Hi --

I am trying to configure a WRT54G to act as a plain bridging access point -- no routing, no NAT, no DHCP, just extend my local wired network to wireless using the same subnet.  I've installed OpenWrt and can talk to the box, but frankly I'm stumped on how to do the config and save it for future use; the proper way to use the nvram is throwing me.  Could someone give me some pointers on how to set up this very simple configuration?

Thanks much!

John

Turn off dnsmask startup script in init.d. Set wan_ipaddr for management. Plug your wired network into one of the lan ports. Ignore the wan port or add to vlan0.

- DL

(Last edited by dl on 4 Oct 2005, 19:34)

Thanks for the tips.   It works fine now -- but I had to delete and recreate the nvram to get it going.

John

It would be great to have a miniHowTo that details this; I'm trying to do the same (basically, replace an airport and small switch with the WRT54G). I wandered through the HowTo pages and thought I did the right things, but ended up not able to talk to the device at all (could ping on the DHCP address it had fetched, but DHCP requests from machines on the LAN or WIFI ports weren't honored, couldn't telnet or ssh into the box). I ended up reloading WhiteRussian rc4 via tftp.

To be specific, what I'm after is a fairly dumb box that gets its address via DHCP and treats the WIFI and all five ethernet ports as bridged together, and passes DHCP requests through (in fact, it probably shouldn't do any firewalling). No NAT.

I'm going to start again and will post exactly what I did. It was hard for me to tell exactly what I could test by ifdown/ifup and what needed a reboot ...

My current thinking is

- add the wlan ether port to vlan:

vlan0ports="0 1 2 3 4 5*"
vlan0hwname=et0

- turn on dhcp for vlan
(edit S05nvram)
lan_proto=dhcp

At this point, I tried

ifdown lan; ifup lan

and the device 'went away'. The wan port had previously acquired 10.0.100.20 via DHCP, and I could still ping that. But no new DHCP requests had come in, and 192.168.1.1 was no longer reachable. I can associate with the unit via WiFi, but not get an address via DHCP (which should come from the remote DHCP server, not the WRT). Huh? Is there some filter/firewall that needs to be turned off first?

Rebooting at this point doesn't help, probably because I changed the lan_proto setting (or because it's not being turned on by default in the boot script.) The box comes up and gets a single DHCP address, but refuses telnet connections there. Time to reflash...

OK, I did that. My first step this time was to change /etc/firewall.user to allow telnet and ssh on the WAN port, so I can reconnect. I tried the same steps again, same result (that's good). I telnet to the WAN port, that works. I say 'ifup lan' and get

root@bosphorus:/# ifup lan
cat: /var/run/br0.pid: No such file or directory
info, udhcpc (v0.9.9-pre) started
debug, Sending discover...
kill: 1: Usage: kill [-s sigspec | -signum | -sigspec] [pid | job]... or
kill -l [exitstatus]
root@bosphorus:/# debug, Sending discover...
debug, Sending discover...
info, No lease, forking to background.

So there's something in the way of the dhcp request getting out. Perhaps because I haven't turned off the wan? I also tried

nvram set wan_proto=none
nvram set wan_ifname=""
nvram set vlan1ports="5"
ifdown wan; ifup lan; ifup wan

but get the same. vlan1 has an IP address (same as it had); vlan0 has no IP address.

My next steps would have been...

- turn off dnsmasq
chmod -x /etc/init.d/S50dnsmasq

Now my understanding gets dicey. Do I need to

nvram unset wan_proto

to stop it from trying to get an address twice?

Do I unser vlan1ports? vlan1hwname?

Do I

nvram unset wlan_ifname

to avoid the firewalling of packets into the device (and turn off NAT)? Or is there a better way to do that?

Thanks.

(What does 'Set wan_ipaddr for management' mean? Set it statically?)

(Last edited by cak on 11 Dec 2005, 23:10)

Actually, I believe that's superfluous - you should be able to manage through lan_ipaddr. I was thinking of my own config where the WAN is still separate and I need to manage from upstream.

- DL

OK. I edited my original post, rather than posting a bunch of followups...

OK, I have it working now, after much trial and error.

I realized two things: 1) that the firewall was still set up to NAT things from the LAN, so the DHCP would probably never get out correctly and 2) that changing the vlan ports without rebooting required work with robocfg.

I did

chmod -x /etc/init.d/S45firewall
chmod -x /etc/init.d/S50dnsmasq

Then I built this script:

#! /bin/sh   

nvram set wan_proto=none
nvram set wan_ifname=""
nvram set vlan1ports="5"

nvram set lan_proto="dhcp"
nvram set vlan0ports="0 1 2 3 4 5*"
nvram set vlan0hwnam=et0

echo +++bouncing lan

ifdown lan; ifup lan

echo +++bounced

ifconfig

echo +++taking vlans down

ifconfig vlan0 down
ifconfig vlan1 down

ifconfig

robocfg switch disable
robocfg vlans enable reset
robocfg vlan 0 ports "0 1 2 3 4 5t"
robocfg vlan 1 ports "5t"
robocfg switch enable
robocfg show

vconfig add eth0 0 

echo +++done with config

ifconfig

echo +++bouncing

ifdown wan; ifup wan
ifdown lan; ifup lan

ifconfig

and ran it with the output redirected to /robo.out (so when I had to reboot, I could figure out why).
Took several iterations to fix some syntax errors.

Something (I'm guessing ifup) would start S50dnsmasq directly, even with no execute bits, so I renamed it. Probably even better to remove it.

The 'vconfig add' line still gets a complaint (vconfig: socket or ioctl error for add: Invalid argument), though I don't entirely understand why - eth0 is properly configured. Doesn't really matter, it was working.

At that point, I crossed my fingers and

nvram commit
reboot

and it still seems to work just fine.

I'll add this as a miniHowTo - anyone care to comment before I do? Did I miss something?