Tuesday, 3 September 2019

networking - DD-WRTs Repeater Bridge Mode and additional virtual interfaces with own DHCP range

I'm using a WRT160NL as Repeater Bridge. It extends my wireless signal and all clients are on the same subnet getting DHCP leases from the primary router which also connects to the internet. Reference image from DD-WRT wiki: Reference image from DD-WRT wiki Physical interface ath0 at secondary site is connected to the main wifi, virtual interface ath0.1 has the same SSID and serves clients which works fine.


Problem:


I also like to have a guest wifi on its own subnet. A separated net which uses the primary router as a gateway. So I added another virtual interface ath0.2. There is also a guide which I followed here: Multiple WLANS.


Because DD-WRT is in "Client Bridge" mode you cannot configure a DHCP server for a virtual interface. So I'm using the "Command Method" as described in the link. If I connect to ath0.2 it seems to work, client gets an IP from the new IP range. Unfortunately the clients can't reach the internet. Seems like the Gateway IP from ath0.2 is not routed/bridged correctly. IP range differs from the main net. I created a new bridge br1 and added it to the guest net. I also tried different gateways as DHCP option (adress from main router, dd-wrt's adress, adress of virtual interface itself) to no avail.


Is it even possible to have DD-WRT act as a DHCP server on a virtual interface when it is in Repeater Bridge mode simultaneously? Thanks for thoughts on this!


EDIT:


Adress ranges:


primary router 192.168.178.1/24


secondary 192.168.178.2/24


For ath0.2 I configured 192.168.179.2/24


Clients get the right adresses and gateway as configured with dnsmasq.


EDIT 2: Added the following iptables rules:


# Allow br1 access to br0, the WAN, and any other subnets 
iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
#Enable NAT for traffic being routed out br0 so that br1 has connectivity (for WAP's - WAN port disabled) 
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
# Allow br1 to access DHCP & DNS on the router 
iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT
iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT

Then I tested connectivity with 192.168.179.2 and 192.168.178.2 as gateway. Still no internet access.


Routing table:


Destination LAN NET Subnet Mask Gateway Flags   Metric  Interface
169.254.0.0 255.255.0.0 *   U   0   LAN & WLAN
192.168.178.0   255.255.255.0   *   U   0   LAN & WLAN
192.168.179.0   255.255.255.0   *   U   0   br1

Well, 192.168.179.2 is not even pingable when connected to the net at ath0.2.

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

How can I VLOOKUP in multiple Excel documents?

I am trying to VLOOKUP reference data with around 400 seperate Excel files. Is it possible to do this in a quick way rather than doing it m...