I'm trying to setup an instance to be a dumb AP. I have a single LAN interface and the WLAN interface. I've followed the guide below, but no client connected to the WLAN is able to ping or access an IP connected to the LAN. However, clients connected to the WLAN can manage the instance itself.
From the shell of the instance I can ping other devices on the LAN, but not any devices on the WLAN. DHCP is running off another device and devices connected to the WLAN are getting leases.
I'm sure it's something obvious, but I can't find it.
Edit /etc/config/dhcp and set the LAN DHCP to ignore (i.e. disabled) and remove the DHCPv6 lines. The dumb AP's DHCP server must be disabled or it will send the wrong settings to clients.
Which hardware and which OpenWRT version are you using?
I made a simple dumbap with a TP-Link TL-WR802N_v4 using the latest 19.07.1 OpenWRT. It also has only one Ethernet port. It's a small USB-power driven box ideal for travelling.
I'm using luci to configure it.
In "System - Startup" disable the services odhcp, dnsmasq and firewall.
Under "Network - Interfaces" set the static IP of the LAN interface (also disabling dhcp for that interface) and put any WAN or WAN6 interfaces to unmanaged (or delete them).
Then setup the "Network - Wireless". Your configuration looks pretty much the same as mine. I also use local DNS server and different gateway IP.
Why do you want to use
option igmp_snooping '1'
In "Status-Overview" on first level I can see the connected clients from the WiFi with IP addresses received from the DHCP.
This is my config:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdxx:742a:xxxx::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option proto 'static'
option ipaddr '192.168.0.20'
option netmask '255.255.255.0'
option gateway '192.168.0.1'
list dns '192.168.0.6'
config device 'lan_eth0_dev'
option name 'eth0'
option macaddr 'XX'
First isolate the problem to either not able to route to the Internet at all, or able to reach the Internet but not able to DNS. If you can ping to a numeric address such as 8.8.8.8 but not to a name, it's a DNS problem.
I guess you have some sort of adblocking DNS server set up because usually you'd point DNS to the same main router that is the gateway. That is still worth trying if OpenWrt can't DNS.
It's not just the internet. Clients connecting to the WLAN AP are recieving a DHCP lease from the router (in this case pfsense) and can ping and connect to the openwrt instance itself. However, they cannot ping the router, or any other IPs on the LAN side.
Also, from the operwrt shell itself, I can ping the router, but not any client connected to the WLAN AP.
I've also now tried a full rebuild on 18.06.7 and experienced the same issue. I am using the latest firmware from kernel.org.
I've found the issue - the ESXi virtual port group needed to be set to 'Promiscuous mode - Accept'. It never occured to me that it could be an issue with the hypervisor.
For background; I've setup an x86 SBC as a mini-environment for travelling etc. It's running ESXi, along with VM's for pfsense, pihole, a Server 2016 domain controller and openwrt. Openwrt is configured with a single vNIC for LAN access and has an Atheros QCA9377 card passed through for WLAN. Openwrt will only be used as an AP, giving access to the other VMs.