Following the guide does not lead to workig Guest WiFi (= no internet access) . I think the problem are this instructions in the firewall section of he guide:
Allow forward to destination zone: wan. These screenshots are not accurate! Setting to lan might have worked on OpenWrt 18.06 but it has to be wan on OpenWrt 23.05. It should look as follows, except that guest ⇒ lan should be guest ⇒ wan:
Solution (working for me):
On my R7800, forwarding traffic from "guest" to "wan" leads to nowhere.
Following the guide and / but
Forwarding to "lan" instead of "wan"
Could please one of the people with real knowledge review the guide
and maybe explain whats going on, and why?
EXTRA - Maybe please also explain why one must set "masquarading" in the firewall at "lan" to "wan"
For me it seems clear that WAN is not used in this szenario, and that the upstream traffic flows in LAN upstream only. Traffic send to WAN .. lost.
thx 4 clarifying for a beginner like me.
I can offer to upgrade the guide with actuall screenshots and proper instructions if I am sure what to write / explain / instruct.
I will investigate further, but, following the detail guide to create a 'dumb AP' in the openwrt guide section has an option to delete WAN completly.
I think that guest wlan on an dumbAP is based on creating an new wlan and a new interface (with own dhcp, ip range, fw zone) that forwards its traffic to LAN und uses the default gateway in LAN. I even think that nat/masquarading is used, similar to the LAN to WAN szenario
WAN Port / Zone seems to be unused in dumbAP szenario generally.
Then you can't have a fully isolated guest wifi on a remote 'dumb' AP.
That's not how it works. You'll be able to prevent devices on the guest wifi accessing the dumb ap, but by forwarding to the LAN they'll have access to any devices on the LAN (as well as the main router unless access to that is blocked by local firewall rules).
The guest wifi on a dumb ap guide is accurate, as far as I remember - I will try to review later.
There is no wan connection for a dumb ap, so the zone forwarding from guest > lan. LAN masquerading must be enabled.
If the desire is to isolate the guest network, a firewall rule must be added to drop/reject connections from the guest zone to there entire subnet of the upstream (lan) network. For example 192.168.1.0/24.
@mopsza - please post your configs. We can help fix the problem, but more importantly trace where there was one or more missing/missed or incorrect/incorrectly implemented step in the process.
i needed some time to get through.
I can confirm that all WAN related settings are irrelevant and can be deleted in the "dumb AP" szenario. In "dumb AP" szenario (with or without guest WiFi) all (LAN) traffic is send to the Standard Gateway (which resides on another router that has WAN access).
Your topic describes that one can reclaim physical router ports to LAN. Thats right, as WAN is not needed in dumbAP szenario.
You state that the instructions in the guides do not cover wwan topic. Thats true for the time 3 days ago. Please revisit the dumbAP + Guest guide. I added some more Info to explain HOW things are done and also mention that one can delete all WAN traces without loosing any functionality.
Not sure if there was a question or if I answered one.
Just let me know