Posted: Thu Apr 25, 2019 16:29 Post subject: MultiBand DDWRT ath0 AP Cant Reach Internet Thru ath1 Client
Multi-Band DD-WRT Router's 2.4GHz/ath0 AP Not Connecting To Internet Through the 5GHz/ath1 Client-Bridge:
Hi DD-WRT Community.
I'm having DDWRT configuration-issues on trying to use house ISP router's internet from the home-office (located in other corner of the house).
This house has a router ("RTR-1") from broadband ISP, and an extender ("RTR-1-XTNDR-1") from ISP. Both 2.4GHz & 5GHz band are using same "SSID-1" network name & same "SSID-1-passcode".
"RTR-1" is positioned in upstair in one-corner, & "XTNDR-1" is placed near the stairs in upstair, to allow connections with downstair's devices/clients.
Further info from "RTR-1" : 192.168.10.x, gateway-address: 192.168.10.254, bssid MAC-Address: "RTR-1-MAC-2.4GHz" (2.4GHz), "RTR-1-MAC-5GHz" (5GHz).
Further info from "XTNDR-1": bssid MAC-Address "XTNDR-1-MAC-2.4GHz" (2.4GHz), "XTNDR-1-MAC-5GHz" (5GHz).
The "SSID-1" users/devices are on "192.168.10.x" subnet.
But signal from "RTR-1" or "XTNDR-1" are not sufficiently strong and/or house's obstacles are degrading/blocking signal toward/from downstair's devices/clients, especially which are inside downstair's opposite/other-corner home-office room.
So, i'm using an old TPLink-AC1750-C7-v2 with DD-WRT router ("DDWRT-1-RTR-2") as a 5GHz "Client-Bridge-(Routed)" (ath1) mode, at bottom of stairs, to allow the "DDWRT-1-RTR-2" router to link with ISP's 5GHz band signal from upstair's "RTR-1" or "XTNDR-1".
TPLink-AC1750-C7-v2 ("DDWRT-1-RTR-2") router's 5GHz "Client-Bridge-(Routed)" mode configuration (appears to be) working fine for wired/ethernet connected laptop/devices with the "DDWRT-1-RTR-2".
TPLink-AC1750-C7-v2 ("DDWRT-1-RTR-2") router's 2.4GHz band (ath0 WLAN interface) is now setup as an AP (access-point) with a different SSID-name "SSID-2" for the home-office room.
The "SSID-2" users/devices are on "192.168.16.x" subnet.
Home-office WiFi/WLAN devices can connect with 2.4GHz "SSID-2" from "DDWRT-1-RTR-2", but devices do not have any internet connectivity !
Either I have mis-configured static-routing of DDWRT-1 wrong or i did some other mis-configuration, please help to solve. Thanks in advance.
ROUTER "DDWRT-1-RTR-2" CONFIGURATION/cfg:
DDWRT-menu > Setup > Advanced Routing > Operating Mode > Gateway. [ Other Options ∇ Gateway | BGP | RIP2 Rtr | OSPF Rtr | OSPF & RIP2 Rtr | OSLR Rtr | Router ]
( i think the "DDWRT-1-RTR-2" router needs to be a "Gateway" as 5GHz/ath1 interface IP-address (or Internet connectivity) will be shared/NAT by the 2.4GHz/ath0 interface based "SSID-2" subnet users of "DDWRT-1-RTR-2" router )
Setup > Advanced Routing > Dynamic Routing > LAN & WLAN. [ ∇ Disable | WAN | LAN & WLAN | Both ]
Setup > Advanced Routing > Static Routing > [ ∇ 1 ] > "Route-1", Metric: 0, Masquerade Route (NAT): ✅, Destination Route LAN: 192.168.16.0, Subnet Mask: 255.255.255.0, Gateway: 192.168.10.250, Interface: LAN & WLAN. [ ∇ LAN & WLAN | WAN | ANY | ath0 | ath0.1 | ath1 | eth0 | eth1 ]
( now there is only 1 static-route )
Setup > Basic Setup > Wireless Setup > WAN Connection Type : Connection Type: Disabled.
