I am new to openWRT router configuration. In the following scenario, router1 can ping router2 and router3, also both router1 and router3 can ping router2 but router1 can not ping router3.
router1 (10.2.1.0/24) (STA) <-> router2 (10.2.2.0/24) (AP) <-> router3 (10.2.3.0/24) (STA)
/etc/config/wireless (router1)
config wifi-device 'wifi1'
option type 'qcawificfg80211'
option channel 'auto'
option hwmode '11bea'
option disabled '0'
option macaddr 'xx:xx:xx:xx:xx:01'
config wifi-iface
option device 'wifi1'
option network 'mesh'
option mode 'sta'
option encryption 'psk2'
option key 'xxxxxxxx'
option ssid 'router2'
option en_6g_sec_comp '0'
/etc/config/network (router1)
config interface 'lan'
option type 'bridge'
option ifname 'eth1 eth2 eth3 eth4'
option proto 'static'
option ipaddr '10.2.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option multicast_querier '0'
option igmp_snooping '0'
option force_link '1'
config interface 'mesh'
option ifname 'ath1'
option proto static
option ipaddr '10.2.2.2'
option netmask '255.255.255.0'
option ip6assign '60'
option multicast_querier '0'
option igmp_snooping '0'
option force_link '1'
config route
option interface 'mesh'
option target '10.2.2.0'
option netmask '255.255.255.0'
option gateway '10.2.2.2'
config route
option interface 'mesh'
option target '10.2.3.0'
option netmask '255.255.255.0'
option gateway '10.2.2.1'
/etc/config/wireless (router2)
config wifi-device 'wifi1'
option type 'qcawificfg80211'
option channel 'auto'
option hwmode '11bea'
option disabled '0'
option macaddr 'xx:xx:xx:xx:xx:02'
config wifi-iface
option device 'wifi1'
option network 'lan'
option mode 'ap'
option encryption 'psk2'
option key 'xxxxxxxx'
option ssid 'router2'
option en_6g_sec_comp '0'
/etc/config/network (router2)
config interface 'lan'
option type 'bridge'
option ifname 'eth1 eth2 eth3 eth4'
option proto 'static'
option ipaddr '10.2.2.1'
option netmask '255.255.255.0'
option ip6assign '60'
option multicast_querier '0'
option igmp_snooping '0'
option force_link '1'
config route
option interface 'lan'
option target '10.2.1.0'
option netmask '255.255.255.0'
option gateway '10.2.2.2'
config route
option interface 'lan'
option target '10.2.3.0'
option netmask '255.255.255.0'
option gateway '10.2.2.3'
/etc/config/wireless (router3)
config wifi-device 'wifi1'
option type 'qcawificfg80211'
option channel 'auto'
option hwmode '11bea'
option disabled '0'
option macaddr 'xx:xx:xx:xx:xx:03'
config wifi-iface
option device 'wifi1'
option network 'mesh'
option mode 'sta'
option encryption 'psk2'
option key 'xxxxxxxx'
option ssid 'router2'
option en_6g_sec_comp '0'
/etc/config/network (router3)
config interface 'lan'
option type 'bridge'
option ifname 'eth1 eth2 eth3 eth4'
option proto 'static'
option ipaddr '10.2.3.1'
option netmask '255.255.255.0'
option ip6assign '60'
option multicast_querier '0'
option igmp_snooping '0'
option force_link '1'
config interface 'mesh'
option ifname 'ath1'
option proto static
option ipaddr '10.2.2.3'
option netmask '255.255.255.0'
option ip6assign '60'
option multicast_querier '0'
option igmp_snooping '0'
option force_link '1'
config route
option interface 'mesh'
option target '10.2.2.0'
option netmask '255.255.255.0'
option gateway '10.2.2.3'
config route
option interface 'mesh'
option target '10.2.1.0'
option netmask '255.255.255.0'
option gateway '10.2.2.1'
/etc/config/firewall (router1, router2, router3)
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option disabled '0'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'mesh'
list network 'mesh'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
/etc/quagga/ripd.conf (router1, router2, router3)
password xxxxxx
access-list vty permit 127.0.0.0/8
access-list vty deny any
line vty
access-class vty
router rip
version 2
network 10.2.1.0/24
network 10.2.2.0/24
network 10.2.3.0/24
redistribute connected