip adress of LAN (192.168.10.253 /24, Gateway and DNS 192.168.10.254 (my isp modem router), deactivated dhcp and ipv6 functions (save and apply)
logged in with the new ip adress, created my internal wireless network, set up all the settings (save and apply) and tested it sucessfully
deactivated firewall, dnsmasq and odhpcd, rebootet the device via gui
went into network - interfaces and created a new interface, named "G_LAN", physical connection eth0 (I changed nothing, Submit)
set up the ip address (10.10.10.254 /24, GW and DNS still 192.168.10.254) (hit save)
activated dhcp on this network, start at 100, max 150 leases
went in the next tab to firewall settings, created a new zone called "glanzone" (save and apply)
went to the network > firewall section, edited the "glanzone"-zone, changed "forward" to accept, allowed LAN as forwarded destination zone (save and apply)
checked both boxes "masquerade" and "MSS clamp" at the "LAN"- interface, removed it from the "WAN" zone (save and apply)
went into my wireless settings, created a new wireless network + SSID and assigned "G_LAN" as its network (save) then I went into advanced settings and activated Client Isolation (save and apply)
Then I was trying to test it and oh look, it doesn't work. What have I done wrong? Tried rebooting the device with no success. The internal wireless network is still working fine. Please, I'm going crazy over this
/etc/config/firewall:
root@OpenWrt:/etc/config# cat firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
option masq '1'
option mtu_fix '1'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option network 'wan wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option name 'glanzone'
option input 'ACCEPT'
option output 'ACCEPT'
option network 'G_LAN'
option forward 'ACCEPT'
config forwarding
option dest 'lan'
option src 'glanzone'
Don't do that. You need those processes running for the IoT. dnsmasq serves DHCP addresses, and firewall will forward the packets. You do change the configuration so they are not active on LAN.
Well I'll be dammed.
After reactivating the 3 services it works !
But earlier I was told that I need to get the "dumb ap" working first. And in phaes 6 the guide says "In the top menu go to System → Startup, and disable firewall, dnsmasq and odhcpd in the list of startup scripts.". Infact you supported that.
Oh well, ok.