OpenWrt Forum Archive

Topic: Route / Forward between LAN and WLAN in Kamikaze 8.09.2

The content of this topic has been archived on 30 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
open34
7 Oct 2009, 12:38

Hi All,

I've got Kamikaze 8.09.2 running on WGT634U.
I want to create a classical "client setup"  (yes I know this is not directly supported anymore)

--- Internet  ----- T-online-custom-router (192.168.2.1) -----   WIRELESS CLIENT CONNECTION->WGT634U (ath0: 192.168.2.2)  <-somekindofrouting-> eth0[.0] 192.168.3.2 ------ clients 192.168.3.*
                                   |- WLAN CLIENTS


The 192.168.3.* clients should be able to access the internet. I'm trying for a couple of days but am not getting along.

currently I've got eth0.0 configured to have static IP 192.168.3.2 and can access it ftrom the LAN ports, the WLAN ath0 is configured to 192.168.2.2 and can be accessed from the other wifi clients - only the connection is missing, I only find hints ("static route", "iptables") but not an example, as I'm out of luck I would be glad if someone could give me a hint (or copy his example configuration).

Thanks!

Post #2
jow
7 Oct 2009, 13:14

The T-Online router needs to have a static route to 192.168.3.0/24 with 192.168.2.2 as gateway.
Also I assume you have put both ath0 and eth0.0 into a firewall zone and defined a forwarding between them?

(Last edited by jow on 7 Oct 2009, 13:15)

Post #3
open34
7 Oct 2009, 15:46

Only now saw your edit... was too quick after the initial post.
Hm - probably not, as I'm not quite sure where to define the firewall zones - if these are the zones under network/interfaces/[lan/lwlan] in Luci then they are different - where could I "unify" them?

Post #4
open34
7 Oct 2009, 15:50

sorry for double-posting, here my configs, perhaps they  are clearer than my posts above :-)

/etc/config/network

                                                                                
config 'switch' 'eth0'                                                          
        option 'vlan0' '0 1 2 3 5*'                                             
        option 'vlan1' '4 5'                                                    
                                                                                
config 'interface' 'loopback'                                                   
        option 'ifname' 'lo'                                                    
        option 'proto' 'static'                                                 
        option 'ipaddr' '127.0.0.1'                                             
        option 'netmask' '255.0.0.0'                                            
                                                                                
config 'interface' 'lan'                                                        
        option 'ifname' 'eth0.0'                                                
        option 'proto' 'static'                                                 
        option 'ipaddr' '192.168.3.2'                                           
        option 'gateway' ''                                                     
        option 'dns' ''                                                         
        option 'netmask' '255.255.255.0'                                        
                                                                                
config 'interface' 'lwlan'                                                      
        option 'proto' 'static'                                                 
        option 'ipaddr' '192.168.2.2'                                           
        option 'gateway' '192.168.2.1'                                          
        option 'dns' '192.168.2.1'                                              
        option 'netmask' '255.255.255.0'                                        
        option 'ifname' 'ath0'                                                  
        option 'defaultroute' '0'                                               
        option 'peerdns' '0'                                                    
                                                                                
config 'interface' 'wan'                                                        
        option 'proto' 'none'                                                   
        option 'defaultroute' '0'                                               
        option 'peerdns' '0'

./wireless

config 'wifi-device' 'wifi0'                                                    
        option 'type' 'atheros'                                                 
        option 'channel' 'auto'                                                 
        option 'disabled' '0'                                                   
        option 'diversity' '0'                                                  
                                                                                
config 'wifi-iface'                                                             
        option 'device' 'wifi0'                                                 
        option 'ssid' 'MYSSID'                                                
        option 'mode' 'sta'                                                     
        option 'encryption' 'psk'                                               
        option 'key' 'PASSWORD'                                     
        option 'network' 'lwlan'
iptables -L                                                       
Chain INPUT (policy ACCEPT)                                                     
target     prot opt source               destination                            
DROP       all  --  anywhere             anywhere            state INVALID      
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTA 
ACCEPT     all  --  anywhere             anywhere                               
syn_flood  tcp  --  anywhere             anywhere            tcp flags:FIN,SYN, 
input_rule  all  --  anywhere             anywhere                              
input      all  --  anywhere             anywhere                               
                                                                                
Chain FORWARD (policy DROP)                                                     
target     prot opt source               destination                            
DROP       all  --  anywhere             anywhere            state INVALID      
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTA 
forwarding_rule  all  --  anywhere             anywhere                         
forward    all  --  anywhere             anywhere                               
reject     all  --  anywhere             anywhere                               
                                                                                
Chain OUTPUT (policy ACCEPT)                                                    
target     prot opt source               destination                            
DROP       all  --  anywhere             anywhere            state INVALID      
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTA 
ACCEPT     all  --  anywhere             anywhere                               
output_rule  all  --  anywhere             anywhere                             
output     all  --  anywhere             anywhere                               
                                                                                
Chain forward (1 references)                                                    
target     prot opt source               destination                            
zone_lan_forward  all  --  anywhere             anywhere                        
zone_lwlan_forward  all  --  anywhere             anywhere                      
                                                                                
Chain forwarding_lan (1 references)                                             
target     prot opt source               destination                            
                                                                                
