New GL-MT300N-V2 couple of questions

I have just bought a GL-MT300N-V2 router in order to use it as an Access Point for various IOT devices. My main setup is a Ubiquiti AP Lite & USG. The intention is to move all the IOT devices onto their own subnet. First time with OpenWrt.

I have connected the router via the WAN port to my local network. I can access the web interface via a device connected to the Wi-Fi AP from the router. How would I configure the router so I can access the web interface from my main network - do I need a static route defined? Is there a simple setting to allow this?

AIUI, this router is running a custom version of OpenWrt - is there any advantage to flashing a vanilla version of OpenWrt?

Cheers

Open port 80 TCP on the firewall so that http connections from the WAN side (which is safe, since it's actually your main LAN) go through. You probably also want to open port 22 TCP for SSH administration.

Many thanks. Is there any advantage to loading vanilla OpenWrt?

No clue, as we don't know about your custom firmware, why you have it, what's contained therein, and most importantly - who gave it to you and for what purpose.

Some advantages to using vanilla image is:

• we actually know you're using supported firmware when you post in the threads
• we eliminate the possibility that the custom firmware is causing issues

It is the standard GL-MT300N-V2 firmware. - https://openwrt.org/toh/gl.inet/gl.inet_gl-mt300n_v2

As I am unfamiliar with OpenWrt, although there is a LuCI interface available, I don't know whether this is stripped down or not and if so by how much.

As an example, I'm looking at creating multiple SSIDs - I'm not sure if this will support it as it, or if I installed a different version, then it would. Right now, after initial searching through the menu options, nothing is obvious as to how to do this.

I have seen an option to force the DNS lookup to a specified server (in my case Pi-Hole) and that is useful to me - it has clearly created a specific forwarding rule.

I thought you said you had custom firmware - but that's a link to the OpenWrt site. So to be clear, if you installed firmware from downloads.openwrt.org, then it's the official firmware

There is no "stripped down" version of LuCI - all firmware containing LuCI are identical in features (if present on the router). So I'm confused...are you seeking a particular settings menu in the web GUI?

You can add available web apps to the GUI by installing the relevant package(s).

Done under:

• First: Network > Interfaces > Add (if making a new LAN/VLAN)
• Then: Network > Wireless > Add (to add a new WiFi/SSID to an Interface)

Not sure what this means. I don't know how DNS lookup relates to a forwarding rule.

I am using the firmware that comes with this router; I know it is based on OpenWrt. As I don't know what a 'vanilla' setup looks like, I don't know what I am missing (unknown, unknowns).

What I see is this layout;

Looking here - https://openwrt.org/docs/guide-user/network/wifi/guestwifi/guest-wlan-webinterface I see a completely different layout. For example, I don't have a Network > Wireless menu item. Often though, documentation lags behind the actual interface. If what is on that link is the vanilla interface, then that tells me to go for that.

This leads me to think that the interface is striped down and I will probably be better loading the vanilla OpenWrt available for this device.

There is an option to force DNS lookup (override hard coded DNS). It appears to manifest itself as a Custom Firewall (rather than forwarding) rule.

force_dns() {
	# lanip=$(ifconfig br-lan |sed -n 's/.*dr:\(.*\) Bc.*/\1/p')
	lanip=$(uci get network.lan.ipaddr)
	[ "$1" = "add" ] && {
		ip=$(uci get glconfig.general.ipaddr)
		[ -z "$ip" ] && ip=$(uci get network.lan.ipaddr)
		iptables -t nat -D PREROUTING -s 0/0 -p udp --dport 53 -j DNAT --to $ip
		iptables -t nat -D PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to $ip
		
		uci set glconfig.general.ipaddr=$lanip
		uci commit glconfig
		iptables -t nat -C PREROUTING -s 0/0 -p udp --dport 53 -j DNAT --to $lanip
		[ ! "$?" = "0" ] && iptables -t nat -I PREROUTING -s 0/0 -p udp --dport 53 -j DNAT --to $lanip
 		iptables -t nat -C PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to $lanip
 		[ ! "$?" = "0" ] && iptables -t nat -I PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to $lanip

