Hello,

I'd like to use a bifferboard with OpenWRT as a guest access point for my office network. Initially I'd like to know how to perform the "routing" correctly. I've read a bit the documentation, but the fact that it's referred to a OpenWRT which acts as router and handles WAN/LAN/WIFI/WIFI-GUEST confuses me a bit.

Router and DNS is served by 192.168.x.1

Here are my configurations (guest = wifi-guest) guest / lan

----


root@bifferboard:~# cat /etc/config/network
# Copyright (C) 2009 OpenWrt.org

config interface loopback
        option ifname   lo
        option proto    static
        option ipaddr   127.0.0.1
        option netmask  255.0.0.0

config interface lan
    option ifname    eth0
    option proto    dhcp
    option hostname biffer
   
config interface guest
    option ifname   wlan0
    option proto    static
    option ipaddr   10.0.0.1
    option netmask  255.255.255.0


root@bifferboard:~# cat /etc/config/dhcp
config dnsmasq
    option domainneeded    1
    option boguspriv    1
    option filterwin2k    0  # enable for dial on demand
    option localise_queries    1
    option rebind_protection 1  # disable if upstream must serve RFC1918 addresses
    option rebind_localhost 0  # enable for RBL checking and similar services
    #list rebind_domain example.lan  # whitelist RFC1918 responses for domains
    option local    '/lan/'
    option domain    'metropolis.guest'
    option expandhosts    1
    option nonegcache    0
    option authoritative    1
    option readethers    1
    option leasefile    '/tmp/dhcp.leases'
    option resolvfile    '/tmp/dresolv.conf'
    #list server        '/mycompany.local/1.2.3.4'
    #option nonwildcard    1
    list interface        guest
    #list notinterface    lo
    #list bogusnxdomain     '64.94.110.11'

config dhcp guest
    option interface    guest
    option start     10
    option limit    150
    option leasetime    15m

config dhcp lan
    option interface    lan
    option ignore    1
root@bifferboard:~# cat /etc/config/wireless
config wifi-device  radio0
    option type     mac80211
    option channel  5
    option macaddr    00:22:6b:9f:ae:4c
    option hwmode    11g

    # REMOVE THIS LINE TO ENABLE WIFI:
    option disabled 0

config wifi-iface
    option device   radio0
    option network  guest
    option mode     ap
    option ssid     "Metropolis WiFi HotSpot"
    option encryption none


root@bifferboard:~# cat /etc/config/firewall
config 'zone'
    option 'name'    'lan'
    option 'input'    'ACCEPT'
    option 'output'    'ACCEPT'
    option 'forward' 'ACCEPT'

config 'zone'
        option 'name'       'guest'
        option 'input'      'ACCEPT'
        option 'output'     'ACCEPT'
        option 'forward'    'ACCEPT'

config 'forwarding'
    option 'src'        'guest'
    option 'dst'        'lan'
   
config 'forwarding'
    option 'src'    'lan'
    option 'dst'    'guest'
   
config include
    option path /etc/firewall.user
   
root@bifferboard:~#
-----------------------------------------

I'd like to be able to hide every computer on 192.168.x.x from the router while being to able to access it. the above configuration does not work. DNS gives addresses, I can see via tcpdump requests from and do 10.0.0.x wifi network BUT the packets do not get router properly. I'm not sure if they are blocked before or after reaching the LAN network, but it does not work :-(

Any ideas?