Setup > Basic Setup > Network Setup > Router IP > LAN IP Address: 192.168.10.252, Subnet Mask: 255.255.255.0, Gateway: 192.168.10.254, Local DNS: 192.168.10.254
Setup > Basic Setup > Network Setup > WAN Port > Assign WAN Port to Switch: ✅
Setup > Basic Setup > Network Setup > Time Settings: NTP Client: ◉ Enable ◎ Disable. ("Enable" is selected). Time/Zone: "my-location, Server IP/Name: "ip.address"
Setup > Networking > Port Setup > Net Cfg ath1: Mac-Address: "DDWRT-1-ATH1-MAC-5GHz-2" (i'm using meaningful-name instead of disclosing real MAC-Address), Label: "", TX Queue Length: 0, Bridge Assignment: ◉ Unbridged ◎ Default, MTU: 1500, Multicast Forwarding: ◎ Enable ◉ Disable, Masquerade/NAT: ◉ Enable ◎ Disable, Net Isolation: ◎ Enable ◉ Disable, Forced DNS Redirection: ◎ Enable ◉ Disable, IP-Address: 192.168.10.250, Subnet Mask: 255.255.255.0
Wireless > Ath0-WDS > Wireless Distribution System > WDS Settings > Wireless MAC: "DDWRT-1-ATH0-MAC-1" :
1. Disable [ ∇ Disable | Point to Point | LAN ] : MAC Address: 00:00:00:00:00:00 , Connection name: ""
...
9. Disable [ ∇ Disable | Point to Point | LAN ] : MAC Address: 00:00:00:00:00:00 , Connection name: ""
Wireless > Ath1-WDS > Wireless Distribution System > WDS Settings > Wireless MAC: "DDWRT-1-ATH1-MAC-5GHz-2" :
1. LAN [ ∇ Disable | Point to Point | LAN ] : MAC Address: "RTR-1-MAC-5GHz" , Connection name: "RTR-1-MAC-5_DDWRT-5-2"
2. LAN [ ∇ Disable | Point to Point | LAN ] : MAC Address: "XTNDR-1-MAC-5GHz" , name: "XTNDR-1-MAC-5_DDWRT-5-2"
3. LAN [ ∇ Disable | Point to Point | LAN ] : MAC Address: "DDWRT-1-RTR-2-MAC-5GHz-1" , name: "DDWRT-1-5-1_DDWRT-5-2"
4. LAN [ ∇ Disable | Point to Point | LAN ] : MAC Address: "DDWRT-1-RTR-2-MAC-WAN" , name: "DDWRT-1-WAN_DDWRT-5-2"
5. LAN [ ∇ Disable | Point to Point | LAN ] : MAC Address: "DDWRT-1-RTR-2-MAC-LAN" , name: "DDWRT-1-LAN_DDWRT-5-2"
6. Disable [ ∇ Disable | Point to Point | LAN ] : MAC Address: 00:00:00:00:00:00 , name: ""
...
