OpenWrt Forum Archive

Topic: Fonera running as router.Is it possible to achieve this scheme?? (PIC)

The content of this topic has been archived on 11 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
Stolz
23 Dec 2007, 16:21

First, an image of what I want to achieve:
http://img2.freeimagehosting.net/uploads/72dbbf0fba.png
http://img2.freeimagehosting.net/image. … bf0fba.png


To clarify it:
-I connect to Internet with a cable-modem (no routing capabilities).
-The cable-modem Ethernet interface offers an IP from my ISP via DHCP.

My idea is to connect the Fonera to the cable-modem through the Ethernet interface. The Fonera should get the IP of the Ethernet interface from my ISP via DHCP.
Also, the Fonera will have the Wifi interface enabled in order to let other clients to connect internet via Wifi.
-The Fonera Wifi interface will have the static IP 192.168.0.1 and will act as an WPA-PSK AP.
-All the clients than want to connect to Internet should use the Wifi interface, which will get an IP like 192.168.0.x, obtained from a DHCP server running in the Fonera.

The first question is obvious,
is it possible to achieve this or there is a limitation in the Fonera or OpenWrt? is my scheme correct or I misunderstood something?


If it is possible:
-Would I need to create a bridge? In which interfaces?What package should I install?
-What package should I install to have a DHCP server in the Fonera?
-What package should I install in order to configure the Fonera as an WPA-PSK AP? hostapd may be? or hostapd-mini?

I understand that to configure the Fonera  I probably have to edit only 3 files:  /etc/config/dhcp, /etc/config/network and /etc/config/wireless. I also understand the basic syntaxis  of these files but I have doubts in the theory concepts.


Thanks.

(Last edited by Stolz on 23 Dec 2007, 18:02)

Post #2
PraysToPan
23 Dec 2007, 18:03
Stolz wrote:

If it is possible:
-Would I need to create a bridge? In which interfaces?What package should I install?

No, you don't want a bridge.  Your internal traffic will then be visible to your ISP and possibly others depending on your ISP's configuration.  Also, if you bridge your ISP interface with your internal, your dhcp requests to your ISP could end up being answered by the dhcp server running on the Fonera.

-What package should I install to have a DHCP server in the Fonera?

dnsmasq is installed by default.  It can be configured to serve dhcp on your wireless segment.  Edit /etc/config/dhcp:

config dnsmasq
        option domainneeded     1
        option boguspriv        1
        option filterwin2k      '0'  #enable for dial on demand
        option localise_queries 1
        option local    '/lan/'
        option domain   'lan'
        option expandhosts      1
        option nonegcache       0
        option authoritative    1
        option readethers       1
        option leasefile        '/tmp/dhcp.leases'
        option resolvfile       '/tmp/resolv.conf.auto'

config dhcp
        option interface        lan
        option start    100
        option limit    150
        option leasetime        12h

config dhcp
        option interface        wan
        option ignore   1

That is the default dnsmasq config file from my routerboard config.  If you use the same network names and the same default is used on the fonera, you don't even need to edit it for serving dhcp.

-What package should I install in order to configure the Fonera as an WPA-PSK AP? hostapd may be? or hostapd-mini?

Yes, one of the hostapd packages will work fine.  The difference between the two hostapd packages is the available types of authentication and encryption.  I'm not sure of the specifics off hand as I generally use the full hostapd.

I understand the basic configuration of /etc/config/network and /etc/config/wireless. I just have doubts in the theory concepts.


Thanks.

Not only is it possible, it will work.  I've had a Fonera running using an external switch with vlan support without any problems.  That is really beyond what you need though.

Post #3
Stolz
24 Dec 2007, 16:20

Thanks for your answer PraysToPan.

