Help with simple routing

Hello, I just tried LEDE for a simple routed access point, and it doen't seem to route.

I already have a pfsense router (x86 PC), I put the LEDE (DIR-615) behind in order to get some WiFi, here's how the LEDE is configuerd:
-No NAT masquerade nor firewall, the pfsense is taking care of it
-Eth0 switch, eth1 WAN and the main wifi SSID are bridged together, so that no routing is required (it works).
-The guest wifi is not bridged, it has an IP and DHCP.
-the pfsense gateway has a static route to the guest wifi network

The problem is that no packets from the guest wifi goes through the router, like if the router was not forwarding packets. I can't even access directly connected networks.

Could some one tell me If I missed something, I configured using LuCI, but I could provide you the uci show:

dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].boguspriv='1'
dhcp.@dnsmasq[0].filterwin2k='0'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].nonegcache='0'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
dhcp.@dnsmasq[0].localservice='1'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra='server'
dhcp.lan.ignore='1'
dhcp.lan.ra_management='1'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.MAIN_AP=dhcp
dhcp.MAIN_AP.leasetime='12h'
dhcp.MAIN_AP.interface='MAIN'
dhcp.MAIN_AP.start='2'
dhcp.MAIN_AP.limit='14'
dhcp.GUEST=dhcp
dhcp.GUEST.interface='GUEST'
dhcp.GUEST.start='66'
dhcp.GUEST.limit='70'
dhcp.GUEST.leasetime='4h'
dhcp.GUEST.dhcp_option='6,8.8.8.8'
dropbear.@dropbear[0]=dropbear
dropbear.@dropbear[0].PasswordAuth='on'
dropbear.@dropbear[0].Port='22'
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
luci.main=core
luci.main.lang='auto'
luci.main.mediaurlbase='/luci-static/bootstrap'
luci.main.resourcebase='/luci-static/resources'
luci.flash_keep=extern
luci.flash_keep.uci='/etc/config/'
luci.flash_keep.dropbear='/etc/dropbear/'
luci.flash_keep.openvpn='/etc/openvpn/'
luci.flash_keep.passwd='/etc/passwd'
luci.flash_keep.opkg='/etc/opkg.conf'
luci.flash_keep.firewall='/etc/firewall.user'
luci.flash_keep.uploads='/lib/uci/upload/'
luci.languages=internal
luci.sauth=internal
luci.sauth.sessionpath='/tmp/luci-sessions'
luci.sauth.sessiontime='3600'
luci.ccache=internal
luci.ccache.enable='1'
luci.themes=internal
luci.themes.Bootstrap='/luci-static/bootstrap'
luci.diag=internal
luci.diag.dns='lede-project.org'
luci.diag.ping='lede-project.org'
luci.diag.route='lede-project.org'
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd50:630d:b826::/48'
network.lan=interface
network.lan.type='bridge'
network.lan._orig_ifname='eth0'
network.lan._orig_bridge='true'
network.lan.proto='static'
network.lan.ifname='eth0 eth1'
network.lan.ipaddr='10.0.0.3'
network.lan.netmask='255.255.255.0'
network.lan.gateway='10.0.0.1'
network.lan.dns='8.8.8.8 8.8.4.4'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='1 2 3 4 0'
network.MAIN_AP=interface
network.MAIN_AP._orig_ifname='radio0.network1'
network.MAIN_AP._orig_bridge='false'
network.MAIN_AP.proto='none'
network.GUEST=interface
network.GUEST._orig_ifname='radio0.network2'
network.GUEST._orig_bridge='false'
network.GUEST.proto='static'
network.GUEST.ipaddr='10.0.1.65'
network.GUEST.netmask='255.255.255.248'
network.GUEST.gateway='10.0.0.1'
network.GUEST.dns='8.8.8.8 8.8.4.4'
network.@route[0]=route
system.@system[0]=system
system.@system[0].hostname='LEDE'
