Hello! I have been trying to search around here as well as other results from Google and just have not found anything that quite fits what I am looking for. It could also be that I don't know what I should be searching for.
So here is what I want. Total of 3 Wifi SSIDs (Main, IoT, Guest). Out of the box obviously my GL .iNet GL-MT6000 has the Main and Guest WiFi networks set up exactly fine. What I am trying to do is get the IoT SSID to issue it's own set of IP Addresses, be able to communicate between Main and IoT, and be able to connect to the internet (I'll attach my super crude drawing below). Ultimately my goal really is just to be able to organize the devices by type using IP Address. All of my non-movable devices like smart speakers and light switches to show up with one range of IP Addresses and then user devices like laptops and tablets to show up in another range.
Should also note that I have a HomeAssistant server (in the picture) that is hardwired via unmanaged switch.
whwar9739:
GL .iNet GL-MT6000
Are you using OpenWrt (obtained from here), or the Gl-inet vendor firmware (which is a fork of OpenWrt)?
Using the GL-inet firmware, but accessing the advanced settings via the available LuCi interface
In that case, you need to ask your question in their forums/support channels. The Gl-inet fork is materially different than official OpenWrt, and it does not work the same way.
Alternatively, you can install official OpenWrt (currently your device is supported in snapshot only) and we can help you here.
1 Like
Forgot to include any configuration files:
Network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd73:ed4d:a5c1::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
config device
option name 'lan1'
option macaddr '94:83:c4:a2:ae:b5'
config device
option name 'lan2'
option macaddr '94:83:c4:a2:ae:b5'
config device
option name 'lan3'
option macaddr '94:83:c4:a2:ae:b5'
config device
option name 'lan4'
option macaddr '94:83:c4:a2:ae:b5'
config device
option name 'lan5'
option macaddr '94:83:c4:a2:ae:b5'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.8.1'
option netmask '255.255.0.0'
option ip6assign '60'
option isolate '0'
config device
option name 'eth1'
option macaddr '94:83:c4:a2:ae:b3'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
option force_link '0'
option ipv6 '0'
option metric '10'
config interface 'wan6'
option proto 'dhcpv6'
option disabled '1'
option device '@wan'
config interface 'tethering6'
option proto 'dhcpv6'
option disabled '1'
option device '@tethering'
config interface 'wwan6'
option proto 'dhcpv6'
option disabled '1'
option device '@wwan'
config interface 'guest'
option force_link '1'
option type 'bridge'
option proto 'static'
option ipaddr '172.16.0.1'
option netmask '255.255.255.0'
option ip6assign '60'
option multicast_querier '1'
option igmp_snooping '0'
option isolate '0'
option bridge_empty '1'
option disabled '0'
config interface 'wwan'
option proto 'dhcp'
option metric '20'
config interface 'secondwan'
option ipv6 '0'
option proto 'dhcp'
option metric '15'
option force_link '0'
config interface 'secondwan6'
option proto 'dhcpv6'
option disabled '1'
option metric '15'
option device '@secondwan'
config interface 'modem_1_1_2_6'
option proto 'dhcpv6'
option disabled '1'
option device '@modem_1_1_2'
config rule 'policy_direct_rt'
option lookup 'main'
option suppress_prefixlength '0'
option priority '1100'
config rule 'policy_default_rt_vpn'
option mark '0x8000/0xc000'
option lookup '8000'
option priority '1101'
option invert '1'
config rule6 'policy_direct_rt6'
option lookup 'main'
option suppress_prefixlength '0'
option priority '1100'
config rule6 'policy_default_rt_vpn6'
option mark '0x8000/0xc000'
option lookup '8000'
option priority '1101'
option invert '1'
config interface 'ovpnserver'
option proto 'ovpnserver'
option disabled '1'
config interface 'FerrinIOT'
option proto 'static'
option device 'br-iot'
option ipaddr '10.10.20.1'
option netmask '255.255.0.0'
config device
option type 'bridge'
option name 'br-iot'
Firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option flow_offloading '1'
option flow_offloading_hw '1'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
list network 'wwan'
list network 'secondwan'
option input 'DROP'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'nat6'
option path '/etc/firewall.nat6'
option reload '1'
config rule 'block_dns'
option name 'block_dns'
option src '*'
option device 'br-*'
option dest_port '53'
option target 'REJECT'
option enabled '0'
config zone
option name 'guest'
option network 'guest'
option forward 'REJECT'
option output 'ACCEPT'
option input 'REJECT'
config forwarding
option src 'guest'
option dest 'wan'
config rule
option name 'Allow-DHCP'
option src 'guest'
option target 'ACCEPT'
option proto 'udp'
option dest_port '67-68'
config rule
option name 'Allow-DNS'
option src 'guest'
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '53'
config include 'vpn_server_policy'
option type 'script'
option path '/etc/firewall.vpn_server_policy.sh'
option reload '1'
option enabled '1'
config include 'gls2s'
option type 'script'
option path '/var/etc/gls2s.include'
option reload '1'
config include 'glblock'
option type 'script'
option path '/usr/bin/gl_block.sh'
option reload '1'
config redirect
option enabled '1'
option proto 'tcp udp'
option src_dport '443'
