Hi first time posting in this forum. Recently got openwrt on my raspberry pi and got an AP to host by following the tutorials on the forum. However, the tutorials online only show the configurations for hosting an AP based on a pre-existing lan interface/connection, like so:

config wifi-iface 'wifi_ap'       
        option network 'lan'               
        option mode 'ap'       
        option device 'radio3'         
        option ssid 'getoffmywifi' 
        option encryption 'none'

However when I tried to host using a wan network, I was not able to get any traffic through the AP:

config wifi-iface 'wifi_ap'       
        option network 'wwan'  #what does this even mean???               
        option mode 'ap'       
        option device 'radio3'         
        option ssid 'getoffmywifi' 
        option encryption 'none'

I was able to work around it by hosting using hostapd directly and configuring iptables forwarding rules.

iptables -A FORWARD -i wlan1 -o wlan0 -m state --state ESTABLISHED, RELATED -j ACCEPT
iptables -A FORWARD -i wlan0 -o wlan1 -j ACCEPT
*where wlan1 is the STA and wlan0 is the AP hosted with

My question(s) is why does this configuration work but using the Openwrt configuration menus not? How does Openwrt forward internet to the AP's clients?

The networks you mention on "/etc/config/wireless" must have been configured in "/etc/config/network" before; then, when "hostapd" initiates the wireless network, bridges it to the network you configured. Bridged networks do not need any iptables configuration.

Generally you attach APs and STAs to networks by naming the network defined in /etc/config/network with an option network in /etc/config/wireless.  This is because the config system gives them names like wlan0-1 as they are created, and those names can vary. If you refer to them in /etc/config/network, give each one a definite name in /etc/config/wireless using option ifname.

The "firewall" system, configured through /etc/config/firewall, dynamically creates iptables rules using a simpler syntax.  It is usually not necessary to access iptables directly.

The default OpenWrt configuration has a "lan" and a "wan" firewall zone pre-defined.  If you want a standard router where all the users on the LAN have access to the Internet through one IP address on the WAN, just place your connection to the WAN in the wan zone.  (that is also done by default on devices that have more than one Ethernet port).

Networks can be named whatever you want, but it is conventional for "wwan" to mean a wireless link to the Internet, either by being a client of another wifi network, or a 3G / 4G modem to a cellular network.

(Last edited by mk24 on 31 Aug 2017, 14:18)

It's probably worth reading these articles in the WIKI
https://wiki.openwrt.org/doc/networking/start
https://wiki.openwrt.org/doc/uci/network
https://wiki.openwrt.org/doc/howto/wireless.overview
https://wiki.openwrt.org/doc/uci/wireless

Some other bits if you have not figured them is that there is a network and wireless file (among others) and that the interfaces like wwan are defined in the network file, but the wireless connections in the wireless file. 

Different devices have different physical interfaces, so WAN and\or WWAN (wireless wide area network BTW) are dependent on the device.  I think the pi has only one Ethernet and depending on version may or may not have a radio.  If you only have one Ethernet, I think the default is to set this as a LAN interface.  If you have wireless then the radio may be bridged to this in the Network config. 

I do not expect (not sure) that there will be a WWAN in the default PI image.  If you go to WIRELESS and SCAN you will find that the scan returns available STAtions (APs, Hotsots, WISPs) to connect to.  If you follow (in LuCi) the prompts it will ask you to create a new interface and I think the default name is wwan or WWAN.  You need to select firewall rules.

Also be aware that at the top of the page is a check box that talks about replacing the network, I believe you want this unchecked (validation required) so it adds a WWAN as opposed to replacing the WLAN with a WWAN.

Okay thanks for the reply. I think I may have found the issue to my problem: Bridge Client Mode Issues (message board didnt let me post the url)

To my understanding, according to the page, unless I have the proprietary Broadcom drivers (which i dont) then bridged wan to AP is not possible. I think I will be sticking with my hostapd/iptables setup then.

Is there any benefits of using the bridged configuration over forwarding traffic to and from the Hostapd interface?