OpenWrt Forum Archive

Post #1

Lumute

29 Mar 2011, 16:16

Hi Everyone,

I'm having a problem with DHCP not working on my guest network on an WZR-HP-G300NH with 10.03.

Checking the systme logs found that DHCP lease is not completed for some reason:

Apr 6 04:01:38 OpenWrt daemon.info dnsmasq-dhcp[1659]: DHCPOFFER(wlan1) 10.0.0.154 00:24:d7:0e:0c:fc
Apr 6 04:02:14 OpenWrt daemon.info dnsmasq-dhcp[1659]: DHCPDISCOVER(wlan1) 00:24:d7:0e:0c:fc
Apr 6 04:02:14 OpenWrt daemon.info dnsmasq-dhcp[1659]: DHCPOFFER(wlan1) 10.0.0.154 00:24:d7:0e:0c:fc
Apr 6 04:02:15 OpenWrt daemon.info dnsmasq-dhcp[1659]: DHCPDISCOVER(wlan1) 00:24:d7:0e:0c:fc
Apr 6 04:02:15 OpenWrt daemon.info dnsmasq-dhcp[1659]: DHCPOFFER(wlan1) 10.0.0.154 00:24:d7:0e:0c:fc
Apr 6 04:02:23 OpenWrt daemon.info dnsmasq-dhcp[1659]: DHCPDISCOVER(wlan1) 00:24:d7:0e:0c:fc
Apr 6 04:02:23 OpenWrt daemon.info dnsmasq-dhcp[1659]: DHCPOFFER(wlan1) 10.0.0.154 00:24:d7:0e:0c:fc
Apr 6 04:02:40 OpenWrt daemon.info dnsmasq-dhcp[1659]: DHCPDISCOVER(wlan1) 00:24:d7:0e:0c:fc
Apr 6 04:02:40 OpenWrt daemon.info dnsmasq-dhcp[1659]: DHCPOFFER(wlan1) 10.0.0.154 00:24:d7:0e:0c:fc

This device is to be used as Access Point only for our main network (DHCP on the Domain Controller), then I need a guest only network able to provice DHCP addresses to guests. Port 4 on the back is connected to our main switch and WAN port is connected to a second DSL for guests internet access only...

So this is my config:

root@OpenWrt:~# cat /etc/config/network

config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'

config 'interface' 'lan'
option 'ifname' 'eth0'
option 'type' 'bridge'
option 'proto' 'static'
option 'ipaddr' '192.168.1.1'
option 'netmask' '255.255.255.0'

config 'interface' 'wan'
option 'ifname' 'eth1'
option 'proto' 'dhcp'

config 'switch'
option 'name' 'rtl8366s'
option 'reset' '1'
option 'enable_vlan' '1'

config 'switch_vlan'
option 'device' 'rtl8366s'
option 'vlan' '0'
option 'ports' '0 1 2 3 5'

config 'interface' 'guest'
option 'proto' 'static'
option 'ipaddr' '10.0.0.1'
option 'netmask' '255.255.255.0'
option 'defaultroute' '0'
option 'peerdns' '0'

root@OpenWrt:~# cat /etc/config/wireless

config 'wifi-device' 'radio0'
option 'type' 'mac80211'
option 'channel' '5'
option 'macaddr' '00:24:a5:d7:91:b0'
option 'hwmode' '11ng'
list 'ht_capab' 'SHORT-GI-40'
list 'ht_capab' 'DSSS_CCK-40'
option 'disabled' '0'
option 'htmode' 'HT40+'

config 'wifi-iface'
option 'device' 'radio0'
option 'network' 'lan'
option 'mode' 'ap'
option 'ssid' 'MAIN'
option 'encryption' 'psk-mixed'
option 'key' 'mainkeyhere'

config 'wifi-iface'
option 'device' 'radio0'
option 'ssid' 'GUEST'
option 'network' 'guest'
option 'mode' 'ap'
option 'encryption' 'psk-mixed'
option 'key' 'guestkeyhere'

root@OpenWrt:~# cat /etc/config/dhcp

config 'dnsmasq'
option 'domainneeded' '1'
option 'boguspriv' '1'
option 'filterwin2k' '0'
option 'localise_queries' '1'
option 'local' '/lan/'
option 'domain' 'lan'
option 'expandhosts' '1'
option 'nonegcache' '0'
option 'authoritative' '1'
option 'readethers' '1'
option 'leasefile' '/tmp/dhcp.leases'
option 'resolvfile' '/tmp/resolv.conf.auto'

config 'dhcp' 'lan'
option 'interface' 'lan'
option 'dynamicdhcp' '0'
option 'ignore' '1'

config 'dhcp' 'wan'
option 'interface' 'wan'
option 'ignore' '1'
option 'dynamicdhcp' '0'

config 'dhcp'
option 'interface' 'guest'
option 'start' '100'
option 'limit' '150'
option 'leasetime' '12h'

root@OpenWrt:~# cat /etc/config/firewall

config 'defaults'
option 'syn_flood' '1'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'

config 'zone'
option 'name' 'lan'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'

config 'zone'
option 'name' 'wan'
option 'input' 'REJECT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'
option 'masq' '1'
option 'mtu_fix' '1'

config 'forwarding'
option 'src' 'lan'
option 'dest' 'wan'

config 'rule'
option 'src' 'wan'
option 'proto' 'udp'
option 'dest_port' '68'
option 'target' 'ACCEPT'

config 'rule'
option 'src' 'wan'
option 'proto' 'icmp'
option 'icmp_type' 'echo-request'
option 'target' 'ACCEPT'

config 'include'
option 'path' '/etc/firewall.user'

config 'zone'
option 'name' 'guest'
option 'input' 'REJECT'
option 'output' 'REJECT'
option 'forward' 'ACCEPT'

config 'forwarding'
option 'src' 'guest'
option 'dest' 'wan'

This is a fairly simple config following the documentation on openWRT, but I can manage to give IP addresses on the guest network...

Any help will be appreciated.

Thanks!

Post #2

written_direcon

29 Mar 2011, 16:34

You have to add two rules. One the DNS and one for DHCP from the guest to the router.

See Wiki page: Configure a guest WLAN - Firewall

Post #3

Lumute

29 Mar 2011, 16:36

ups, sorry, I did not copy the whole output, those two rules are there at the bottom of the firewall configuration file:

config 'rule'
option 'target' 'ACCEPT'
option 'src' 'guest'
option '_name' 'guest-DNS'
option 'proto' 'tcpudp'
option 'dest_port' '53'

config 'rule'
option 'target' 'ACCEPT'
option '_name' 'guest-DHCP'
option 'src' 'guest'
option 'proto' 'udp'
option 'src_port' '67-68'
option 'dest_port' '67-68'

Before having those rules there I was not getting any message in the system log from dnsmasq-dhcp so I guess this confirms the firewall rules are good as dnsmasq-dhcp is indeed getting the request, but for some reason does not complete assigning the lease...

(Last edited by Lumute on 29 Mar 2011, 16:39)

Post #4

Lumute

29 Mar 2011, 20:20

Ok, I found my problem, the zone had the Output and Forward configured backwards, it should be:

option 'output' 'ACCEPT'
option 'forward' 'REJECT'

I think I made the mistake because I used the GUI and the tutorial on that link has them in the wrong order so I got confused...

(Last edited by Lumute on 29 Mar 2011, 20:21)