I can access the internet using my pc connected to the router (configured as above with the link). However, when I ssh to it and run opkg update I get connection failed to establish. If I change it back to a router and connect it directly to my modem it works.
I don't want to have to do this every time. Is there a way to setup my router as a switch and still install packages?
You shouldn't need to change anything, there seems to be something wrong with your configuration. Log into the device, execute "ping www.google.com", and post the results here.
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option src_ip fc00::/6
option dest_ip fc00::/6
option dest_port 546
option family ipv6
option target ACCEPT
config rule
option name Allow-MLD
option src wan
option proto icmp
option src_ip fe80::/10
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family ipv6
option target ACCEPT
Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
include a file with users custom iptables rules
config include
option path /etc/firewall.user
EXAMPLE CONFIG SECTIONS
do not allow a specific ip to access wan
#config rule
option src lan
option src_ip 192.168.45.2
option dest wan
option proto tcp
option target REJECT
block a specific mac on wan
#config rule
option dest wan
option src_mac 00:11:22:33:44:66
option target REJECT
block incoming ICMP traffic on a zone
#config rule
option src lan
option proto ICMP
option target DROP
port redirect port coming in on wan to lan
#config redirect
option src wan
option src_dport 80
option dest lan
option dest_ip 192.168.16.235
option dest_port 80
option proto tcp
port redirect of remapped ssh port (22001) on wan
#config redirect
option src wan
option src_dport 22001
option dest lan
option dest_port 22
option proto tcp
allow IPsec/ESP and ISAKMP passthrough
config rule
option src wan
option dest lan
option proto esp
option target ACCEPT
config rule
option src wan
option dest lan
option dest_port 500
option proto udp
option target ACCEPT
Delete this whole section?
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '6'
option vid '2'
I can still access the internet if I connect from my main router to the wan port and then connect a cable from the LAN port to my pc. This is why I thought I had it in dumb ap mode as it didn't work this way when I first flashed lede to the router. I'm confused about how to properly configure it to work as a switch.
Still isn't working, I did a fresh install of lede.
With the following settings, I think I'm able to use the wan as a lan port. I plug in a cable from my main router to the wan port on this router. I plug in a lan port from this router to my pc. Internet works fine.
The only things I changed were the following.
Interfaces-Lan
Set static ip address to 192.168.1.201
net mask to 255.255.255.0
gateway to 192.168.1.1 (the weird thing is it doesn't seem to matter what I input for the gateway, I'm still able to access the internet even when there's no ip)
Ignore interface Disable DHCP for this interface. (box is checked)
Network-Switch
Vlan ID 1: Wan to untagged
Vlan ID 2: Wan to off
The problem with using WAN instead of LAN to connect your main router is that you are double-natting. Every devices connected to the main router will not reach devices connected to your EA3500.
Can you try to put your LAN interface in DHCP client and connect your main router to LAN of EA3500? Disable DHCP server on LAN interface also.
root@LEDE:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
root@LEDE:~#
root@LEDE:~# cat /etc/resol.conf
cat: can't open '/etc/resol.conf': No such file or directory
root@LEDE:~#
I configured the router using luci.
The ip of the router connected to my modem is 192.168.1.1
The ip of the router I want to set up as a switch and which I can't use okpg update is 192.168.1.201
Based on the above: you have not defined DNS server and Gateway in the "dumb AP" router itself.
PC gets DNS and gateway via DHCP from the main router, so routing works.
Dumb AP itself has static IP address but no gateway and no DNS, so apps/services running in the dumb AP itself fail.
In your later message, you seem to have added gateway, but you need to add DNS, too. It should also be the main router at 192.168.1.1 (or a public DNS server somewhere)
It is not actually about setting a "custom DNS" but setting at least some DNS. Earlier you had no DNS defined, so all name lookups performed by the dumb AP would fail.
You configure your dumb AP to use the DNS server running in the "main router".
PCs gets the DNS address in the DHCP messages, and likely uses similarly the main router's DNS server (at least if DHCP server runs in the main router).
The main router has got it own info about upstream ISP DNS servers via DHCP at the same time it got its own wan IP address. Likely that is your ISPs DNS servers that will be used.