Setup:
Host : wrt-320n with original linksys firmware
Client : wrt-320n DD-WRT v24-sp2 (02/23/10) mega (build 13972).
The host is the DHCP server and provides internetconnection with local ip set to 192.168.1.2
The client is connected with WAN port to host LAN and needs to serve the LAN ports, 1 private wifi and one public wifi (with later on Chillispot or http redirect, but thats for later..)
Client config:
Connection Type : Disabled
Local IP Address : 192.168.1.1
Subnet Mask : 255.255.255.0
Gateway : 192.168.1.2
Local DNS : 192.168.1.2
Assign WAN Port to Switch : checked
DHCP Server : disabled
Use DNSMasq for DHCP : checked
Use DNSMasq for DNS : checked
DHCP-Authoritative : checked
Wireless Physical Interface wl0
Wireless Mode : AP
Wireless Network : NG-Mixed
Wireless Network Name : xxxxx
Wireless Channel : Auto
Channel Width : Auto
Wireless SSID Broadcast : Enable
Security Mode : WPA2 Personal/AES
Virtual Interfaces wl0.1 SSID
Wireless Network Name : AP
Wireless SSID Broadcast : Enable
AP Isolation : Enable
Network Configuration : Bridged
Security Mode : NONE
Currently no iptables are set in the Managment/Commands tab (the tutorial assumes that it should work without any rules), and previous attempts with rules did not work as well.
Result
Wired networking and internet works.
Wireless Physical Interface networking and internet works.
Virtual Interfaces wl0.1 NOPE
My laptop AGN 5100 NIC gets :
Ipaddress : 192.168.2.127
Subnet : 255.255.255.0
Gateway : 192.168.2.1
DHCP Server : 192.168.2.1
DNS Server : 192.168.2.1
This last one seems a little bit odd, since in DNS Masq the Local DNS is disabled...
I'm struggling for more then a week now, bricked my first dd-wrt router after trying different builds to solve the problem, but it should not be that hard...
What am I missing to give the virtual SSID internet access without network access?
Last edited by martijn on Fri Mar 19, 2010 14:39; edited 1 time in total
So i'm not the only one who thinks that it is a little unclear that you need some iptable rules to make multiple SSID works with WAN port disabled in this part of the tutorial :
Posted: Fri Mar 19, 2010 1:18 Post subject: Re: No internet on wl0.1 SSID on client wrt-320n
martijn wrote:
Currently no iptables are set in the Managment/Commands tab (the tutorial assumes that it should work without any rules), and previous attempts with rules did not work as well.
For the past ~2 weeks it has clarified this for WAP's.
Quote:
You should now be able to connect to VAP's SSID and receive a DHCP lease with an IP address that is in the 192.168.2.0/24 subnet. Make sure that you can connect to it, receive a DHCP lease, and connect to the router's 192.168.2.1 address from the VAP before you do anything further. If your WAN port is active (ie. you're not making a WAP) then you should also be able to browse the internet.
You need to add the iptables NAT rule for WAP's to give the VAP internet access. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Those were the correct rules. (I started replying but got occupied so I didn't finish my post until after you had made the 2nd post)
The fact that windows says you have internet suggests that you might be having a DNS problem. From the client, try to ping google.com and see what it says. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
PING google.nl (74.125.77.104): 56 data bytes
64 bytes from 74.125.77.104: seq=0 ttl=55 time=13.281 ms
64 bytes from 74.125.77.104: seq=1 ttl=55 time=12.322 ms
64 bytes from 74.125.77.104: seq=2 ttl=55 time=12.474 ms
Telnet/ssh to the router and ping from the router to google. If it fails too, then you might have an IP address conflict with another device using the 192.168.1.1 address. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
iptables -vnL FORWARD
iptables -t nat -vnL POSTROUTING
route -n _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Some of the output seems to be missing, but don't worry about it for now... Instead try using just the NAT rule in your firewall and nothing else, then check if you can ping 192.168.1.2 from a client connected to the VAP.
I'm starting to think that you may need to hard reset using the WPS button and reconfigure it though. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Then I followed the instructions again and I really don't know why but it works now!!!!!!!
iptable settings I use now:
Code:
iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
Not the first time crazy unexplained behavior has happened because of left over nvram data. Glad that ya got it solved. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)