MultiBand DDWRT ath0 AP Cant Reach Internet Thru ath1 Client

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Goto page 1, 2  Next
Author Message
atErik
DD-WRT Novice


Joined: 25 Apr 2019
Posts: 10

PostPosted: Thu Apr 25, 2019 16:29    Post subject: MultiBand DDWRT ath0 AP Cant Reach Internet Thru ath1 Client Reply with quote
Multi-Band DD-WRT Router's 2.4GHz/ath0 AP Not Connecting To Internet Through the 5GHz/ath1 Client-Bridge:



Hi DD-WRT Community.

I'm having DDWRT configuration-issues on trying to use house ISP router's internet from the home-office (located in other corner of the house).

This house has a router ("RTR-1") from broadband ISP, and an extender ("RTR-1-XTNDR-1") from ISP. Both 2.4GHz & 5GHz band are using same "SSID-1" network name & same "SSID-1-passcode".
"RTR-1" is positioned in upstair in one-corner, & "XTNDR-1" is placed near the stairs in upstair, to allow connections with downstair's devices/clients.
Further info from "RTR-1" : 192.168.10.x, gateway-address: 192.168.10.254, bssid MAC-Address: "RTR-1-MAC-2.4GHz" (2.4GHz), "RTR-1-MAC-5GHz" (5GHz).
Further info from "XTNDR-1": bssid MAC-Address "XTNDR-1-MAC-2.4GHz" (2.4GHz), "XTNDR-1-MAC-5GHz" (5GHz).
The "SSID-1" users/devices are on "192.168.10.x" subnet.

But signal from "RTR-1" or "XTNDR-1" are not sufficiently strong and/or house's obstacles are degrading/blocking signal toward/from downstair's devices/clients, especially which are inside downstair's opposite/other-corner home-office room.

So, i'm using an old TPLink-AC1750-C7-v2 with DD-WRT router ("DDWRT-1-RTR-2") as a 5GHz "Client-Bridge-(Routed)" (ath1) mode, at bottom of stairs, to allow the "DDWRT-1-RTR-2" router to link with ISP's 5GHz band signal from upstair's "RTR-1" or "XTNDR-1".

TPLink-AC1750-C7-v2 ("DDWRT-1-RTR-2") router's 5GHz "Client-Bridge-(Routed)" mode configuration (appears to be) working fine for wired/ethernet connected laptop/devices with the "DDWRT-1-RTR-2". Smile

TPLink-AC1750-C7-v2 ("DDWRT-1-RTR-2") router's 2.4GHz band (ath0 WLAN interface) is now setup as an AP (access-point) with a different SSID-name "SSID-2" for the home-office room.
The "SSID-2" users/devices are on "192.168.16.x" subnet.
Home-office WiFi/WLAN devices can connect with 2.4GHz "SSID-2" from "DDWRT-1-RTR-2", but devices do not have any internet connectivity ! Sad

Either I have mis-configured static-routing of DDWRT-1 wrong or i did some other mis-configuration, please help to solve. Thanks in advance.

ROUTER "DDWRT-1-RTR-2" CONFIGURATION/cfg:

DDWRT-menu > Setup > Advanced Routing > Operating Mode > Gateway. [ Other Options ∇ Gateway | BGP | RIP2 Rtr | OSPF Rtr | OSPF & RIP2 Rtr | OSLR Rtr | Router ]
( i think the "DDWRT-1-RTR-2" router needs to be a "Gateway" as 5GHz/ath1 interface IP-address (or Internet connectivity) will be shared/NAT by the 2.4GHz/ath0 interface based "SSID-2" subnet users of "DDWRT-1-RTR-2" router )
Setup > Advanced Routing > Dynamic Routing > LAN & WLAN. [ ∇ Disable | WAN | LAN & WLAN | Both ]
Setup > Advanced Routing > Static Routing > [ ∇ 1 ] > "Route-1", Metric: 0, Masquerade Route (NAT): ✅, Destination Route LAN: 192.168.16.0, Subnet Mask: 255.255.255.0, Gateway: 192.168.10.250, Interface: LAN & WLAN. [ ∇ LAN & WLAN | WAN | ANY | ath0 | ath0.1 | ath1 | eth0 | eth1 ]
( now there is only 1 static-route )

