Hi.
Im using openwrt with Linksys WRT 1900 ACS.
This is in an office environment, there is wifi here.
I want to use the router as a wireless bridge, separating the wifi with the cabled network.
I connected to the wifi via the Wireless Overview in openwrt.
I have two computers connected to the router with cables.
Everything is working out of the box, except network between those two computers, when pinging the local ips I just get timed out .
I do not want network access with the other offices that is using the wifi, only trough the cables, the WIFI is just for internett access.
Please help setting this up, I really dont understand much in the interface.
You'll need to provide more infor for us to help...
How is this device connected to the upstream network (i.e. towards the internet)? Is it connected by the WAN port or a LAN port? What is the device upstream (is it another router, or direct to the internet with a modem, etc.)?
What changes have you made so far?
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
ifconfig
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
1 Like
The only change I've made is connecting to the common router in the office via 5GHZ WiFi in the openwrt interface under wireless overview.
I have two computer connected to my router via Ethernet ports 1 and 2.
Both are getting good internet speeds but local network between these two are not working.
It worked with last setup.
I only want local network between those two computers not with others connected to the common WiFi.
How do I run those commands in windows?
Or can I do it within the openwrt interface?
- Connect your Windows machine to the OpenWrt router with a cable (be sure to connect to a LAN, rather than WAN, port on the router).
- Open Command Line or PowerShell on your Windows machine.
- Type
ssh root@192.168.1.1and hit Enter. (You said you didn't change any of the router's settings, so its IP address should still be192.168.1.1.) - Enter the router password (same password you use when you log into the router via the Web interface) when asked.
If everything went well, you will have command prompt on the router. It will look like this:
BusyBox v1.35.0 (2023-01-03 00:24:21 UTC) built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt 22.03.3, [some gibberish here]
-----------------------------------------------------
root@OpenWrt:~#
1 Like
You'll need to make the wireless uplink into a wan, and then your lan must be on a different subnet. We'll be able to advise on specifics once we can see the configs. @NC1 just provided info about how to get them.
1 Like
Please see attached pictures.
They should be on different subnets already, internet is working on both computer.
They are connected to the first and second lan ports on the router.
They are bridged together automatically. Maybe that is the problem?
=== WARNING! =====================================
There is no root password defined on this device!
Use the "passwd" command to set up a new password
in order to prevent unauthorized SSH logins.
--------------------------------------------------
root@OpenWrt:~# ubus call system board
fconfig
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall{
"kernel": "5.10.146",
"hostname": "OpenWrt",
"system": "ARMv7 Processor rev 1 (v7l)",
"model": "Linksys WRT1900ACS",
"board_name": "linksys,wrt1900acs",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "22.03.2",
"revision": "r19803-9a599fee93",
"target": "mvebu/cortexa9",
"description": "OpenWrt 22.03.2 r19803-9a599fee93"
}
}
root@OpenWrt:~# ifconfig
br-lan Link encap:Ethernet HWaddr
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: Scope:Link
inet6 addr: Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:194485 errors:0 dropped:0 overruns:0 frame:0
TX packets:282290 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:224693751 (214.2 MiB) TX bytes:255856824 (244.0 MiB)
eth0 Link encap:Ethernet HWaddr
inet6 addr:
UP BROADCAST RUNNING MULTICAST MTU:1508 Metric:1
RX packets:298267 errors:0 dropped:0 overruns:0 frame:0
TX packets:282539 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1024
RX bytes:235408295 (224.5 MiB) TX bytes:258139268 (246.1 MiB)
Interrupt:45
lan1 Link encap:Ethernet HWaddr
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:296774 errors:0 dropped:8 overruns:0 frame:0
TX packets:281306 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:228656977 (218.0 MiB) TX bytes:255458413 (243.6 MiB)
lan2 Link encap:Ethernet HWaddr
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1493 errors:0 dropped:33 overruns:0 frame:0
TX packets:1216 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:189444 (185.0 KiB) TX bytes:418877 (409.0 KiB)
lan3 Link encap:Ethernet HWaddr
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lan4 Link encap:Ethernet HWaddr
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:8691 errors:0 dropped:0 overruns:0 frame:0
TX packets:8691 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:648832 (633.6 KiB) TX bytes:648832 (633.6 KiB)
wan Link encap:Ethernet HWaddr
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
wlan0 Link encap:Ethernet HWaddr
inet addr:192.168.20.135 Bcast:192.168.20.255 Mask:255.255.255.0
inet6 addr: Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:251051 errors:0 dropped:151 overruns:0 frame:0
TX packets:259791 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:237732903 (226.7 MiB) TX bytes:232569560 (221.7 MiB)
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix ''
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'wan'
option macaddr ''
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
config interface 'wwan'
option proto 'dhcp'
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
option channel '36'
option band '5g'
option htmode 'VHT80'
option country 'FR'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
option macaddr ''
option disabled '1'
config wifi-device 'radio1'
option type 'mac80211'
option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
option channel '1'
option band '2g'
option htmode 'HT20'
option disabled '1'
option country 'FR'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
option macaddr ''
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'sta'
option network 'wwan'
option ssid '5g'
option bssid ''
option encryption 'psk2'
option key ''
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
list network 'wwan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip ''
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
Your config looks fine.
What are the host operating systems involved here? If they are Windows based, you probably need to adjust the Windows Firewall -- it will often set itself to a strict state when it encounters a new network because it doesn't know if this new network is trusted or untrusted.
It's set on private, same settings before worked fine. Strange I can't even ping the IP of the other computer, isn't it. Should be something wrong. Do not think it's windows issue.
Both are windows 10
Windows ususally is the issue here. In addition to private/public network trust levels, Windows will typically not accept traffic from another subnet, and critically, it will not respond to pings.
Try turning the firewalls off on both machines (just as an experiment).
They are on same subnet, only wan is on another subnet, as i understand it.
Did you try disabling the windows firewall entirely on both machines?
Hi, yes it's working now. Some strange automatic stuff that happened with Windows when changing network, both were on private, so thought that wasn't the problem. Some settings had changed automatically. Working now. Openwrt is awesome and thanks for helping. 
With the Linksys firmware I couldn't even connect to the 5ghz network, really weird.
Now everything is perfect, hopefully the security is just as good or better. Any thoughts there?
Thanks again. Haven't worked with networks in 2-3 years, so had forgotten how strange Windows is sometimes.
Windows is strange all of the time. 
As a general rule, OpenWrt is more secure than the vendor firmware... this is certainly true once the vendor stops releasing firmware updats to address newly discovered vulnerabilities.
Yup... but this is why I was able to say with high confidence that it was a windows issue.
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks!
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.