General traffic routing between interfaces

I am trying to make a WAP work "backwards". Wireless is a CLIENT for internet access, and the ethernet is NAT/DHCP server for the LAN.

I (temporarily) opened up firewall by adding several ACCEPTS for traffic WWAN <--> LAN, where WWAN is wireless interface, and LAN is my ethernet interface.

OpenWRT is not sending traffic through. I can ssh to OpenWRT. From the OpenWRT device I can see the internet. I can ping the upstream router.

From my laptop (which I used to ssh into OpenWRT), I AM getting DNS from OpenWRT, but I cannot connect beyond the OpenWRT device. I cannot ping the next step up stream (OpenWRT's upstream router)

Seems like traffic from LAN is not forwarding/masquarading to WWAN (my new zone).

Where can I look?
Is there an IPtable dump I should provide?
NAT configuration?

Most likely cause is that stock firewall was set up to NAT traffic from wifi network to ethernet upstream. When I switched to where I want ethnernet LAN to NAT to wifi upstream, something needs to change in the firewall to allow such traffic that I did not do.

making progress. It looks like I want masquerading checked for wwan --> lan. not the other way?

Masquerading must be checked on the destination zone, wan / wwan in this case.

Actually you don't need a new zone, or even a new network. Remove the ethernet port from the existing wan, attach wifi client instead. That's all you need unless there is an address conflict. The wan and lan must be different IP subnets.

Have a look at this guide:

1 Like