Until recently I had two wireless routers on my network, one of which provided full access to the LAN and the second which provided guest access but blocked access to the LAN (the network is old and this was set up many years ago before I had anything to do with it).
The original guest router has now given up the ghost. I would like to make use of the main wireless router (TP-Link TL-WA801ND V2 - this is a wireless only device) and create guest access as before using this device.
I have followed the tutorials on here using both LUCI and SSH methods, it all appears to be ok but I when I try to connect with any wireless device it fails to obtain an IP address.
Any indicators as to where I am going wrong would be greatly appreciated.
Set up as below
dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option authoritative '1'
config dhcp 'lan'
option interface 'lan'
option ignore '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config domain
option name 'exchange2010.xxxxxxx'
option ip '194.130.16.252'
config dhcp
option start '100'
option leasetime '12h'
option limit '150'
option interface 'guest'firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'wan'
option network 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option name 'guest'
option forward 'REJECT'
option output 'ACCEPT'
option input 'REJECT'
option network 'guest'
config forwarding
option src 'guest'
option dest 'lan'
config rule
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '53'
option name 'guest DNS'
option src 'guest'
config rule
option target 'ACCEPT'
option proto 'udp'
option src_port '67-68'
option dest_port '67-68'
option name 'guest DHCP'
option src 'guest'
config rule
option src 'guest'
option dest 'lan'
option name 'Deny guest -> LAN'
option proto 'all'
option target 'DROP'
config rule
option target 'ACCEPT'
option src 'guest'
option proto 'tcp'
option dest_port '443'
option name 'Allow guest -> LAN https'
option dest 'lan'
config rule
option target 'ACCEPT'
option src 'guest'
option proto 'tcp'
option dest_port '80'
option name 'Allow guest -> LAN http'
option dest 'lan'network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'lan'
option ifname 'eth0'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '194.130.16.7'
option gateway '194.130.16.3'
option broadcast '194.130.16.255'
option stp '1'
option dns '194.130.16.1 194.130.16.251'
config route
config interface 'guest'
option _orig_ifname 'wlan0-1'
option _orig_bridge 'false'
option proto 'static'
option ipaddr '194.130.16.29'
option netmask '255.255.255.0'wireless
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11ng'
option macaddr 'e8:de:27:4e:7f:0e'
option htmode 'HT20'
list ht_capab 'LDPC'
list ht_capab 'SHORT-GI-20'
list ht_capab 'SHORT-GI-40'
list ht_capab 'TX-STBC'
list ht_capab 'RX-STBC1'
list ht_capab 'DSSS_CCK-40'
option country 'GB'
option txpower '20'
option channel '8'
config wifi-iface
option device 'radio0'
option mode 'ap'
option ssid 'wifi'
option encryption 'psk2'
option key 'xxxxxxxxxxxx'
option network 'lan'
config wifi-iface
option device 'radio0'
option mode 'ap'
option ssid 'Guest-V1'
option network 'guest'
option key 'xxxxxxxxxxxx'
option encryption 'psk2'