Setup > Basic Setup > Wireless Setup > WAN Connection Type : Connection Type: Disabled.
Setup > Basic Setup > Network Setup > Router IP > LAN IP Address: 192.168.10.252, Subnet Mask: 255.255.255.0, Gateway: 192.168.10.254, Local DNS: 192.168.10.254
Setup > Basic Setup > Network Setup > WAN Port > Assign WAN Port to Switch: ✅
Setup > Basic Setup > Network Setup > Time Settings: NTP Client: ◉ Enable ◎ Disable. ("Enable" is selected). Time/Zone: "my-location, Server IP/Name: "ip.address"

Setup > Networking > Port Setup > Net Cfg ath1: Mac-Address: "DDWRT-1-ATH1-MAC-5GHz-2" (i'm using meaningful-name instead of disclosing real MAC-Address), Label: "", TX Queue Length: 0, Bridge Assignment: ◉ Unbridged ◎ Default, MTU: 1500, Multicast Forwarding: ◎ Enable ◉ Disable, Masquerade/NAT: ◉ Enable ◎ Disable, Net Isolation: ◎ Enable ◉ Disable, Forced DNS Redirection: ◎ Enable ◉ Disable, IP-Address: 192.168.10.250, Subnet Mask: 255.255.255.0

Setup > Networking > Port Setup > Net Cfg ath0: Mac-Address: "DDWRT-1-ATH0-MAC-2.4GHz-1", Label: "", TX Queue Length: 0, Bridge Assignment: ◉ Unbridged ◎ Default, MTU: 1500, Multicast Forwarding: ◎ Enable ◉ Disable, Masquerade/NAT: ◉ Enable ◎ Disable, Net Isolation: ◎ Enable ◉ Disable, Forced DNS Redirection: ◎ Enable ◉ Disable, IP-Address: 192.168.16.100, Subnet Mask: 255.255.255.0

Setup > Networking > Port Setup > Net Cfg ath0.1: Mac-Address: "DDWRT-1-ATH0.1-MAC-2.4GHz-1" (it is now same as "DDWRT-1-ATH0-MAC-2.4GHz-1"), Label: "", TX Queue Length: 0, Bridge Assignment: ◉ Unbridged ◎ Default, MTU: 1500, Multicast Forwarding: ◎ Enable ◉ Disable, Masquerade/NAT: ◉ Enable ◎ Disable, Net Isolation: ◉ Enable ◎ Disable, Forced DNS Redirection: ◎ Enable ◉ Disable, IP-Address: 192.168.16.1, Subnet Mask: 255.255.255.0

Setup > Networking > Bridging > Create Bridge > Add. Current bridge: Name: br0, STP: Off [ ∇ STP | Off ] , IGMP Snooping: Off [ ∇ On | Off ] , Prio: 32768 [ ∇ … ] , Forward Delay: 15, Max Age: 20, MTU: 1500, Root MAC: "DDWRT-1-ATH1-MAC-5GHz-2"
Setup > Networking > Bridging > Current Bridge Table > Bridge Name: br0, STP: no, Interface: eth0 eth1

Setup > Networking > Bonding > Add. Current bonding: Bonding Type: balance-rr [ ∇ … ] , Bonding Interfaces: 1

Setup > Networking > DHCPD > Multiple DHCP Server > Add | Delete . Interface ath0.1: IP 192.168.16.1/255.255.255.0 : DHCP 0 : ath0.1 [ ∇ ath0 | ath0.1 | ath1 | br0 | eth0 | eth1 ] , On [ ∇ on | off ] , Start: 10 , Max: 90 , Lease time: 1440