9. Disable [ ∇ Disable | Point to Point | LAN ] : MAC Address: 00:00:00:00:00:00 , name: ""
Services > Services Management > DHCP Client > DHCP Vendorclass: "", Request IP: ""
Services > Services Management > DHCP Server > ... default (not setup)
Services > Services Management > Dnsmasq > Dnsmasq: ◉ Enable ◎ Disable, Cache DNSSEC Data: ◉ Enable ◎ Disable, Local DNS: ◉ Enable ◎ Disable, No DNS Rebind: ◉ Enable ◎ Disable, Query DNS in Strict Order: ◉ Enable ◎ Disable, Add Requester MAC to DNS Query: ◎ Enable ◉ Disable, RFC4039 Rapid Commit Entries: ◎ Enable ◉ Disable, Maximum Cached Entries: 1500, Additional Dnsmasq Options: ""
Routing Table Entry List:
Code:
Destination..|.Subnet
LAN NET...|. Mask....| Gateway ....| Flags | Metric | interface
---------------┼------------------┼--------------------┼-------┼--------┼-----------
default ...| 0.0.0.0 ....| 192.168.10.254 | UG ..| 0 ...| LAN & WLAN
192.168.10.0 | 255.255.255.0 | * ........| U ..| 0 ...| LAN & WLAN
192.168.10.0 | 255.255.255.0 | * ........| U ..| 0 ...| ath1
192.168.16.0 | 255.255.255.0 | * ........| U ..| 0 ...| ath0
192.168.16.0 | 255.255.255.0 | * ........| U ..| 0 ...| ath0.1
My OBJECTIVES/Expectations:
i do not want "SSID-1" ("RTR-1") users/devices able to connect with any/2.4GHz/5GHz interface of "DDWRT-1-RTR-2" router ( except direct/wired/eth connection ) . If/when a user/device does not have "SSID-2-passcode" then s/he/it must not be able to connect with "DDWRT-1-RTR-2" router's "SSID-2". Only the 5GHz wifi WLAN interface ath1 of "DDWRT-1-RTR-2" router need to connect with "RTR-1" (or "XTNDR-1") 5GHz WLAN interfaces, and share RTR-1's internet connectivity with "SSID-2" users/devices behind "DDWRT-1-RTR-2".
--Erik.
Hi "Per Yngve Berg", the RTR-1 does not have any option for setting up any Static-routing.
RTR-1 router is from the ISP, only has very basic features when it comes to advanced-networking, but firewall related features are not bad, but kind of GUI based, and not very advanced or customizable or configurable.
i would not prefer any instruction to do any config in RTR-1.
i'm sure there are many other ways we must be able to link the 192.168.16.x (ath0.1) with internet by routing it through ath1's client (192.168.10.250) IP-address or ath1's gateway (192.168.10.254) IP-address, by setting adv-routing inside the DDWRT-1.
by the way, ath1 has full internet connectivity.
so routing in DDWRT-1 should be suffice.
iptables -t nat -A POSTROUTING -o ath1 -j MASQUERADE
i applied the command, and tested with "SSID-2" WLAN device ... did not work.
Rebooted DDWRT-1 & again applied the command, & tested again. Did not work.
Routing table does not change at all.
Exact same behavior as before !
i changed "Route-1" static-routing from "LAN & WLAN" iface into "ath1", routing table changed to below:
Code:
Destination..|.Subnet
LAN NET...|. Mask....| Gateway ....| Flags | Metric | interface
---------------┼------------------┼--------------------┼-------┼--------┼-----------
default ...| 0.0.0.0 ....| 192.168.10.254 | UG ..| 0 ...| ath1
192.168.10.0 | 255.255.255.0 | * ........| U ..| 0 ...| LAN & WLAN
192.168.10.0 | 255.255.255.0 | * ........| U ..| 0 ...| ath1
192.168.16.0 | 255.255.255.0 | 192.168.10.250 | UG ..| 0 ...| ath1
192.168.16.0 | 255.255.255.0 | * ........| U ..| 0 ...| ath0
192.168.16.0 | 255.255.255.0 | * ........| U ..| 0 ...| ath0.1
Did not work, that is, still same behavior ! WLAN devices can connect with "SSID-2" & can obtain IP (192.168.16.x), DNS (192.168.10.254),etc, But no internet. And, Internet connectivity is fine on ethernet ports of DDWRT-1, ethernet devices just need a manual static IP (192.168.10.x) config.
Since Internet is working in DDWRT-1 ethernet ports, can we link 192.168.16.x NET with 1 of the ethernet port (preset with a fixed IP) ?
