So I searched for this in forum but I could not find anything.
I want to take internet from school wifi and bridge it to lan. But the wifi gives ip in 10.1.1x.xx form. What I want is using school net in my small 192.168.1.xx form network. So I basicly need some setup that bridges these two interfaces but with a different DHCP server in lan side.
I don't want them to be isolated so for example with ip 192.168.1.10 my laptop must be able to reach 10.1.12.1 in school network.
I tried this but couldn't make it work. I set wifi to client mode and created interface wwan for it and associated the interface with wan firewall zone. So wwan normally takes ip from school networks dhcp server. I don't want lan to take ip from school network. Instead I want lan to use its own dhcp server in order to create a local environment which is in 192.168.1.x form. But also has internet connection through wwan (school network).
I just want to route the internet connection of wwan (school network with ip structure like 10.1.12.x) ( also in wan firewall) to lan clients (which have ip in form of 192.168.1.x and in lan firewall) and also I want to prevent from double-NAT because school network has its own NAT and lan interface also has NAT in it.
All of the firewall settings in default. And lan interface has static ip (192.168.1.1) and DHCP enabled. I'm communicating with device via lan interface.
It's not clear what's not working. Here's what you should have:
start with a factory reset.
create WWAN in client mode: with ip in 10.x.x.x range
create separate WLAN SSID bridged to wired lan: with ip in 192.168.x.x range
done. it should just work.
However, it will inevitably have NAT. The only way to avoid that is to add routes to the main router to tell it to route 192.168.x.x to your device. If you do that, you can turn off masquerade on your device.
I think my problem was with masquerade in firewall. It was on while I'm trying everything.
Actual problem was routing between wwan and lan interfaces and I was also thinking it is a firewall problem because wan in itself was able to connect internet and also lan were working fine except for internet access.
if you have set up a route on the main router to send 192.168.x.x to your device, then you can turn off masquerade. Also you can put the WWAN interface into the LAN firewall zone, then you will have no issue forwarding between WWAN and LAN, but you will also have no firewall (or rather, your main router will be the only firewall). If you want a firewall between your 10.x.x.x and your 192.168.x.x you should keep the WWAN in the WAN firewall zone and then set up the firewall to do the filtering you require (by default, all incoming stuff is firewalled entirely).
For minimal interaction with the upstream network you should use masquerade (NAT). This will have your router act like a user on one IP address (usually obtained by DHCP) on the school network. Internet requests from the LAN of your router will be routed out to the school. Incoming connections from the school to your router will be blocked by the firewall.
This is basically the same as the default configuration. There's no need to create a 'wwan' network just detach the Ethernet port from 'wan' and use a wifi client instead.
by default the firewall completely blocks wan to lan routing (only allowing related traffic responding to connections initiated from the LAN) this may be your main issue? If you want full routing between the two, place the WWAN into the LAN firewall zone.