 		
	}
	[ "$1" = "remove" ] && {
		lanip=$(uci get glconfig.general.ipaddr)
		[ -z "$lanip" ] && lanip=$(uci get network.lan.ipaddr)
		iptables -t nat -C PREROUTING -s 0/0 -p udp --dport 53 -j DNAT --to $lanip
		[ "$?" = "0" ] && iptables -t nat -D PREROUTING -s 0/0 -p udp --dport 53 -j DNAT --to $lanip
 		iptables -t nat -C PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to $lanip
 		[ "$?" = "0" ] && iptables -t nat -D PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to $lanip
	}
}

force=$(uci get glconfig.general.force_dns)
if [ -n "$force" ]; then
    force_dns add
else
    force_dns remove
fi
gl-firewall

# PPTP Passthrough
iptables -t raw -D OUTPUT -p tcp -m tcp --dport 1723 -j CT --helper pptp
iptables -t raw -A OUTPUT -p tcp -m tcp --dport 1723 -j CT --helper pptp

To be clear:

• you perform 2 steps
  • one under Interfaces
  • one under Wireless
• this is where you access the Wireless menu:

I'm not sure how we can help with what you don't see. Just install official firmware if you're still confused and want to see a "vanilla interface." BTW, the only difference I see on the linked page - is that it's the old blue page template. All buttons I mentioned (i.e. "Add") are present.

Again, can't help with unofficial firmware. The setting you're referring to seems different than what I'm imagining in OpenWrt. Perhaps that was created by GL-inet. There is a Wiki page for DNS Hijacking here: https://openwrt.org/docs/guide-user/firewall/fw3_configurations/forced_dns_redirection

That's not the same as what's in https://docs.gl-inet.com/en/3/release_notes/ which is what shipped on the router. Did you reflash from the URL you stated, or are you assuming?

What I posted is the advanced interface. The Router is running their V3.025 which, AFAICS, is the latest firmware release by them - from that link you gave

I assume nothing - .

Under the Network menu item I don't see a wireless option (just interfaces) which leads me to think that it has been modified.

The firmware I have is the official release with this router.

Yes it definitely seems so.

Thanks for all your help. As I'm pretty confident I can get back to the default firmware, I'm going to have a go at flashing the recommended vanilla OpenWrt and see where that leads me.

Cheers.

To be clear: Official OpenWrt. This is not the OEM firmware forum. I'm referring to OpenWrt firmware from downloads.openwrt.org ONLY. Hopefully this ends any confusion. Again:

Ah OK. Cheers.

Did you manage to flash the latest OpenWRT on your device @borpin? If you did does it fully remove the manufacturer firmware too? can you still get WebUI that came with the device (non advanced settings).

No problem to flash. Just do mtd write to correct partition. LuCI is native with native OpenWRT.

Features don't mix and match-- installing one firmware completely replaces the other. With official OpenWrt you get the standard LuCI interface similar to GL's "advanced". GL's "basic" is a proprietary feature of their firmware. It is always possible to change back.

Ok I've successfully flashed the device and connected it to my network with the WLAN cable and Fing sees it on my network and it has an IP but its not responding in a browse (192.168.1.197). Doing a port scan at the moment but no open ports are being returned as of yet.

Unable to reconnect to device after flashing. followed guide here: https://openwrt.org/toh/gl.inet/gl.inet_gl-mt300n_v2

Attempted debricking but again no joy, device won't register directly connected to my Mac via network cable (No Ethernet cable detected).

How exactly have you flashed your device?

Set static IP like 192.168.1.2 on PC, and try to ping 192.168.1.1 It has bootloader with web-interface.

Yes I did and I have updated it since then. What I found was that I needed to not keep the settings - the vanilla firmware got really upset with that. I also found that on updating it got really upset with the netdata plugin so I had to remove that first, update the firmware (again) and then reinstall the plugin.

Which port? WAN or LAN?

You can only access the UI from the LAN port by default - yep that caught me out as well!