Destination .|.Subnet
LAN NET ..|.Mask ....| Gateway .....| Flags | Metric | interface
---------------┼------------------┼-------------------┼-------┼--------┼-----------
default ...| 0.0.0.0 ....| 192.168.10.254 | UG .| 0 ...| LAN & WLAN
192.168.10.0 | 255.255.255.0 | * ....... | U ..| 0 ...| LAN & WLAN
192.168.10.0 | 255.255.255.0 | * ....... | U ..| 0 ...| ath1
192.168.16.0 | 255.255.255.0 | 192.168.10.250 | UG .| 0 ...| ath1
192.168.16.0 | 255.255.255.0 | * ....... | U ..| 0 ...| ath0
192.168.16.0 | 255.255.255.0 | * ....... | U ..| 0 ...| ath0.1
After each route setup, Saved. After 3 "Save", "Apply-Settings". "Reboot-Router" DDWRT-1.
No Success still same ! WLAN device(s) can connect with "SSID-2" & can obtain IP (192.168.16.x), DNS (192.168.10.254), etc, But have no internet connectivity !! and, Internet connectivity is fine on Ethernet ports of DDWRT-1 when ath1 is in "Client-Bridge-(Routed)" mode, Ethernet devices just need a manual static IP (192.168.10.x) config.
Attempting another TEST ...
Changed DDWRT-1's ath1 (5GHz) interface from "Client-Bridge-(Routed)" mode into "CLIENT" mode, ath1's unbridged fixed-IP is still same: 192.168.10.250 with NAT is enabled, and DDWRT-1 itself has a fixed-IP 192.168.10.252
IP Route table is same, as shown before in above.
No Success even worse WLAN device(s) can connect with "SSID-2" & can obtain IP (192.168.16.x), DNS-1 (192.168.10.254) DNS-2 (one DNS address from ISP which was specified in DDWRT-1's DHCP, but DDWRT-1's DHCP was disabled for "Client-Bridge" mode), etc, But still have no internet connectivity !! this time, Internet connectivity is absent on Ethernet ports of DDWRT-1 when "ath1" is in "Client" mode.
Again tried with this modification:
DDWRT-menu > Setup > Advanced Routing > Dynamic Routing > Interface: changed from "LAN & WLAN" into "Disabled".
DDWRT-1's behavior remained same
So switching "ath1" back-into the "Client-Bridge-(Routed)" wireless-mode, and selected "Unbridged" networking-mode for "ath1" with fixed-IP 192.168.10.250 and enabled NAT.
EDITED: adding both DNS-1 & DNS-2 detail in above data. And adding what changes are done in last paragraph i mentioned in above
Last edited by atErik on Sat Apr 27, 2019 23:05; edited 1 time in total
Hi "Per Yngve Berg" & "eibgrad", i have made some changes, before you posted the command & analysis,
See below which were changed,
and please let me know if you still consider the command to be still appropriate.
i think its still right.
Also let me know, do i need to remove any static-route rule.
virtual wlan "ath0.1" was removed.
"ath0" now have IP "192.168.16.1".
(like before, "ath0" is in "AP" mode).
this should make config easier.
DHCPD (DHCP-0) which was attached with "ath0.1" earlier, was now attached with the "ath0"
Routing table changed, now its appearing as below:
Code:
Destination .|.Subnet
LAN NET ..|.Mask ....| Gateway .....| Flags | Metric | interface
---------------┼------------------┼-------------------┼-------┼--------┼-----------
default ...| 0.0.0.0 ....| 192.168.10.254 | UG .| 0 ...| LAN & WAN
192.168.10.0 | 255.255.255.0 | * ....... | U ..| 0 ...| LAN & WLAN
192.168.10.0 | 255.255.255.0 | * ....... | U ..| 0 ...| ath1
192.168.16.0 | 255.255.255.0 | 192.168.16.1 .| UG .| 0 ...| ath0
192.168.16.0 | 255.255.255.0 | * ....... | U ..| 0 ...| ath0
DDWRT-1 still behaving unwanted ! WLAN device can connect with "SSID-2" & can obtain IP (192.168.16.x), DNS-1 (192.168.10.254) & DNS-2 (one DNS address from ISP which was specified in DDWRT-1's DHCP, but DDWRT-1's DHCP was disabled for "Client-Bridge" mode), etc, But still has NO internet connectivity !! and, Internet connectivity is still fine on Ethernet ports of DDWRT-1 when "ath1" is in "Client-Bridge-(Routed)" mode, Ethernet devices just need a manual static IP (192.168.10.x) settings.
executed your command.
but DDWRT-1 behaves exactly same as before
Routing table also same exactly as before.