option dest_ip '192.168.1.254'
option dest_port '8123'
option src 'wan'
option name 'GL-HomeAssistant'
option dest 'lan'
config redirect
option enabled '1'
option proto 'tcp udp'
option src_dport '8123'
option dest_ip '192.168.1.254'
option dest_port '8123'
option src 'wan'
option name 'GL-HomeAssistant'
option dest 'lan'
config forwarding 'ovpnserver2wgclient'
option src 'ovpnserver'
option dest 'wgclient'
option enabled '0'
config forwarding 'ovpnserver2ovpnclient'
option src 'ovpnserver'
option dest 'ovpnclient'
option enabled '0'
config rule
option name 'Allow-DHCP IoT'
list proto 'udp'
option src 'IoT'
option dest_port '67-68'
option target 'ACCEPT'
config rule
option name 'Allow-DNS IoT'
option src 'IoT'
option dest_port '53'
option target 'ACCEPT'
config rule 'ovpnserver_allow'
option name 'ovpnserver_allow'
option target 'ACCEPT'
option src 'wan'
option proto 'udp'
option family 'ipv4'
option dest_port '1194'
option enabled '0'
config zone 'ovpnserver'
option name 'ovpnserver'
option output 'ACCEPT'
option mtu_fix '1'
option network 'ovpnserver'
option input 'DROP'
option masq '1'
option masq6 '1'
option enabled '0'
option forward 'REJECT'
config forwarding 'ovpnserver2wan'
option src 'ovpnserver'
option dest 'wan'
option enabled '0'
config forwarding 'lan2ovpnserver'
option src 'lan'
option dest 'ovpnserver'
option enabled '0'
config rule 'sambasharewan'
option src 'wan'
option dest_port '137 138 139 445'
option dest_proto 'tcpudp'
option target 'DROP'
config rule 'sambasharelan'
option src 'lan'
option dest_port '137 138 139 445'
option dest_proto 'tcpudp'
option target 'ACCEPT'
config rule 'glnas_ser'
option src 'wan'
option dest_port '6000-6002'
option dest_proto 'tcp'
option target 'DROP'
config rule 'webdav_wan'
option src 'wan'
option dest_port '6008'
option dest_proto 'tcp'
option target 'DROP'
config redirect 'adguard_home'
option name 'Adguard Home'
option src 'lan'
option src_dport '53'
option dest 'lan'
option dest_port '3053'
option proto 'tcpudp'
config redirect 'adguard_home_guest'
option name 'Adguard Home guest'
option src 'guest'
option src_dport '53'
option dest 'guest'
option dest_port '3053'
option proto 'tcpudp'
config zone
option name 'IoT'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'FerrinIOT'
config forwarding
option src 'IoT'
option dest 'lan'
config forwarding
option src 'IoT'
option dest 'wan'
config forwarding
option src 'lan'
option dest 'IoT'
dhcp
config dnsmasq
option domainneeded '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '0'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
option localuse '1'
option noresolv '1'
list server '127.0.0.1#3053'
config dhcp 'lan'
option interface 'lan'
option start '2148'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'disabled'
option ra 'disabled'
option ra_slaac '1'
option force '1'
option ignore '0'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config domain
option name 'console.gl-inet.com'
option ip '192.168.8.1'
config domain
option name 'console.gl-inet.com'
option ip '::ffff:192.168.8.1'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'disabled'
option ra 'disabled'
option ignore '0'
config dhcp 'secondwan'
option interface 'secondwan'
option ignore '1'
config dhcp 'FerrinIOT'
option interface 'FerrinIOT'
option start '612'
option limit '150'
option leasetime '12h'
Wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/18000000.wifi'
option channel 'auto'
option band '2g'
option htmode 'HE40'
option country 'US'
option hwmode '11g'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'MainWiFi'
option encryption 'psk2'
option key 'SomeRandomKey'
option wds '1'
option isolate '0'
option ifname 'wlan0'
option hidden '0'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc/18000000.wifi+1'
option channel 'auto'
option band '5g'
option htmode 'HE80'
option country 'US'
option channels '36,40,44,48,149,153,157,161'
option hwmode '11a'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'MainWiFi'
option encryption 'psk2'
option key 'SomeRandomKey'
option wds '1'
option isolate '0'
option ifname 'wlan1'
option hidden '0'
config wifi-iface 'guest2g'
option device 'radio0'
option network 'guest'
option mode 'ap'
option ifname 'wlan0-1'
option encryption 'psk2'
option key 'SomeGuestKey'
option ssid 'Family-Guest'
option guest '1'
option disabled '0'
option wds '1'
option isolate '1'
option hidden '0'
config wifi-iface 'guest5g'
option device 'radio1'
option network 'guest'
option mode 'ap'
option ifname 'wlan1-1'
option encryption 'psk2'
option key 'SomeGuestKey'
option ssid 'Family-5G-Guest'
option guest '1'
option disabled '0'
option wds '1'
option isolate '1'
option hidden '0'
config wifi-iface 'wifinet4'
option device 'radio1'
option mode 'ap'
option ssid 'Family-IoT-5G'
option encryption 'psk2'
option key 'SomeRandomKey'
option wds '1'
option network 'FamilyIOT'
config wifi-iface 'wifinet5'
option device 'radio0'
option mode 'ap'
option ssid 'Family-IoT'
option encryption 'psk2'
option key 'SomeRandomKey'
option wds '1'
option network 'FamilyIOT'
As seen in the config files, there are a ton of things that are not standard in the official OpenWrt builds. That means that advice that solutions advised here may not work (and may even break things) for that firmware.
Please refer your questions to Gl-inet, or install official OpenWrt.
Ok, thanks!