Wireless bridge

concubine · January 13, 2024, 10:55pm

Hello,

I'm trying to setup openwrt to connect to my Merlin primary router (a friend suggested merlin even though I'm not sold)

Regardless, I've setup the wireless connection from openwrt using the scan and connect and that seems to work fine for access the Internet on any of the ETH lan ports 1-4.

However, I can't for the life of me get it to work in a way that any connected device to the openwrt 1-4 ports would get IP From the the primary Merlin router, I've tried bridging but I am missing some key knowledge here which might be related to my networking knowhow gap.

I'm attaching my network config, firewall and wireless in hopes someone may be able to direct me in the right path.

root@Pegasus:/etc/config# cat firewall

config defaults
        option syn_flood '1'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'
        list network 'wwan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

root@Pegasus:/etc/config# cat network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd3c:512b:e6a0::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device
        option name 'wan'
        option macaddr '32:23:03:dd:d0:e0'

config interface 'wan'
        option device 'wan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

config interface 'wwan'
        option proto 'dhcp'

config device
        option type 'bridge'
        option name 'BridgeWifi'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'wan'
        option bridge_empty '1'
        option mtu '1500'
        option macaddr '30:23:03:DD:D0:E0'

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
        option channel 'auto'
        option band '5g'
        option htmode 'VHT80'
        option country 'PT'
        option cell_density '0'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option disabled '1'
        option country 'FR'

config wifi-device 'radio2'
        option type 'mac80211'
        option path 'platform/soc/soc:internal-regs/f10d8000.sdhci/mmc_host/mmc0/mmc0:0001/mmc0:0001:1'
        option channel '34'
        option band '5g'
        option htmode 'VHT80'
        option disabled '1'

config wifi-iface 'wifinet0'
        option device 'radio0'
        option mode 'sta'
        option network 'wwan'
        option ssid 'Mamajama2'
        option bssid 'C8:7F:54:E4:DE:74'
        option encryption 'psk2'
        option key 'REDACTED'

I even tried something like this but it broke everything:

config device
    option name 'br-lan'
    option type 'bridge'
    list ports 'lan1'
    list ports 'lan2'
    list ports 'lan3'
    list ports 'lan4'
    list ports 'phy0-sta0' 

config interface 'lan'
    option device 'br-lan'
    option proto 'dhcp'

Thank you for any advice, cheers.

psherman · January 13, 2024, 11:00pm

Bridging from wifi > ethernet (i.e. a wifi downlink) is considerably different than creating a dumb AP (which is close in concept, but uses wifi AP mode to create an AP rather than sta mode to create a client). This is due to the way that 802.11 standards were created, so workarounds are necessary.

Take a look at relayd for this -- that's the typical method of achieving this goal:

(other methods include WDS or mesh, but for that, you'll likely need both routers running OpenWrt.)

concubine · January 13, 2024, 11:01pm

I've been bashing my head and doubting life choices.
Will take a look into your post, Cheers

UPDATE: Wonderful, monkey stepped it and it worked like a charm.

Much appreciated, marking solved.

system · January 23, 2024, 11:03pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.