EDITED: adding both DNS-1 & DNS-2 in above data
Last edited by atErik on Sat Apr 27, 2019 23:07; edited 2 times in total
Changed ath0 from "Unbridged" to "Bridge".
( The previous "Bridge" mode allowed me to specify my-desired different subNET 192.168.16.x for the "SSID-2", and enable the NAT mode )
the ath1 is same as before: "Unbridged" + NAT-enabled, and has a fixed IP 192.168.10.250
"Save"."Apply-Settings"."Reboot-Router".
Routing table changed to:
[code]Destination .|.Subnet
LAN NET ..|.Mask ....| Gateway .....| Flags | Metric | interface
---------------┼------------------┼-------------------┼-------┼--------┼-----------
default ...| 0.0.0.0 ....| 192.168.10.254 | UG .| 0 ...| LAN & WLAN
192.168.10.0 | 255.255.255.0 | * ....... | U ..| 0 ...| LAN & WLAN
192.168.10.0 | 255.255.255.0 | * ....... | U ..| 0 ...| ath1
Current Bridging Table:
Bridge name: br0, STP: no, Interface: ath0 eth0 eth1
( by the way, DDWRT-menu > Setup > Networking > DHCPD > Multiple DHCP Server > still showing:
Interface ath0: IP 192.168.16.1/255.255.255.0
DHCP 0 | ath0 | On | Start 10 | 90 | Lease time 1440 )
With above config/settings, This time INTERNET connectivity is WORKING in "SSID-2" devices.
But, SSID-2 devices are getting IP from 192.168.10.x NET ( and DHCP is 192.168.10.254, DNS-1 is 192.168.10.254, DNS-2 is 0.0.0.0 ) , these are used/allotted by the ISP's RTR-1, (RTR-1's DHCP is 192.168.10.254) and it appears "SSID-2" devices are getting those IP-settings delivered from RTR-1's DHCP.
Some users may like that arrangement.
But, i do not want/like this arrangement/functionality.
I want SSID-2 devices get DHCP IP from 192.168.16.x NET, as "SSID-2" was intended to be separate from home users/devices, and used only by my home-office devices/users.
Separate NET creates little bit better security, as various net traffic/packets remain contained within their side of the specific net.
And another issue is, despite the DHCP-0 for ath0 currently displaying its still using 192.168.16.x NET for ath0 (i've shown related data few para above), why is it not working ? i guess ath0 "Bridge" mode detached the DHCP-0 from the ath0 SSID-2.
How can we force the "ath0" to use the DHCP-0 with 192.168.16.x NET, and also ultimately route 192.168.16.x IPs through the "ath1" (IP 192.168.10.250) with NAT-enabled ?
should i add back the static-routes ?
EDITED: highlighted the word "INTERNET" & "WORKING". Adding a para for separate NET's benefit.
Last edited by atErik on Sat Apr 27, 2019 23:22; edited 2 times in total
SSID-2 device can now reach Internet, but not by using 192.168.16.x NET.
your given iptables commands are for enabling the 192.168.16.x DHCP for ath0 ?
Again CHANGED config : i've again added back the virtual interface "ath0.1" (192.168.16.1) under "ath0", and re-assigned the DHCP-0 for "ath0.1" & "ath0.1" is in "Unbridged" mode & NAT-enabled, and "SSID-2" broadcast is enabled for "ath0.1".
Disabled SSID-2 broadcast in "ath0", kept "ath0" in "bridge" mode.
ath0 had+has Internet connectivity (when its in "Bridge" mode) as its connected with br0,
So only "ath0.1" (192.168.16.x NET) packets need to be routed+NAT into ath0 or routed+NAT into br0 (192.168.10.x), i think.