Hi All,
In the house I have 3 x Xiaomi 4/4A routers running OpenWrt 21.02.1.
The connections are like:
The 5-4-3 ethernet rule has been observed.
The Xiaomi AP0 has replaced a Mikrotik used in that same environment for the same GW purpose.
All the rest of the devices pre-existed.
The configuration of that gateway is as follows:
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
option ula_prefix 'fd21:bc04:fcc0::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'wan'
option stp '1'
config interface 'lan'
option proto 'static'
option ip6assign '60'
option device 'br-lan'
option stp '1'
list dns_search 'example.net'
list dns '10.46.236.1'
list dns '8.8.4.4'
list dns '8.8.8.8'
list ipaddr '10.46.236.1/26'
config device
option name 'lan1'
option mtu '1500'
config interface 'n50'
option proto 'pppoe'
option username 'SomeUSER'
option password 'SomePASS'
option ipv6 'auto'
option device 'lan1'
and
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11g'
option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
option cell_density '0'
option channel 'auto'
option country 'GR'
option htmode 'HT40'
option txpower '15'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option encryption 'none'
option ssid 'tweety-net'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11a'
option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
option cell_density '0'
option htmode 'VHT40'
option channel 'auto'
option txpower '15'
option country 'GR'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option encryption 'none'
option ssid 'tweety-net'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config include
option path '/etc/firewall.user'
config zone
option name 'wan'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option input 'REJECT'
list network 'n50'
config forward
option src 'lan'
option dest 'wan'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
list device 'br-lan'
list network 'lan'
option forward 'ACCEPT'
config forwarding
option src 'lan'
option dest 'wan'
config redirect
option target 'DNAT'
option name 'tweety-https'
list proto 'tcp'
option src 'wan'
option src_dport '443'
option dest 'lan'
option dest_ip '10.46.236.30'
option dest_port '443'
Connecting to the WiFi of any of the side APs (AP1/AP2), I can connect to any WiFi or Cable connected device anywhere in the network.
Connecting to the Gateway AP0 via WiFi I can only connect to WiFi or Cable devices, connected to that gateway itself but can not connect to any other device connected to the rest of the network.
tcpdump showed that in this case, there are ARP requests going out (who has this IP? tell that IP), but nothing returns.
If I connect to the AP0 via ssh over WiFi, then I can connect to any other device in the network.
The obvious difference is that AP1/AP2 are in AP bridged mode and there is no firewall (all interfaces are connected to the same bridge).
Any ideas?
Best regards,
Theo