OpenWrt Forum Archive

Topic: WL-500gP multi-ssid problems

The content of this topic has been archived on 3 May 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
rhpot1991
29 Jan 2008, 08:05

I am trying to get myself some multi-ssid's so I can have a secure one running wap and less secure one running wep for my DS.
So far I have added a bridge to my new wifi in /etc/config/network:

root@OpenWrt:/# vi /etc/config/network
#### VLAN configuration
config switch eth0
        option vlan0    "1 2 3 4 5*"
        option vlan1    "0 5"
        option vlan2    "5"


#### Loopback configuration
config interface loopback
        option ifname   "lo"
        option proto    static
        option ipaddr   127.0.0.1
        option netmask  255.0.0.0


#### LAN configuration
config interface        lan
        option type     bridge
        option ifname   "eth0.0"
        option proto    static
        option ipaddr   '10.0.0.10'
        option netmask  255.255.255.0
        option dns      '208.67.222.222 208.67.220.220'

config interface        extwifi
        option type     bridge
        option ifname   "eth0.2"
        option proto    static
        option ipaddr   '10.0.1.10'
        option netmask   255.255.255.0
        option dns      '208.67.222.222 208.67.220.220'

#### WAN configuration
config interface        wan
        option ifname   "eth0.1"
        option proto    dhcp
        option macaddr  '##########'

Then I added a new interface in /etc/config/wireless:

root@OpenWrt:/# vi /etc/config/wireless
config wifi-device  wl0
        option type     broadcom
        option channel  5
        option disabled '0'

        # REMOVE THIS LINE TO ENABLE WIFI:

config wifi-iface
        option device   'wl0'
        option network  'extwifi'
        option mode     'ap'
        option ssid     'moonbase one'
        option encryption       'wep'
        option hidden   '1'
        option isolate  '0'
        option bgscan   '0'
        option wds      '0'
        option key      '1'
        option key1     '####################'

config wifi-iface
        option device   'wl0'
        option mode     'ap'
        option ssid     'moonbase two'
        option hidden   '0'
        option encryption       'psk+psk2'
        option network  'lan'
        option isolate  '0'
        option bgscan   '0'
        option wds      '0'
        option key      '####################'

Finally I added my bridge to /etc/config/dhcp:

root@OpenWrt:/# vi /etc/config/dhcp
config dhcp
        option interface        lan
        option start    '120'
        option limit    150
        option leasetime        '720m'
        option ignore   '0'

config dhcp
        option interface        extwifi
        option start    '120'
        option limit    150
        option leasetime        '360m'
        option ignore   '0'

config dhcp
        option interface        wan
        option ignore   1

config "dnsmasq" ""
        option local    '//'

THE PROBLEM: I get dhcp to the WEP SSID, but cannot ping my router/anything on my network/anything on the internet.  The WAP SSID works completely.  How do I get the bridged wifi to have the proper connectivity?

Some random output that might help debug:

root@OpenWrt:/# ifconfig
br-extwif Link encap:Ethernet  HWaddr 00:1B:FC:D4:68:D3
          inet addr:10.0.1.10  Bcast:10.0.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:457 errors:0 dropped:0 overruns:0 frame:0
          TX packets:66 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:24468 (23.8 KiB)  TX bytes:7081 (6.9 KiB)

br-lan    Link encap:Ethernet  HWaddr 00:1B:FC:D4:68:D3
          inet addr:10.0.0.10  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:82510 errors:0 dropped:0 overruns:0 frame:0
          TX packets:51088 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:90523218 (86.3 MiB)  TX bytes:4717856 (4.4 MiB)

eth0      Link encap:Ethernet  HWaddr 00:1B:FC:D4:68:D3
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:165669 errors:0 dropped:0 overruns:0 frame:0
          TX packets:132897 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:99810767 (95.1 MiB)  TX bytes:96870611 (92.3 MiB)
          Interrupt:4

eth0.0    Link encap:Ethernet  HWaddr 00:1B:FC:D4:68:D3
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:82508 errors:0 dropped:0 overruns:0 frame:0
          TX packets:51088 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:90853134 (86.6 MiB)  TX bytes:4922208 (4.6 MiB)

eth0.1    Link encap:Ethernet  HWaddr 00:11:50:0E:38:8C
          inet addr:###########  Bcast:255.255.255.255  Mask:255.255.252.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:83328 errors:0 dropped:0 overruns:0 frame:0
          TX packets:81682 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:5
          RX bytes:6050886 (5.7 MiB)  TX bytes:91397158 (87.1 MiB)

eth0.2    Link encap:Ethernet  HWaddr 00:1B:FC:D4:68:D3
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:278 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:19546 (19.0 KiB)

imq0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          UP RUNNING NOARP  MTU:1500  Metric:1
          RX packets:51119 errors:0 dropped:0 overruns:0 frame:0
          TX packets:51119 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:5
          RX bytes:4023902 (3.8 MiB)  TX bytes:4023902 (3.8 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

wl0       Link encap:Ethernet  HWaddr 00:1B:FC:D4:68:D3
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:453 errors:0 dropped:0 overruns:0 frame:252836
          TX packets:335 errors:33 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:30734 (30.0 KiB)  TX bytes:27606 (26.9 KiB)
          Interrupt:2 Base address:0x2000

wl0.1     Link encap:Ethernet  HWaddr 00:1B:FC:D4:68:D3
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)


root@OpenWrt:/# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 br-lan
10.0.1.0        0.0.0.0         255.255.255.0   U     0      0        0 br-extwifi
#######     0.0.0.0         255.255.252.0   U     0      0        0 eth0.1
0.0.0.0         #######   0.0.0.0         UG    0      0        0 eth0.1

-Thanks, John

Post #2
exobyte
29 Jan 2008, 08:24

I don't think broadcom supports VAPs (multiple wifi interfaces per device) like madwifi does.

Post #3
eleon216
29 Jan 2008, 11:06

Hi,

VAP is supported by newer broadcom binary drivers.

your wireless config should work.
you only need to configure your firewall.
for the "lan"-network it´s done automatically by the firewall-script, but for the extwifi you have to do it yourself.
what do you want to do? only allow internet access for the extwifi-network, then you have to configure masquerading for this interface. If you want to reach clients on the "lan"-network you also have to open the firewall between this two networks (interfaces)
you only need some iptables-commands you can run them on the console and if everything is working just add them to the file /etc/firewall_user.

I try this config myself, to enable internetaccess (masquerading) for my "br-wifi"-interface, and block traffic to my lan (192.168.13.0/24).

iptables --table nat --append POSTROUTING --out-interface $WAN -j MASQUERADE
iptables --append FORWARD --in-interface br-wifi -d ! 192.168.13.0/24 -j ACCEPT
iptables -A FORWARD -i br-wifi -j DROP

I´m not a iptables-expert, so I guess there are better solutions, but this config worked for me, and it should be easy to adapt it for your needs.

(Last edited by eleon216 on 29 Jan 2008, 11:07)

Post #4
davide_lenza
19 Mar 2008, 09:08

Hi,
Where the newer broadcom drivers able to support VAP in Kamikaze is available?
Thanks
Davide

The discussion might have continued from here.