Guest wifi not able to connect to wan

Installing and Using OpenWrt Network and Wireless Configuration
1

guest client is able to get an ip address, but not able to reach the internet.
mostly using this guide

ping 1.1.1.1 says no route to host

configuration files

config interface 'guest'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.7.1'

config dhcp 'guest'              
        option interface 'guest' 
        option start '100'      
        option limit '150'      
        option leasetime '1h'   
                                
config zone 'guest'                  
        option name 'guest'          
        option network 'guest'       
        option output 'ACCEPT'       
        option log_limit '100'       
        option log '1'               
        option input 'REJECT'         
        option forward 'REJECT'       
                                      
config forwarding 'guest_wan'         
        option src 'guest'            
        option dest 'wan'             
                                      
config rule 'guest_dns'               
        option name 'Allow-DNS-Guest' 
        option src 'guest'            
        option dest_port '53'         
        option target 'ACCEPT'        
        list proto 'tcp'              
        list proto 'udp'              
                                      
config rule 'guest_dhcp'              
        option name 'Allow-DHCP-Guest'
        option src 'guest'            
        option family 'ipv4'    
        option proto 'udp'      
        option target 'ACCEPT'  
        option dest_port '67-68'
2

Post the output:

ip address show; ip route show; ip rule show; iptables-save; \
uci show network; uci show wireless; uci show dhcp; uci show firewall
3

ip route show

default via 73.71.xxx dev eth0.2  src 73.71.xxx 
73.71.xxx/23 dev eth0.2 scope link  src 73.71.xxx 
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1 
192.168.7.0/24 dev wlan1-1 scope link  src 192.168.7.1

ip rule show

0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default

uci show network

network.lan=interface
network.lan.type='bridge'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.wan=interface
network.wan.ifname='eth0.2'
network.wan.proto='dhcp'
network.wan6=interface
network.wan6.ifname='eth0.2'
network.wan6.proto='dhcpv6'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].vid='1'
network.@switch_vlan[0].ports='1 2 3 4 6t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='0t 5'
network.@switch_vlan[1].vid='2'
network.guest=interface
network.guest.proto='static'
network.guest.netmask='255.255.255.0'
network.guest.ipaddr='192.168.7.1'

uci show dhcp

dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra='server'
dhcp.lan.ra_management='1'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
dhcp.guest=dhcp
dhcp.guest.interface='guest'
dhcp.guest.start='100'
dhcp.guest.limit='150'
dhcp.guest.leasetime='1h'

uci show firewall

firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[0].network='lan'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].network='wan wan6'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
..
firewall.guest=zone
firewall.guest.name='guest'
firewall.guest.network='guest'
firewall.guest.output='ACCEPT'
firewall.guest.log_limit='100'
firewall.guest.log='1'
firewall.guest.input='REJECT'
firewall.guest.forward='REJECT'
firewall.guest_wan=forwarding
firewall.guest_wan.src='guest'
firewall.guest_wan.dest='wan'
firewall.guest_dns=rule
firewall.guest_dns.name='Allow-DNS-Guest'
firewall.guest_dns.src='guest'
firewall.guest_dns.dest_port='53'
firewall.guest_dns.target='ACCEPT'
firewall.guest_dns.proto='tcp' 'udp'
firewall.guest_dhcp=rule
firewall.guest_dhcp.name='Allow-DHCP-Guest'
firewall.guest_dhcp.src='guest'
firewall.guest_dhcp.family='ipv4'
firewall.guest_dhcp.proto='udp'
firewall.guest_dhcp.target='ACCEPT'
firewall.guest_dhcp.dest_port='67-68'

looking athe firewall config, does it handle @zone and guest at the same time?

4

Check network config/status on the guest.

OpenWrt firewall ignores section names, i.e. firewall.guest is the same as firewall.@zone[2].

5

Do you mean check on the client that I connected to the guest network? What exactly should I check? It is a macbook. It has a 192.168.7.x addr and sees the router as 192.168.7.1. I can go to the openwrt ui on 192.168.7.1. There is no internet access from the macbook.

6
7

When I connect to the main wifi, things are fine. When I connect to the guest wifi, I can unable to reach the internet. So what is missing on my router to forward the packets to the internet? I think the firewall rules are set up correctly to forward guest --> wan.

8

The configs look normal, at least the parts you have posted.

# OpenWrt
opkg update
opkg install tcpdump
tcpdump -n -i any icmp

# Guest client
ping -w 3 example.org
ping -w 3 8.8.8.8
9

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.