Thank you, I should have mentioned I followed that document as well and found a few missing details such as setting the operating mode to Gateway and enabling the SPI firewall, but it still didn't work.
One detail I did not mention in my original post is the routers are not wired LAN to LAN. They are connected wirelessly by a station bridge. I don't think that should matter because I am trying to share internet from br0 in either case.
I thought this one line should accomplish that goal:
If I save only that one line as the firewall (on the station bridge router), then I can't ping that router anymore and I have to wire in through the LAN to reset the firewall.
Dual-band router. Use one radio for bridge and the other as an AP. Did you manually add the gateway IP address to the Station Bridge interface?
https://wikidevi.wi-cat.ru/TP-LINK_Archer_C7_v5.x _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
Yes, I have been using one radio for the bridge and the other as an AP successfully for a long time, but now I'm trying to share internet access from br0 (on the station bridge router) to an unbridged VAP (guest wifi on the station bridge router).
Yes, on the station bridge router > Setup > Basic Setup > Network Setup > Gateway is set to the IP address of the primary router.
That is not what I am referring to. The setting I am referring to is on the Wireless tab. You have the option of setting it to use DHCP for Station mode and Manual for Station Bridge mode. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
Yes, Wireless > Basic Settings > Wireless Interface:
Radio Mode: Station Bridge (Routed)
Default GW Mode: Manual
Gateway: IP address of the primary router