Hello
I have set up a TP-Link TL-WR1043ND with 10.03.1-rc4 as an internal access point that is connected via a cable to my existing gateway.
I want the access point to serve two WLANs: MAIN (fully bridged to internal lan) and GUEST (with access to internet via gateway only).
AP (LAN IP 10.0.0.7) --------------------------------------- ethernet ------------------------------------- Gateway (LAN IP 10.0.0.1)
(WLAN MAIN bridges to LAN)
(WLAN GUEST IP 192.168.100.1 - DHCP Range 100 - 150)
The first WLAN with SSID MAIN is working as expected. Clients are fully integrated into the LAN and can access the internet.
The second WLAN with SSID GUEST is working only halfway. Clients can connect, get an IP in the range 192.168.100.x, GW and DNS is set to 192.168.100.1, but the traffic is not routed from the access point to the the gateway: "no route to...".
Is there a howto for this case?
How can I enable routing of packets from WLAN GUEST to the gateway? Should I add custom iptables rules?
Tnx
Tom
iptables -L:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
input_rule all -- anywhere anywhere
input all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
zone_wan_MSSFIX all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
forwarding_rule all -- anywhere anywhere
forward all -- anywhere anywhere
reject all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
output_rule all -- anywhere anywhere
output all -- anywhere anywhere
Chain forward (1 references)
target prot opt source destination
zone_lan_forward all -- anywhere anywhere
zone_guest_wlan_forward all -- anywhere anywhere
Chain forwarding_guest_wlan (1 references)
target prot opt source destination
Chain forwarding_lan (1 references)
target prot opt source destination
Chain forwarding_rule (1 references)
target prot opt source destination
Chain forwarding_wan (1 references)
target prot opt source destination
Chain input (1 references)
target prot opt source destination
zone_lan all -- anywhere anywhere
zone_guest_wlan all -- anywhere anywhere
Chain input_guest_wlan (1 references)
target prot opt source destination
Chain input_lan (1 references)
target prot opt source destination
Chain input_rule (1 references)
target prot opt source destination
Chain input_wan (1 references)
target prot opt source destination
Chain output (1 references)
target prot opt source destination
zone_lan_ACCEPT all -- anywhere anywhere
zone_wan_ACCEPT all -- anywhere anywhere
zone_guest_wlan_ACCEPT all -- anywhere anywhere
Chain output_rule (1 references)
target prot opt source destination
Chain reject (5 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain syn_flood (1 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
DROP all -- anywhere anywhere
Chain zone_guest_wlan (1 references)
target prot opt source destination
input_guest_wlan all -- anywhere anywhere
zone_guest_wlan_ACCEPT all -- anywhere anywhere
Chain zone_guest_wlan_ACCEPT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain zone_guest_wlan_DROP (0 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain zone_guest_wlan_MSSFIX (0 references)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
Chain zone_guest_wlan_REJECT (1 references)
target prot opt source destination
reject all -- anywhere anywhere
reject all -- anywhere anywhere
Chain zone_guest_wlan_forward (1 references)
target prot opt source destination
zone_lan_ACCEPT udp -- anywhere 10.0.0.2
zone_lan_ACCEPT udp -- anywhere 10.0.0.1
zone_lan_ACCEPT tcp -- anywhere 10.0.0.1
zone_lan_ACCEPT tcp -- anywhere 10.0.0.2
zone_wan_ACCEPT all -- anywhere anywhere
forwarding_guest_wlan all -- anywhere anywhere
zone_guest_wlan_REJECT all -- anywhere anywhere
Chain zone_lan (1 references)
target prot opt source destination
input_lan all -- anywhere anywhere
zone_lan_ACCEPT all -- anywhere anywhere
Chain zone_lan_ACCEPT (6 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain zone_lan_DROP (0 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain zone_lan_MSSFIX (0 references)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
Chain zone_lan_REJECT (1 references)
target prot opt source destination
reject all -- anywhere anywhere
reject all -- anywhere anywhere
Chain zone_lan_forward (1 references)
target prot opt source destination
zone_wan_ACCEPT all -- anywhere anywhere
forwarding_lan all -- anywhere anywhere
zone_lan_REJECT all -- anywhere anywhere
Chain zone_wan (0 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:68
ACCEPT icmp -- anywhere anywhere icmp echo-request
input_wan all -- anywhere anywhere
zone_wan_REJECT all -- anywhere anywhere
Chain zone_wan_ACCEPT (3 references)
target prot opt source destination
Chain zone_wan_DROP (0 references)
target prot opt source destination
Chain zone_wan_MSSFIX (1 references)
target prot opt source destination
Chain zone_wan_REJECT (2 references)
target prot opt source destination
Chain zone_wan_forward (0 references)
target prot opt source destination
forwarding_wan all -- anywhere anywhere
zone_wan_REJECT all -- anywhere anywhere
Edit: Sorry for having opened a new thread here, as I have found another one with quite the same scenario and problem. (https://forum.openwrt.org/viewtopic.php?id=28306)
(Last edited by swiss_tom on 25 Jan 2011, 21:17)