So after some struggle with relayd and trelay, I decided to abandon the relay scenario form my third party router to Archer C7 OpenWrt until I get another QC/Ath router on which I can install OpenWrt, have proper setup and implement WDS.
Current configuration is that OpenWrt router get internet form main router AP. Now I would like to be able to access OpenWrt router from main router's AP by SSH and also have access to SMB shares. Right now I can't even ping the OpenWrt router's WWAN IP when connected via main router's AP (though both routers can ping each other).
Below my config. I tried haveing the WWAN on lan or wan zone. I also tried bridging the wwan with Switch VLAN and also without doing that.
Could be many different things. Maybe start with validating the traffic is actually getting to your wan port on your open wrt device
Tcpdump would be a good option , the below link shows how to use openwrt as the network tapping point of a stream that feeds into wireshark. But that might be overkill for something like you’re facing , you probably only need to run it on the console to get a feel for what’s happening: https://openwrt.org/docs/guide-user/firewall/misc/tcpdump_wireshark
Install tcpdump with opkg install tcpdump
Then on the openwrt device console, run this below to start a capture. You’ll see rows appearing as packets hit the wan interface in near real-time.
tcpdump -n -i eth0.2
Then ctrl+c when you want to stop
With the capture running, try pinging from the other device which you said was working before. You should see 2 rows in tcpdump output , one ping and one pong reply. Compare that output with the other tests where your not seeing connectivity.
Issue Will boil down to one of 3 things :
Either the packets are not getting sent back to your main router from the openwrt device (could be firewall, missing routes, something else)
The packets are being sent back to your main router but not getting to the endpoint device (implying a problem with the main router, firewall, routes, something else)
The packets never even make it into the wan port on your openwrt router from your main router (implying problem with config on the main router)
Armed with the answer(s) to the above question you’ll know where to look next. Feel free to update this thread as you go, might take a few tests to figure this one out.
I had to remove the WWAN interface and add it again. Not setting the IP to static this time, it appears I can ping the WWAN IP from main routers AP, and I also have SSH access to OpenWrt WWAN IP form main router's AP. I don't understand what the problem was with setting static IP for the WWAN, as I was setting the gateway to the other router's IP, but anyway I used static lease instead, so that point is sorted out.
Surprisingly, if I happen to change the firewall zone of WWAN to WAN then revert it to LAN again, I lose access to the WWAN interface from the other router's AP.
I am not sure if this is a bug or something I am doing wrong, but I don't imagine I have enough technical info to make a bug report for that.
Anyway, now I have SSH and GUI access to WWAN IP form other router's AP, but I am still not able to access SMB share form the WWAN side, even though I have it's firewall zone set to LAN.
That should be simple configuration and it doesnt require much setup even if your main router is not OpenWrt based.
I find this one hard to believe, if it is possible at all. You are getting internet from your main router and I think it's in bridge mode probably. I really dont think if this is possible at all or maybe through some hack with static routes?
Well SMB should be avialable at LAN interface as default but since your OpenWrt router uses different IP range you'll need to forward it to WWAN in otder to access it from main router. I think SMB uses some specific ports that will need to be forwarded from LAN to WWAN in order to make main router aware that there is a SMB share at the WWAN IP address. But then again you may need to assign a static IP to WWAN so it doesnt keep changing.
root@C7:~# ip r
default via 192.168.1.1 dev wlan1 src 192.168.1.2
192.168.1.0/24 dev wlan1 scope link src 192.168.1.2
192.168.2.0/24 dev br-lan scope link src 192.168.2.1
Not sure what I should be looking for in terms of forwarding
Created a port forwarding rule to LAN IP. When creating it, LuCI allows only to have the source zone as WAN. But when editing it, I could select LAN as the source zone as well. This seems to have done the trick.
I suggest to define default value for option interfaces in the /etc/config/samba instead of /etc/init.d/samba.
This way it would be easier to override it with empty value if required.
So it appears that the solution lies in a mix of what @vgaetera and @Andy2244 said.
This provides access but is not retained after restart.
This is retained after restart, but it does'nt provide access. In fact, it doesn't even allow access form the LAN side.
I noticed that the original /etc/samba/smb.conf contained interfaces = lo br-lan, and after runnnig the uci commands it reads interfaces = lo br-lan wlan1, so I edited that in /etc/samba/smb.conf.template, and that seems to work.