The LAN zone should probably not have this feature enabled. Disable masquerading unless there is a specific reason you are using it.
You only have one LAN, so you cannot selectively enable DHCP -- it's either al or none.
2 Likes
Also remove the gateway from the lan interface, it is wrong. The dns should be only in wan interface, where they are reachable from, not in lan.
Other than that if you don't like the IP instead of the IP address, you can create a domain entry in dhcp for the IP to resolve to a hostname, like you have:
2 Likes
Before making changes it is necessary that I explain my configuration:
vodafone station router with gateway 192.168.1.1 on which is attached in cascade on WAN port an AR750s ext router with OPENWRT firmware and gateway 192.168.8.1
the wireless I use is the one configured on the AR750S router.
I can not disable the "Masquerading" because both 2.4G and 5G connections result with "LIMITED ACCESS" making it impossible to navigate.
I don't understand what this means.
You are creating a double-NAT situation on your network. Is there a reason for you want to do this? Since the OpenWrt router is functioning in normal routing mode, it is very uncommon for the lan to be masqueraded (the WAN is typically the zone that would have masquerading enabled) You might be better off with a dumb-AP configuration.
3 Likes
the reason why I daisy chained the AR750s router with OPENWRT FIRMWARE is because I had the desire to use the openwrt firmware which could not be flashed on vodafone station.
Ok... so that's fine. Although the double-NAT is not ideal, it is manageable.
If your Vodafone station can operate in a bridge mode, that is the better situation. But if not, you can just use the OpenWrt router in a normal routing mode.
OpenWrt's default configuration should work perfectly except for the fact that you need to change the LAN IP address/subnet of the OpenWrt router so that it doesn't overlap with the Vodafone one. Obviously you have done that since you are using 192.168.8.0/24. However, there should be no other changes necessary for it to work. The WAN should be masqueraded and the LAN should not be masqueraded. If things are not working properly in that situation, you must have made other changes that are causing the issue.
4 Likes
You were very clear and thanks to you I'm understanding things I didn't know.
I made changes to the "firewall" configuration just as you indicated.
They rhyme the WAN configuration "static" and despite the changes made the robot can not hook up to the router openwrt.
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option output 'ACCEPT'
option synflood_protect '1'
option drop_invalid '1'
option forward 'REJECT'
option input 'ACCEPT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option mtu_fix '1'
option forward 'REJECT'
option input 'ACCEPT'
option masq '1'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config redirect
option dest_port '80'
option src 'wan'
option name 'Porta 80'
option src_dport '80'
option target 'DNAT'
option dest 'lan'
option dest_ip '192.168.8.124'
config redirect
option dest_port '443'
option src 'wan'
option name 'Porta 443'
option src_dport '443'
option target 'DNAT'
option dest 'lan'
option dest_ip '192.168.8.124'
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11a'
option path 'pci0000:00/0000:00:00.0'
option cell_density '0'
option channel '36'
option htmode 'HT40'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option key 'xxxxxxxxxxxxxxxxxxxxxxxxxxx'
option encryption 'psk2'
option network 'lan'
option ssid 'xxx'
option macfilter 'allow'
list maclist '02:xxxxxx:A1'
list maclist '08:xxxxx:xB'
list maclist 'Cxxxxxxx:19'
list maclist 'Dxxxxxxxxxx3'
option ieee80211w '1'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11g'
option channel 'auto'
option path 'platform/ahb/18100000.wmac'
option cell_density '0'
option htmode 'HT40'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option encryption 'psk2'
option ssid 'xxxxx'
option key 'xxxxxxxxxxl'
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option noresolv '1'
option confdir '/tmp/dnsmasq.d'
list server '127.0.0.1#5253'
list server '/pool.ntp.org/8.8.8.8'
option readethers '1'
config dhcp 'lan'
option interface 'lan'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
option ignore '1'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'wan'
option interface 'wan'
option start '100'
option limit '150'
option leasetime '12h'
option force '1'
list ra_flags 'none'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config domain
option name 'xxxxx'
option ip '192.168.8.8'
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option device 'lo'
config globals 'globals'
option ula_prefix 'fd15:25c7:4af7::/48'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.8.1'
option broadcast '192.168.8.255'
option stp '1'
option device 'br-lan'
option defaultroute '0'
config interface 'wan'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.1.100'
option gateway '192.168.1.1'
option broadcast '192.168.1.255'
option device 'eth0.2'
option type 'bridge'
list dns '1.0.0.1'
list dns '1.1.1.1'
config interface 'wan6'
option proto 'dhcpv6'
option device 'eth0.2'
option type 'bridge'
config switch
option name 'switch0'
option reset '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0t 2 3'
option vid '1'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t 1'
option vid '2'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
You have disabled DHCP on lan interface and it is enabled on wan. You may want to reverse that.
2 Likes
YES I corrected, despite this my robot can not hook up to the router openwrt is incredible.
let's see the latest files... network, wireless, DHCP
1 Like
Thank you for your support friends...
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option device 'lo'
config globals 'globals'
option ula_prefix 'fd1xxxxxx7::/48'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.8.1'
option broadcast '192.168.8.255'
option stp '1'
option device 'br-lan'
option defaultroute '0'
config interface 'wan'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.1.100'
option gateway '192.168.1.1'
option broadcast '192.168.1.255'
option device 'eth0.2'
option type 'bridge'
list dns '192.168.8.1'
config interface 'wan6'
option proto 'dhcpv6'
option device 'eth0.2'
option type 'bridge'
config switch
option name 'switch0'
option reset '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0t 2 3'
option vid '1'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t 1'
option vid '2'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option noresolv '1'
option confdir '/tmp/dnsmasq.d'
list server '127.0.0.1#5253'
list server '/pool.ntp.org/8.8.8.8'
option readethers '1'
config dhcp 'lan'
option interface 'lan'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'wan'
option interface 'wan'
option start '100'
option limit '150'
option leasetime '12h'
option force '1'
list ra_flags 'none'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config domain
option name 'xxxxxxx'
option ip '192.168.8.8'
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11a'
option path 'pci0000:00/0000:00:00.0'
option cell_density '0'
option channel '36'
option htmode 'HT40'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
option encryption 'psk2'
option network 'lan'
option ssid 'xxxxxxx'
option macfilter 'allow'
list maclist '02:xxxxxA1'
list maclist '0xxxxxxx:1B'
list maclist 'Cxxxxxxxxx:19'
list maclist 'Dxxxxxxxxx13'
option ieee80211w '1'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11g'
option channel 'auto'
option path 'platform/ahb/18100000.wmac'
option cell_density '0'
option htmode 'HT40'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option encryption 'psk2'
option ssid 'xxxxxxxx'
option key 'xxxxx'
@AnonymousMhl - I think you have a whole bunch of things that are wrong here. For example, you have MAC address filtering on wifi, some odd stuff happening in your DHCP file, and a few other things that could be complicating this whole thing. So I'm going to recommend the following:
- make a backup of your current config. This will be useful as a reference as well as enable a restore directly back to your current state.
- Reset your router to defaults.
- edit only the manadatory settings
-- you need to change your LAN address since the upstream network is 192.168.1.0/24
-- you need to set your wifi SSID and password
-- and then enable wifi
-- don't make any other changes... this way we have the bare minimum configuration.
Once you have this reset-and-minimally-configured setup, then try connecting your NEATO ROBOT to wifi and report back about what happens.
3 Likes