Today I tried to add a guest network to my accesspoint. I followed the guide that was posted here recently: https://openwrt.org/docs/guide-user/network/wifi/guestwifi/guestwifi_dumbap
I can connect to the network. I get a IP address assigned and isolation also works but I can not get Internet access. Any ideas where to look to get it to work?
Firewall settings.
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
root@Cudy_X6:~# ubus call system board
{
"kernel": "5.15.137",
"hostname": "Cudy_X6",
"system": "MediaTek MT7621 ver:1 eco:3",
"model": "CUDY X6 v1",
"board_name": "cudy,x6-v1",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "SNAPSHOT",
"revision": "r25739-a8840b7462",
"target": "ramips/mt7621",
"description": "OpenWrt SNAPSHOT r25739-a8840b7462"
}
}
-----------------------------------------------------------------------------------------------
root@Cudy_X6:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdf4:123a:a145::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'dhcp'
config device
option type 'bridge'
option name 'br-guest'
option bridge_empty '1'
config interface 'guest'
option proto 'static'
option device 'br-guest'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
-----------------------------------------------------------------------------------------------
root@Cudy_X6:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
option channel 'auto'
option band '2g'
option htmode 'HE40'
option country 'DE'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'AP_42'
option encryption 'sae-mixed'
option key 'xxxxxxxxxxxxxxxxxxxxxxxx'
option wpa_disable_eapol_key_retries '1'
config wifi-device 'radio1'
option type 'mac80211'
option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0+1'
option channel '116'
option band '5g'
option htmode 'HE80'
option country 'DE'
option cell_density '0'
option disabled '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid '5G_AP_42'
option encryption 'sae-mixed'
option key 'xxxxxxxxxxxxxxxxxxxxxxxxxx'
option wpa_disable_eapol_key_retries '1'
option disabled '1'
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'Guest_Wifi'
option encryption 'psk2'
option key 'xxxxxxxxxxxxxxxxxxxxxxxxx'
option network 'guest'
option disabled '1'
-----------------------------------------------------------------------------------------------
root@Cudy_X6:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
option confdir '/tmp/dnsmasq.d'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'hybrid'
option ra 'hybrid'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '120'
option leasetime '12h'
-----------------------------------------------------------------------------------------------
root@Cudy_X6:~# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
option masq '1'
config zone
option name 'guest'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'guest'
config forwarding
option src 'guest'
option dest 'lan'
config rule
option name 'Guest_DHCP'
list proto 'udp'
option src 'guest'
option dest_port '67-68'
option target 'ACCEPT'
config rule
option name 'Guest_DNS'
option dest_port '53'
option target 'ACCEPT'
option src 'guest'
config rule
option name 'Block_Guest_from_LAN'
option src 'guest'
option dest 'lan'
option target 'REJECT'
list proto 'all'
list dest_ip '192.168.0.0/24'
The config files look generally fine, but I'd recommend that you upgrade to the latest release version of OpenWrt
https://firmware-selector.openwrt.org/?version=23.05.2&target=ramips%2Fmt7621&id=cudy_x6-v1
The update actually fixed it and now it works, thanks 
Great!
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks! 