Help with relaying DHCP on a simple network

Howdy.

Just setup openwrt on a pi zero.

In short my network looks like this:

PIZERO (Wifi AP - 192.168.1.1 and USB eth0 - 192.168.0.25 connected to switch1)

  • WIFI AP provides 192.168.1.X
  • The network on switch1 is 192.168.0.X

On switch1 I have another pi 192.168.0.26 that provides DHCP (it works great separate and apart from openwrt!) Just for admin purposes I 'lock down' MACs to IPs so each host has a 'static' IP but given out via DHCP so the openwrt eth0 will show as dhcp below...

I can connect my Android device to the Openwrt AP but can't get my other pi (.26) DHCP server to assign addresses.

I tried to route broadcasts to the 0.X net and tried a DHCP relay settting.

How to get the other DHCP server to service the Android client?

I set 'allow' for all the firewall setting just for testing...

Here's my configs:

root@OpenWrt:~# cat /etc/config/network 

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd03:140d:cd01::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'wlan0'

config interface 'lan'
        option device 'eth0'
        option proto 'dhcp'

config interface 'wwan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

root@OpenWrt:~# cat /etc/config/firewall 

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'
        option masq '1'

config zone
        option name 'wan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'
        list network 'wwan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

root@OpenWrt:~# cat /etc/config/d
dhcp      dropbear
root@OpenWrt:~# cat /etc/config/dhcp 

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config relay
        option local_addr '192.168.1.1'
        option server_addr '192.168.0.26'
        option interface 'lan'

root@OpenWrt:~# ls -ltr  /etc/config/dns*
ls: /etc/config/dns*: No such file or directory

OK - So - I figured this out. With the help of the GUI. I made my best guess based off of some research here and the GUI 'migrated' my settings. I guess it knew what I wanted to do.

Also , in the end this is just called a Bridged AP - https://openwrt.org/docs/guide-user/network/wifi/bridgedap

So, it's a slight variation from my original post. Since I am not an expert on openwrt, it appears then:

  • I don't care about IP addresses of any interface - the bridge has the IP gotten from DHCP ...
  • The bridge definition specifies what device I want to bridge, not all of the devices in the bridge ....

Here's the working config:

root@OpenWrt:~# cat /etc/config/network 

config interface 'loopback'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'
        option device 'lo'

config globals 'globals'
        option ula_prefix 'fd00::/8'

config device 'eth0'
        option name 'eth0'

config interface 'eth_int'
        option proto 'dhcp'
        option device 'br-eth_int'

config device
        option name 'br-eth_int'
        option type 'bridge'
        list ports 'eth0'

Also my Android phone needed to be explictly use 'it's MAC' and not a randomized one; otherwise my DHCP would not recognize it.

Hooray.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.