Hi guys, I've attempted this a couple of weeks ago to no avail. I think the idea is straightforward, I'm using meshed APs and need to extend the signal of "guest" networks. What should I do with node config if the main is correctly configured?
Here`s my current config:
Main:
- Network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd6b:6462:bb1c::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.0.2'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
option peerdns '0'
list dns '1.1.1.1'
list dns '1.0.0.1'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
option dns '::1'
option ifname '@wan'
option peerdns '0'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option description 'LAN'
option ports '0t 1 2 4'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t 5'
option vid '2'
option description 'WAN'
config switch_vlan
option device 'switch0'
option vlan '3'
option vid '3'
option description 'Horcrux'
option ports '0t 3'
config interface 'guest'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '10.10.10.1'
option device 'br-guest'
config device
option name 'br-guest'
option type 'bridge'
list ports 'eth0.3'
config interface 'bat0'
option proto 'batadv'
option routing_algo 'BATMAN_IV'
option aggregated_ogms '1'
option ap_isolation '0'
option bonding '0'
option fragmentation '1'
option gw_mode 'off'
option log_level '0'
option orig_interval '1000'
option bridge_loop_avoidance '1'
option distributed_arp_table '1'
option multicast_mode '1'
option network_coding '0'
option hop_penalty '30'
option isolation_mark '0x00000000/0x00000000'
config interface 'nwi_mesh0'
option mtu '2304'
option proto 'batadv_hardif'
option master 'bat0'
config interface 'MESHguest'
option stp '1'
option proto 'none'
option auto '1'
option delegate '0'
option device 'br-MESHguest'
config interface 'MESHlan'
option stp '1'
option proto 'none'
option auto '1'
option delegate '0'
option device 'br-MESHlan'
config device
option name 'br-MESHguest'
option type 'bridge'
list ports 'eth0.3'
list ports 'bat0.102'
config device
option name 'br-MESHlan'
option type 'bridge'
list ports 'eth0.1'
list ports 'bat0.101'
- Wireless
config wifi-device 'radio0'
option hwmode '11g'
option noscan '1'
option type 'mac80211'
option path 'platform/soc/a000000.wifi'
option cell_density '0'
option country 'AW'
option htmode 'HT20'
option channel 'auto'
config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'ap'
option network 'lan'
option key 'XXX'
option ssid '2.4ghz'
option ieee80211w '1'
option encryption 'psk2'
config wifi-device 'radio1'
option htmode 'VHT80'
option hwmode '11a'
option noscan '1'
option type 'mac80211'
option path 'platform/soc/a800000.wifi'
option cell_density '0'
option country 'AW'
option channel '64'
config wifi-iface 'mesh0'
option device 'radio1'
option ifname 'mesh0'
option disabled '0'
option mode 'mesh'
option mesh_id 'MESH'
option mesh_rssi_threshold '0'
option encryption 'sae'
option key 'XXX'
option mesh_fwding '0'
option network 'nwi_mesh0'
config wifi-device 'radio2'
option type 'mac80211'
option hwmode '11a'
option path 'soc/40000000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
option htmode 'VHT80'
option channel 'auto'
option cell_density '0'
option txpower '23'
option country 'AW'
config wifi-iface 'wifinet2'
option device 'radio2'
option mode 'ap'
option ssid '5ghz'
option key 'XXX'
option ieee80211w '1'
option network 'lan'
option encryption 'psk2'
config wifi-iface 'guest'
option mode 'ap'
option device 'radio0'
option key 'XXX'
option encryption 'psk2'
option network 'guest'
option ssid 'Horcrux ☢'
- Firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option drop_invalid '1'
option flow_offloading '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option mtu_fix '1'
option input 'DROP'
option forward 'DROP'
option masq '1'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option family 'ipv4'
list icmp_type 'echo-request'
option target 'DROP'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled '0'
config include
option path '/etc/firewall.user'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config zone 'guest'
option name 'guest'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'guest'
config forwarding 'guest_wan'
option src 'guest'
option dest 'wan'
config rule 'guest_dns'
option name 'Allow-DNS-Guest'
option src 'guest'
option dest_port '53'
option proto 'tcp udp'
option target 'ACCEPT'
config rule 'guest_dhcp'
option name 'Allow-DHCP-Guest'
option src 'guest'
option dest_port '67'
option proto 'udp'
option family 'ipv4'
option target 'ACCEPT'
Node:
- Network
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option device 'lo'
config globals 'globals'
option ula_prefix 'fdf5:9a83:763c::/48'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.0.3'
option device 'br-lan'
option gateway '192.168.0.2'
config device
option name 'br-lan'
option type 'bridge'
list ports 'bat0'
list ports 'eth0'
config interface 'Lan'
option proto 'dhcp'
option device 'eth0'
config interface 'bat0'
option proto 'batadv'
option routing_algo 'BATMAN_IV'
option aggregated_ogms '1'
option ap_isolation '0'
option bonding '0'
option fragmentation '1'
option gw_mode 'off'
option log_level '0'
option orig_interval '1000'
option bridge_loop_avoidance '1'
option distributed_arp_table '1'
option multicast_mode '1'
option network_coding '0'
option hop_penalty '30'
option isolation_mark '0x00000000/0x00000000'
config interface 'nwi_mesh0'
option mtu '2304'
option proto 'batadv_hardif'
option master 'bat0'
- Wireless
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11a'
option path 'pci0000:00/0000:00:00.0'
option cell_density '0'
option htmode 'VHT80'
option channel '64'
option country 'US'
option txpower '23'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11g'
option path 'platform/ahb/18100000.wmac'
option cell_density '0'
option country 'US'
option channel '6'
option htmode 'HT20'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option key 'XXX'
option ssid '2.4ghz'
option encryption 'sae-mixed'
option ieee80211r '1'
option nasid 'Unifi_2.4'
option mobility_domain '8f51'
option ft_over_ds '1'
option ft_psk_generate_local '1'
option ieee80211w '1'
option wps_pushbutton '1'
config wifi-iface 'wifinet3'
option mesh_rssi_threshold '0'
option device 'radio0'
option mode 'mesh'
option mesh_fwding '0'
option mesh_id 'mesh'
option key 'XXX'
option encryption 'sae'
option network 'nwi_mesh0'
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid '5ghz'
option key 'XXX'
option ieee80211r '1'
option ft_psk_generate_local '1'
option ft_over_ds '1'
option network 'lan'
option nasid 'Unifi_5'
option mobility_domain '9d24'
option encryption 'sae-mixed'
option ieee80211w '1'
option disabled '1'
config wifi-iface 'wifinet4'
option device 'radio1'
option mode 'ap'
option encryption 'sae-mixed'
option key 'XXX'
option ieee80211w '1'
option ssid 'Guest'
option disabled '1'
- Firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option synflood_protect '1'
option forward 'REJECT'
config include
option path '/etc/firewall.user'