system.@system[0].ttylogin='0'
system.@system[0].log_size='64'
system.@system[0].urandom_seed='0'
system.@system[0].zonename='America/Toronto'
system.@system[0].timezone='EST5EDT,M3.2.0,M11.1.0'
system.@system[0].log_proto='udp'
system.@system[0].conloglevel='8'
system.@system[0].cronloglevel='8'
system.ntp=timeserver
system.ntp.enabled='1'
system.ntp.server='10.0.0.23'
system.led_wan=led
system.led_wan.name='WAN'
system.led_wan.sysfs='d-link:green:wan'
system.led_wan.trigger='netdev'
system.led_wan.mode='link tx rx'
system.led_wan.dev='eth1'
system.led_wlan=led
system.led_wlan.name='WLAN'
system.led_wlan.sysfs='d-link:green:wlan'
system.led_wlan.trigger='phy0tpt'
ucitrack.@network[0]=network
ucitrack.@network[0].init='network'
ucitrack.@network[0].affects='dhcp' 'radvd'
ucitrack.@wireless[0]=wireless
ucitrack.@wireless[0].affects='network'
ucitrack.@firewall[0]=firewall
ucitrack.@firewall[0].init='firewall'
ucitrack.@firewall[0].affects='luci-splash' 'qos' 'miniupnpd'
ucitrack.@olsr[0]=olsr
ucitrack.@olsr[0].init='olsrd'
ucitrack.@dhcp[0]=dhcp
ucitrack.@dhcp[0].init='dnsmasq'
ucitrack.@dhcp[0].affects='odhcpd'
ucitrack.@odhcpd[0]=odhcpd
ucitrack.@odhcpd[0].init='odhcpd'
ucitrack.@dropbear[0]=dropbear
ucitrack.@dropbear[0].init='dropbear'
ucitrack.@httpd[0]=httpd
ucitrack.@httpd[0].init='httpd'
ucitrack.@fstab[0]=fstab
ucitrack.@fstab[0].init='fstab'
ucitrack.@qos[0]=qos
ucitrack.@qos[0].init='qos'
ucitrack.@system[0]=system
ucitrack.@system[0].init='led'
ucitrack.@system[0].affects='luci_statistics'
ucitrack.@luci_splash[0]=luci_splash
ucitrack.@luci_splash[0].init='luci_splash'
ucitrack.@upnpd[0]=upnpd
ucitrack.@upnpd[0].init='miniupnpd'
ucitrack.@ntpclient[0]=ntpclient
ucitrack.@ntpclient[0].init='ntpclient'
ucitrack.@samba[0]=samba
ucitrack.@samba[0].init='samba'
ucitrack.@tinyproxy[0]=tinyproxy
ucitrack.@tinyproxy[0].init='tinyproxy'
uhttpd.main=uhttpd
uhttpd.main.listen_http='0.0.0.0:80' '[::]:80'
uhttpd.main.listen_https='0.0.0.0:443' '[::]:443'
uhttpd.main.redirect_https='1'
uhttpd.main.home='/www'
uhttpd.main.rfc1918_filter='1'
uhttpd.main.max_requests='3'
uhttpd.main.max_connections='100'
uhttpd.main.cert='/etc/uhttpd.crt'
uhttpd.main.key='/etc/uhttpd.key'
uhttpd.main.cgi_prefix='/cgi-bin'
uhttpd.main.script_timeout='60'
uhttpd.main.network_timeout='30'
uhttpd.main.http_keepalive='20'
uhttpd.main.tcp_keepalive='1'
uhttpd.main.ubus_prefix='/ubus'
uhttpd.defaults=cert
uhttpd.defaults.days='730'
uhttpd.defaults.bits='2048'
uhttpd.defaults.country='ZZ'
uhttpd.defaults.state='Somewhere'
uhttpd.defaults.location='Unknown'
uhttpd.defaults.commonname='LEDE'
wireless.radio0=wifi-device
wireless.radio0.type='mac80211'
wireless.radio0.hwmode='11g'
wireless.radio0.path='platform/ath9k'
wireless.radio0.htmode='HT40'
wireless.radio0.country='CA'
wireless.radio0.distance='20'
wireless.radio0.channel='auto'
wireless.@wifi-iface[0]=wifi-iface
wireless.@wifi-iface[0].device='radio0'
wireless.@wifi-iface[0].mode='ap'
wireless.@wifi-iface[0].ssid='MAIN'
wireless.@wifi-iface[0].encryption='psk2+ccmp'
wireless.@wifi-iface[0].key='XXXX'
wireless.@wifi-iface[0].network='MAIN_AP lan'
wireless.@wifi-iface[1]=wifi-iface
wireless.@wifi-iface[1].device='radio0'
wireless.@wifi-iface[1].mode='ap'
wireless.@wifi-iface[1].ssid='GUEST'
wireless.@wifi-iface[1].network='GUEST'
wireless.@wifi-iface[1].encryption='psk2+ccmp'
wireless.@wifi-iface[1].key='XXXX'

