ade05fr
January 27, 2020, 11:54am
1
Hello
i have configure my Linksys EA9500 as a wireless bridge router with relayd (IP : 192.168.0.200 / 192.168.15.1), now i can connect to internet.
But there is still an issue, i cannot ping to my PC (192.168.0.127) or access it through another PC (example below 192.168.0.110)
There are on the same network. i fixed a static ip address to my PC, the gateway is the primary router.
Is there something that i missed ? another thing, on my Primary Router ( 192.168.0.1 ) i cant see my PC on the connected devices, i see only the IP address of the Linksys EA9500 (192.168.0.200) used as bridge.
ANy help ?
thanks
bill888
January 27, 2020, 12:46pm
2
Can PC at 192.168.0.127 ping the other PC at 192.168.0.110 and main router 192.168.0.1 ?
Can PC at 192.168.0.110 access openwrt router at 192.168.0.200?
Suggest posting the contents of the /etc/config/network , /e/c/wireless, /e/c/firewall files along with OpenWrt version.
Perhaps compare it with working configs 'currently' discussed here:
https://forum.openwrt.org/t/relayd-not-forwarding-broadcast-bootp-dhcp-responses/53607
i can ping from 192.168.0.127 to other PCs and the main router.
But the opposite is not possible, i can reach my router with IP 192.168.0.200 or my PC 192.168.0.127
Firewall issue ?
i will send my config files asap.
thanks
Hegabo
January 27, 2020, 3:38pm
4
I presume you meant to say you can't reach them (from 192.168.0.110).
/etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan wwan relayd_wl_lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config include 'bcp38'
option type 'script'
option path '/usr/lib/bcp38/run.sh'
option family 'IPv4'
option reload '1'
/etc/config/network
root@OpenWrt:/etc/config# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd43:9bfa:3e5b::/48'
config interface 'lan'
option type 'bridge'
option ifname 'lan1 lan2 lan3 lan4 lan5 lan6 lan7 lan8 extsw eth2.101'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.15.1'
option gateway '192.168.0.1'
list dns '192.168.0.1'
config interface 'wan'
option type 'bridge'
option ifname 'wan eth2.102'
option proto 'dhcp'
config interface 'wan6'
option ifname 'br-wan'
option proto 'dhcpv6'
config interface 'wwan'
option proto 'static'
option ipaddr '192.168.0.200'
option netmask '255.255.255.0'
option gateway '192.168.0.1'
list dns '192.168.0.1'
config interface 'relayd_wl_lan'
option proto 'relay'
option ipaddr '192.168.0.200'
list network 'lan'
list network 'wwan'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path '18000000.axi/bcma0:7/pci0000:00/0000:00:00.0/0000:01:00.0/0000:02:01.0/0000:03:00.0'
option htmode 'VHT80'
option disabled '1'
config wifi-device 'radio1'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path '18000000.axi/bcma0:7/pci0000:00/0000:00:00.0/0000:01:00.0/0000:02:02.0/0000:04:00.0'
option htmode 'HT20'
option disabled '1'
config wifi-device 'radio2'
option type 'mac80211'
option hwmode '11a'
option path '18000000.axi/bcma0:8/pci0001:00/0001:00:00.0/0001:01:00.0'
option htmode 'VHT80'
option channel '108'
config wifi-iface 'wifinet0'
option device 'radio2'
option mode 'sta'
option network 'wwan'
option ssid 'ASUS92-5Ghz'
option key 'yas0210rahmane01'
option encryption 'psk2'
At first glance, I would correct the lan zone as shown below
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan wwan'
I would also delete the 'wan' zone, and recommend removing all the rules and port forwards to clean up the file. See the example of a clean firewall file
https://forum.openwrt.org/t/relayd-not-forwarding-broadcast-bootp-dhcp-responses/53607/9
The following looks a bit odd to me. What's going on here?
config interface 'lan'
option ifname 'lan1 lan2 lan3 lan4 lan5 lan6 lan7 lan8 extsw eth2.101'
I would also delete the 'wan' and 'wan6' zone to clean it up.
with these modifications still same problems
cat network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd43:9bfa:3e5b::/48'
config interface 'lan'
option type 'bridge'
option ifname 'lan1 lan2 lan3 lan4 lan5 lan6 lan7 lan8 extsw eth2.101'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.15.1'
option gateway '192.168.0.1'
list dns '192.168.0.1'
config interface 'wwan'
option proto 'static'
option ipaddr '192.168.0.200'
option netmask '255.255.255.0'
option gateway '192.168.0.1'
list dns '192.168.0.1'
config interface 'relayd_wl_lan'
option proto 'relay'
option ipaddr '192.168.0.200'
list network 'lan'
list network 'wwan'
cat firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan wwan'
config include
option path '/etc/firewall.user'
root@OpenWrt:/etc/config#
I'm out of ideas. I can only think there may be an issue with ARP somewhere.
(I note the EA9500 is a Broadcom based router. I thought there was no or very limited support for broadcom wifi)
Hegabo
January 29, 2020, 6:01am
10
You could also try trelay
instead.
However, if your devices support WDS and are compatible, it's a better solution that is less problematic.
ade05fr
January 30, 2020, 12:57pm
11
Hi there
i have another question about my config. in fact when i do an ipconfig on my PC client i have an IPV6 address with my ipv4. how can i disable this to only obtain ipv4 address ?
thanks
Hegabo
January 30, 2020, 4:07pm
12
Go to http://192.168.1.1/cgi-bin/luci/admin/network/network
Then got the LAN
interface settings, navigate to DHCP Server > IPv6
Settings and disable it from there.
ade05fr
February 2, 2020, 7:17am
13
Hi everyone i disable the ipv6 but still the problem to ping my pc on lan from another device on the same network (192.16.0.1/254)
what is wrong ?
Hi,
Using relay d since a while on RAMIPS and ATH79 based access points without problem for accessing PC both ends of the network. I just see some differences betwwen your and my config.
in your config I assume that the 192.18.0.1 machine is the main router.
As said in a previous comment, delete both wan and wan6 interfaces which are useless
in the 'lan' config I assume that bridging 'lan1 lan2......' is made to obtain a simple switch like lan behavior. Can you confirm that these names are valid names (using ip a)?
in my config wwan is proto dhcp. Dont know if it is of any concern but as the Access poin cannot be accessed using this address I don't care to make it static.
Here are the only changes I can see
BR
Sorry I forgot also to say that
both relayd bridge interface IP and wwan interface IP are different.
Does this helps?
BR