Chain forwarding_lwlan (1 references)                                           
target     prot opt source               destination                            
                                                                                
Chain forwarding_rule (1 references)                                            
target     prot opt source               destination                            
                                                                                
Chain forwarding_wan (1 references)                                             
target     prot opt source               destination                            
                                                                                
Chain input (1 references)                                                      
target     prot opt source               destination                            
zone_lan   all  --  anywhere             anywhere                               
zone_lwlan  all  --  anywhere             anywhere                              
                                                                                
Chain input_lan (1 references)                                                  
target     prot opt source               destination                            
                                                                                
Chain input_lwlan (1 references)                                                
target     prot opt source               destination                            
                                                                                
Chain input_rule (1 references)                                                 
target     prot opt source               destination                            
                                                                                
Chain input_wan (1 references)                                                  
target     prot opt source               destination                            
                                                                                
Chain output (1 references)                                                     
target     prot opt source               destination                            
zone_lan_ACCEPT  all  --  anywhere             anywhere                         
zone_wan_ACCEPT  all  --  anywhere             anywhere                         
                                                                                
Chain output_rule (1 references)                                                
target     prot opt source               destination                            
                                                                                
Chain reject (5 references)                                                     
target     prot opt source               destination                            
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-re 
REJECT     all  --  anywhere             anywhere            reject-with icmp-p 
                                                                                
Chain syn_flood (1 references)                                                  
target     prot opt source               destination                            
RETURN     tcp  --  anywhere             anywhere            tcp flags:FIN,SYN, 
DROP       all  --  anywhere             anywhere                               
                                                                                
Chain zone_lan (1 references)                                                   
target     prot opt source               destination                            
input_lan  all  --  anywhere             anywhere                               
zone_lan_ACCEPT  all  --  anywhere             anywhere                         
                                                                                
Chain zone_lan_ACCEPT (2 references)                                            
target     prot opt source               destination                            
ACCEPT     all  --  anywhere             anywhere                               
ACCEPT     all  --  anywhere             anywhere                               
                                                                                
Chain zone_lan_DROP (0 references)                                              
target     prot opt source               destination                            
DROP       all  --  anywhere             anywhere                               
DROP       all  --  anywhere             anywhere                               
                                                                                
Chain zone_lan_MSSFIX (0 references)                                            
target     prot opt source               destination                            
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/ 
                                                                                
Chain zone_lan_REJECT (1 references)                                            
target     prot opt source               destination                            
reject     all  --  anywhere             anywhere                               
reject     all  --  anywhere             anywhere                               
                                                                                
Chain zone_lan_forward (1 references)                                           
target     prot opt source               destination                            
zone_wan_MSSFIX  all  --  anywhere             anywhere                         
zone_wan_ACCEPT  all  --  anywhere             anywhere                         
forwarding_lan  all  --  anywhere             anywhere                          
zone_lan_REJECT  all  --  anywhere             anywhere                         
                                                                                
Chain zone_lwlan (1 references)                                                 
target     prot opt source               destination                            
input_lwlan  all  --  anywhere             anywhere                             
                                                                                
Chain zone_lwlan_ACCEPT (0 references)                                          
target     prot opt source               destination                            
ACCEPT     all  --  anywhere             anywhere                               
ACCEPT     all  --  anywhere             anywhere                               
                                                                                
Chain zone_lwlan_DROP (0 references)                                            
target     prot opt source               destination                            
DROP       all  --  anywhere             anywhere                               
DROP       all  --  anywhere             anywhere                               
                                                                                
Chain zone_lwlan_MSSFIX (0 references)                                          
target     prot opt source               destination                            
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/ 
                                                                                
Chain zone_lwlan_REJECT (0 references)                                          
target     prot opt source               destination                            
reject     all  --  anywhere             anywhere                               
reject     all  --  anywhere             anywhere                               
                                                                                
Chain zone_lwlan_forward (1 references)                                         
target     prot opt source               destination                            
forwarding_lwlan  all  --  anywhere             anywhere                        
                                                                                
Chain zone_wan (0 references)                                                   
target     prot opt source               destination                            
ACCEPT     udp  --  anywhere             anywhere            udp dpt:68         
input_wan  all  --  anywhere             anywhere                               
zone_wan_REJECT  all  --  anywhere             anywhere                         
                                                                                
Chain zone_wan_ACCEPT (2 references)                                            
target     prot opt source               destination                            
                                                                                
Chain zone_wan_DROP (0 references)                                              
target     prot opt source               destination                            
                                                                                
Chain zone_wan_MSSFIX (1 references)                                            
target     prot opt source               destination                            
                                                                                
Chain zone_wan_REJECT (2 references)                                            
target     prot opt source               destination                            
                                                                                
Chain zone_wan_forward (0 references)                                           
target     prot opt source               destination                            
forwarding_wan  all  --  anywhere             anywhere                          
zone_wan_REJECT  all  --  anywhere             anywhere
Post #5
jow
7 Oct 2009, 16:13

You need to add something like the following in your firewall config:

config zone
  option name lwlan
  option network lwlan
  option input ACCEPT
  option forward ACCEPT
  option output ACCEPT

config forwarding
  option src lwlan
  option dest lan

config forwarding
  option src lan
  option dest lwlan

The discussion might have continued from here.