Thanks!

Reading config files is much easier than reading results from "uci show"... please post config files instead.
Anyway, looks like your firewall config contains just these directives:
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'

Where are you configuring forwarding / masquerading then?

I tought I might have a routing problem but the route is in the pfsense and even when I add a route directly in the client it doesn't reply, I only get ICMP ping "no response found".

When I ping from GUEST 10.0.1.65 to LAN 10.0.0.20, I get "Request timed out." and I capture the following ICMP packet on 10.0.0.20: "no response found"

Here are the config:

root@LEDE:/etc/config# cat network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd30:860d:c857::/48'

config interface 'lan'
        option type 'bridge'
        option _orig_ifname 'eth0'
        option _orig_bridge 'true'
        option proto 'static'
        option ifname 'eth0 eth1'
        option ipaddr '10.0.0.3'
        option netmask '255.255.255.0'
        option gateway '10.0.0.1'
        option dns '8.8.8.8 8.8.4.4'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 0'

config interface 'MAIN'
        option _orig_ifname 'radio0.network1'
        option _orig_bridge 'false'
        option proto 'none'

config interface 'GUEST'
        option _orig_ifname 'radio0.network2'
        option _orig_bridge 'false'
        option proto 'static'
        option ipaddr '10.0.1.65'
        option netmask '255.255.255.248'
        option gateway '10.0.0.1'
        option dns '8.8.8.8 8.8.4.4'

config route

root@LEDE:/etc/config# cat firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config include
        option path '/etc/firewall.user'

config zone
        option input 'ACCEPT'
        option output 'ACCEPT'
        option name 'LAN'
        option forward 'REJECT'
        option network 'lan'

config zone
        option input 'ACCEPT'
        option output 'ACCEPT'
        option name 'GUEST'
        option forward 'REJECT'
        option network 'GUEST'

config forwarding
        option dest 'LAN'
        option src 'GUEST'

config forwarding
        option dest 'GUEST'
        option src 'LAN'

root@LEDE:/etc/config# cat wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11g'
        option path 'platform/ath9k'
        option htmode 'HT40'
        option country 'CA'
        option distance '20'
        option channel 'auto'

config wifi-iface
        option device 'radio0'
        option mode 'ap'
        option ssid 'MAIN'
        option encryption 'psk2+ccmp'
        option key 'XXXX'
        option network 'MAIN lan'

config wifi-iface
        option device 'radio0'
        option mode 'ap'
        option ssid 'GUESTP'
        option network 'GUEST'
        option encryption 'psk2+ccmp'
        option key 'XXXX'

root@LEDE:/etc/config# cat dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option dhcpv6 'server'
        option ra 'server'
        option ignore '1'
        option ra_management '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'

config dhcp 'MAIN'
        option leasetime '12h'
        option interface 'MAIN'
        option start '2'
        option limit '14'

config dhcp 'GUEST'
        option interface 'GUEST'
        option start '66'
        option limit '70'
        option leasetime '4h'
        list dhcp_option '6,8.8.8.8'

Did you ever figure this out? It seems like you have wan configured in dhcp settings but there is no wan interface in your network settings.