Routing question

Correct.

Yes, the OP states this...and then proceeds to show devices and configs that don't contain 172.16.0.0/24.

But has some device issuing the addresses via DHCP...? :man_shrugging:

1 Like

1 Like
  • Your OpenWrt config does not show this
  • If OpenWrt is the router for 172.16.0.0/24, you don't need a static route; but, you may have to allow forwarding to WAN if you created another firewall zone

This should work on a default OpenWrt by making the LAN 172.16.0.0/24 and connecting WiFi as WWAN.

:warning: Does your cell carrier allow connecting hotspots to routers?

How to fix configs?
Yes, you can connect.

To be clear, what needs to be fixed doesn't seem to be in your config (which means there may be another router).

But to do this with the OpenWrt, you:

  • Reset router to default
  • Unplug/plug all Ethernet devices (your OpenWrt will be 192.168.1.1)
    • (OPTIONAL) change to 172.16.0.1/255.255.255.0 if desired
    • Unplug/plug all Ethernet devices (your OpenWrt will be 172.16.0.1)
  • Go to Wireless, connect to hotspot as WWAN
    • follow defaults to place in WAN firewall zone
  • Done

:warning: Please use the LAN ports on the OpenWrt to setup, this will ensure there's no other network device issuing 172.16.0.0/24 to your machine connected by Ethernet...I'm not sure you understood that your OpenWrt config doesn't have such a network listed.

Does the wireless link from OpenWrt to the modem work? From OpenWrt are you able to ping the modem?

1 Like

On operwrt I see a modem.
With operwrt I go Internet.

Reset all settings.
Set up only 2 files.

/etc/config/network
config wifi-device 'radio0'
        option type 'mac80211'
        option channel 'auto'
        option hwmode '11ng'
        option path 'platform/ar933x_wmac'
        option htmode 'HT20'
        list ht_capab 'SHORT-GI-20'
        list ht_capab 'SHORT-GI-40'
        list ht_capab 'RX-STBC1'
        list ht_capab 'DSSS_CCK-40'
        option disabled '0'
        option country 'RU'

config wifi-iface
        option device 'radio0'
        option mode 'sta'
        option network 'wwan'
        option ssid 'ssid_name'
        option key 'ssis_key'
        option encryption 'ssid_enc'

/etc/config/network
config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd04:aee3:8b36::/48'

config interface 'lan'
        option ifname 'eth0'
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option dns '8.8.8.8'
        option ipaddr '172.16.0.1'

config interface 'wwan'
        option proto 'static'
        option gateway '192.168.8.1'
        option netmask '255.255.255.0'
        option dns '8.8.8.8'
        option ipaddr '192.168.8.2'

How to properly set up a firewall?

If you did this, it's already setup as WAN and LAN.

  • LAN does not need DNS
1 Like

After resetting the firewall settings file, there is no.

:spiral_notepad: (default reset is firstboot && reboot )

I mentioned nothing about firewall except adding WWAN (see below) and you said you did not edit the file. There is a WAN and LAN by default, and WWAN is automatically added if you followed my steps above.

:grey_question:

If you used command line, add WWAN network to the WAN firewall zone in /etc/config/firewall.

screen23

I don't have a web interface.
I don't have a /etc/config/firewall file.
Create a firewall file with such data?

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan wan6 wwan'

config forwarding
	option src 'lan'
	option dest 'wan'
1 Like

???

That file should exist by default.

:+1:

root@CyberWrt:~# ls -l /etc/config/
-rw-r--r--    1 root     root           885 Nov 17  2013 dhcp
-rw-r--r--    1 root     root           134 Nov 17  2013 dropbear
-rw-r--r--    1 root     root           552 Jan  1  1970 network
-rw-r--r--    1 root     root           254 Sep 20  2013 system
-rw-r--r--    1 root     root             0 Jan  1  1970 ubootenv
-rw-r--r--    1 root     root          3388 Nov 18  2013 uhttpd
-rw-r--r--    1 root     root           481 Jan  1  1970 wireless
root@CyberWrt:~#

What is CyberWrt!?!?

(The website is in Russian...and mentions EOL version 15.)

Please use official OpenWrt.

3 Likes

You're making a routed client. There are instructions in the wiki for that.

The default network and firewall is set up to NAT route to a wired WAN. The simplest way to set this up is remove the Ethernet port from the existing wan network and use a wifi client instead. This is all that needs to be done if the upstream network doesn't overlap the default lan IP range. If it does, you need to change the LAN IP for proper routing to work.

Another way is to make a new network with the client, which is usually called "wwan" (though you can name it anything you want subject to network naming restrictions), and add this network to the wan firewall zone. The "Join this Network" button on the wifi scan page is a script that does that. It usually works, especially if you click it only once starting from a default configuration.

Once you have Internet access working you can look at finer points like giving wan a static IP and opening firewall ports so you can log in from the WAN side. That only makes sense if you control and trust that network.

1 Like

Available TL-WR703N
There is no free space to download the firmware.

you need to save it in /tmp, and run it using sysupgrade from telnet/ssh.

if you don't need to install additional packages, there are 19.07 builds in OpenWrt 19.07.1 ath79 tiny LuCI , check the last post for the most recent version.

note these are community builds.

2 Likes

Hello.

Is my config /etc/config/firewall above correct or not?

You'll most likely need a few extra rules that are there in a default firewall configuration. That is if you work in IPv4 only. If you work with IPv6 you'll need many more.