The WWAN interface gets an IP address from the main DHCP-server, so the WLAN connection should work. If I assign an static IP address from the main subnet to a PC, connected on a LAN port of the OpenWRT router I reach other systems in the main network and can surf the in web. So I think the bridge works.
BUT: I want to use DHCP on the PCs; but they get no IP address from the main DHCP server! I see no request on the DHCP server.
If you're trying to truly bridge, all you should have to do is add the new client SSID to existing LAN interface and address the OpenWrt's LAN in the same subnet. Lastly, turn off DHCP - done.
Relay!=Bridge.
On the top of the page there are a few warnings that relay is not so guaranteed to work. So if you followed the instructions and still doesn't work, I suggest you try a different approach (WDS, Layer 2 GRE tunnels (“gretap”), or mesh networking).
I use firmware version OpenWrt 18.06.5 r7897-9d401013fc / LuCI openwrt-18.06 branch (git-19.309.48729-bc17ef6).
My firewall configuration:
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'repeater_bridge'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option input 'ACCEPT'
option output 'ACCEPT'
option name 'bridgezone'
option forward 'ACCEPT'
option network 'lan wwan'
But as I said, I disabled the firewall.
I need this all in my company ... but now I’m at home. I rebuilt all with my OpenWRT router at home, also a Fritzbox 4040; and everything works. Even the DHCP request works and I get an IP from my ISP router.
I think I missed something in the firewall configuration at work. At home the firewall is still on, only odhcpd and dnsmasq are diabled. I’ll try it next week ...
At work I have two devices just with LAN ports, but they are mobile and I want to use them in different rooms. I also have a given WPA2-Enterprise secured WLAN network. Does these mentioned alternatives work in this scenario?
I tried it. But at work, it doesn't work. Maybe the combination with a WPA2-Enterprise WLAN ...
I will use the WWAN connection and an own subnet on the LAN ports ... this works.
Sorry, but my first OpenWRT installation is just 4 weeks ago.
I connect to the WLAN and the newly created WWAN interface gets an IP from the core net. And now? Set LAN interface under Network | Wireless | edit my SSID | interface configuration? Then the WWAN interface has no more an IP and the PC, connected to LAN, also gets no IP.
Not all devices support bridging wifi in station mode with the LAN.
In fact I only know the WRT54 with the Broadcom. So most likely this won't work, and this is why there are the workarounds with relayd, wds, etc.