Now I have clarified the concepts, but I'm having troubles taking it to practice. To make things easier, I have first tried with static IP on the lan-side, soy I've disabled the DHCP server:

# /etc/init.d/dnsmasq stop
# /etc/init.d/dnsmasq disable

Also I've installed the full version of hostapd:

# ipkg update
# ipkg install hostapd

And the config I've tried:

# cat /etc/config/network
config interface loopback
    option ifname   lo
    option proto    static
    option ipaddr   127.0.0.1
    option netmask  255.0.0.0

config interface lan
    option ifname   wifi0
    option proto    static
    option ipaddr   192.168.0.1
    option netmask  255.255.255.0

config interface wan
    option ifname   eth0
    option proto    dhcp
# cat /etc/config/wireless
config wifi-device  wifi0
    option type      atheros
    option channel   5
    option diversity 0
    option txantenna 1
    option rxantenna 1
    option disabled  0

config wifi-iface
    option device   wifi0
    option network  lan
    option mode     ap
    option ssid     OpenWrt
    option encryption none

I have set no encryption to make things easier.

But after reboot, I've lost all contact with the Fonera sad. I can't connect it either wireless nor wired.

Wireles:No essid is created, so I suppose something is wrong with the wireless setup. I've read the docs over and over again, and I see no error.

Wired: Because I've configured the ethernet interface to get the IP from my ISP via DHCP, I've had to install a DHCP server in my laptop and connect la Fonera to it. The DHCP server is working, because log says Forera gets the IP 192.168.1.4, but when I try to use SSH, connection is refused:

# ssh 192.168.1.4
ssh: connect to host fonera port 22: Connection refused

To ensure 192.168.1.4 belongs to the Fonera, I've used ARP and nmap, and both confirm 192.168.1.4 belongs to Fonera, 

# nmap -sS -O -PI -PP -PM -PT -PS -PU 192.168.1.4 
Starting Nmap 4.20 ( http://insecure.org ) at 2007-12-24 16:06 CET
All 1697 scanned ports on fonera (192.168.1.4) are closed
MAC Address: 00:18:84:23:8A:80 (FON)
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.17.13 (Slackware 11.0, x86)
Network Distance: 1 hop

so the question is...
Why the Fonera is not listening in the 22 port? Why the SSH server has been disabled? As far as I know, none of my previous config changes have nothing to do with the SSH server hmm


I just want to use my Fonera as a standard router and all I've gotten is a unresponsive device. I'm reflashing now to restore default settings. Any help is still appreciated.

(Last edited by Stolz on 24 Dec 2007, 16:23)

Post #4
forum2006
24 Dec 2007, 16:35

It is possible to setup such a network configuration with the Fonera.

By default the LAN and WiFi is bridged to br-lan on the Fonera. You have to do:

1. Flash and login over the LAN port and configure wireless and make sure wireless is working.
2. Connect over wireless and remove the LAN port from the bridge and reconfigure the LAN as a WAN port. See Wiki: http://wiki.openwrt.org/OpenWrtDocs/Har … 4eabdce71c

From now on you can only connect over wireless to the Fonera. You have been warned!

Since failsafe mode on the Fonera with Kamikaze 7.09 (fixed in trunk) does not work you have to reflash using the RedBoot console and start configuring from scratch again.

Post #5
eleon216
24 Dec 2007, 18:15

in your config eth0 is the wan-port and on the wan-port the firewall is enabled and per default all incoming ports are blocked. so you have to open port 22 on the firewall. add "accept:proto=tcp dport=22" to you /etc/config/firewall and you should be able to login from the wan-side

Post #6
Stolz
25 Dec 2007, 01:39

Well, I reflashed the Fonera to get a fresh Kamikaze and repeated all the steps forum2006 suggested, and it works like a charm smile, thank you very much.

What I don't understand is why with forum2006's method it works and not with my steps.

My method: Connect via Ethernet, configure LAN and WAN, configure Wifi. Reboot
forum2006's method: Connect via Ethernet, configure Wifi. Connect via Wifi, configure LAN and WAN. Reboot

Both seems similar. Both finish with identical config files. The only difference is the order and that my method edits /etc/config/network directly but forum2006's uses uci command.

Does the order matter?
Does using uci instead of an editor matter?

Regards.

The discussion might have continued from here.