wrt90
August 16, 2020, 3:51pm
1
guest client is able to get an ip address, but not able to reach the internet.
mostly using this guide
ping 1.1.1.1 says no route to host
configuration files
config interface 'guest'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.7.1'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '1h'
config zone 'guest'
option name 'guest'
option network 'guest'
option output 'ACCEPT'
option log_limit '100'
option log '1'
option input 'REJECT'
option forward 'REJECT'
config forwarding 'guest_wan'
option src 'guest'
option dest 'wan'
config rule 'guest_dns'
option name 'Allow-DNS-Guest'
option src 'guest'
option dest_port '53'
option target 'ACCEPT'
list proto 'tcp'
list proto 'udp'
config rule 'guest_dhcp'
option name 'Allow-DHCP-Guest'
option src 'guest'
option family 'ipv4'
option proto 'udp'
option target 'ACCEPT'
option dest_port '67-68'
Post the output:
ip address show; ip route show; ip rule show; iptables-save; \
uci show network; uci show wireless; uci show dhcp; uci show firewall
wrt90
August 16, 2020, 6:23pm
3
ip route show
default via 73.71.xxx dev eth0.2 src 73.71.xxx
73.71.xxx/23 dev eth0.2 scope link src 73.71.xxx
192.168.1.0/24 dev br-lan scope link src 192.168.1.1
192.168.7.0/24 dev wlan1-1 scope link src 192.168.7.1
ip rule show
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
uci show network
network.lan=interface
network.lan.type='bridge'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.wan=interface
network.wan.ifname='eth0.2'
network.wan.proto='dhcp'
network.wan6=interface
network.wan6.ifname='eth0.2'
network.wan6.proto='dhcpv6'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].vid='1'
network.@switch_vlan[0].ports='1 2 3 4 6t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='0t 5'
network.@switch_vlan[1].vid='2'
network.guest=interface
network.guest.proto='static'
network.guest.netmask='255.255.255.0'
network.guest.ipaddr='192.168.7.1'
uci show dhcp
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra='server'
dhcp.lan.ra_management='1'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
dhcp.guest=dhcp
dhcp.guest.interface='guest'
dhcp.guest.start='100'
dhcp.guest.limit='150'
dhcp.guest.leasetime='1h'
uci show firewall
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[0].network='lan'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].network='wan wan6'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
..
firewall.guest=zone
firewall.guest.name='guest'
firewall.guest.network='guest'
firewall.guest.output='ACCEPT'
firewall.guest.log_limit='100'
firewall.guest.log='1'
firewall.guest.input='REJECT'
firewall.guest.forward='REJECT'
firewall.guest_wan=forwarding
firewall.guest_wan.src='guest'
firewall.guest_wan.dest='wan'
firewall.guest_dns=rule
firewall.guest_dns.name='Allow-DNS-Guest'
firewall.guest_dns.src='guest'
firewall.guest_dns.dest_port='53'
firewall.guest_dns.target='ACCEPT'
firewall.guest_dns.proto='tcp' 'udp'
firewall.guest_dhcp=rule
firewall.guest_dhcp.name='Allow-DHCP-Guest'
firewall.guest_dhcp.src='guest'
firewall.guest_dhcp.family='ipv4'
firewall.guest_dhcp.proto='udp'
firewall.guest_dhcp.target='ACCEPT'
firewall.guest_dhcp.dest_port='67-68'
looking athe firewall config, does it handle @zone and guest at the same time?
Check network config/status on the guest.
OpenWrt firewall ignores section names, i.e. firewall.guest
is the same as firewall.@zone[2]
.
wrt90
August 16, 2020, 6:48pm
5
Do you mean check on the client that I connected to the guest network? What exactly should I check? It is a macbook. It has a 192.168.7.x addr and sees the router as 192.168.7.1. I can go to the openwrt ui on 192.168.7.1. There is no internet access from the macbook.
wrt90
August 16, 2020, 7:38pm
7
When I connect to the main wifi, things are fine. When I connect to the guest wifi, I can unable to reach the internet. So what is missing on my router to forward the packets to the internet? I think the firewall rules are set up correctly to forward guest --> wan.
The configs look normal, at least the parts you have posted.
# OpenWrt
opkg update
opkg install tcpdump
tcpdump -n -i any icmp
# Guest client
ping -w 3 example.org
ping -w 3 8.8.8.8
system
Closed
November 2, 2023, 8:37pm
9
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.