Wireless > Basic Settings > Wireless Physical Interface ath0 SSID [ 2.4GHz ] > Physical Interface ath0 - SSID [ "SSID-2" ] HWAddr [ "DDWRT-1-ATH0-MAC-2.4GHz-1" ] > Wireless Mode: AP [ ∇ AP | Client | Client Bridge (Routed) | Adhoc | WDS Station | WDS AP ] , Wireless Network Mode: Mixed [ ∇ Disabled | Mixed | B-only | G-only | BG-only | NG-mixed | N-only (2.4GHz) ] , Channel Width: Dynamic(20/40MHz) [ ∇ Full(20MHz) | Dynamic(20/40MHz) | Wide HT40(40MHz) | Half(10MHz) | Quarter(5MHz) ] , Wireless Channel: "my-SSID-2-2.4GHz-channel" [ ∇ Auto | 1(2412MHz) | … | 11(2462MHz) ] , Extension Channel: "" ∇ , Wireless Network Name (SSID) : "SSID-2" , Wireless SSID Broadcast: ◉ Enable ◎ Disable, Advanced Settings: ✅ , Regulatory Domain: "my-country", TX Power: 30 dBm, Antenna Gain: 0 dBi, Noise Immunity: ◉ Enable ◎ Disable, Protection Mode : None [ ∇ None | CTS | RTS/CTS ] , RTS Threshold: ◎ Enable ◉ Disable, Short Preamble: ◉ Enable ◎ Disable, Short GI: ◉ Enable ◎ Disable, TX Antenna Chains: 1+2+3 [ ∇ 1 | 1+2 | 1+3 | 1+2+3 ] , RX Antenna Chains: 1+2+3 [ ∇ 1 | 1+2 | 1+3 | 1+2+3 ] , AP Isolation: ◎ Enable ◉ Disable, Beacon Interval: 100, DTIM Interval: 2, Airtime Fairness: ◉ Enable ◎ Disable, Frame Compression: Disabled [ ∇ Disabled | LZO | LZ4 | LZMA ] , WMM Support: ◉ Enable ◎ Disable, Scanlist: default, Sensitivity Range (ACK Timing): 2000 meters, Max Associated Clients: 256 Clients, Network Configuration: ◉ Unbridged ◎ Bridged, Multicast Forwarding: ◎ Enable ◉ Disable, Masquerade/NAT: ◉ Enable ◎ Disable, Net Isolation: ◎ Enable ◉ Disable, Forced DNS Redirection: ◎ Enable ◉ Disable, IP-Address: 192.168.16.100, Subnet Mask: 255.255.255.0

Wireless > Basic Settings > Virtual Interfaces > Virtual Interface ath0.1 SSID [ "SSID-2" ] HWAddr [ "DDWRT-1-ATH0-MAC-2.4GHz-1" ] > Wireless Mode: AP [ ∇ AP | WDS AP ] , Wireless Network Name (SSID) : "SSID-2" , Wireless SSID Broadcast: ◉ Enable ◎ Disable, Advanced Settings: ✅ , Protection Mode : None [ ∇ None | CTS | RTS/CTS ] , RTS Threshold: ◎ Enable ◉ Disable, AP Isolation: ◎ Enable ◉ Disable, Frame Compression: Disabled [ ∇ Disabled | LZO | LZ4 | LZMA ] , WMM Support: ◉ Enable ◎ Disable, Max Associated Clients: 256 Clients, DTIM Interval: 2, Network Configuration: ◉ Unbridged ◎ Bridged, Multicast Forwarding: ◎ Enable ◉ Disable, Masquerade/NAT: ◉ Enable ◎ Disable, Net Isolation: ◉ Enable ◎ Disable, Forced DNS Redirection: ◎ Enable ◉ Disable, IP-Address: 192.168.16.1, Subnet Mask: 255.255.255.0

Wireless > Wireless Security > Wireless Security ath0 > Physical Interface ath0 SSID [ "SSID-2" ] HWAddr [ "DDWRT-1-ATH0-MAC-1" ] > Security Mode: WPA [ ∇ Disabled | WPA | RADIUS | WEP ] , Network Authentication: ✅ WPA2 Personal □ other Auth options , WPA Algorithms: ✅ CCMP-128 (AES) □ TKIP , WPA Shared Key: "SSID-2-passcode" , Key Renewal Interval: 3600 secs , 802.11r / Fast BSS Transmission Support: ◎ Enable ◉ Disable, 802.11w Management Frame Protection: Disabled [ ∇ Auto | Enabled | Disabled ] , Disable EAPOL Key Retries: ◉ Enable ◎ Disable, Custom Config: ""

Wireless > Wireless Security > Wireless Security ath0 > Virtual Interface ath0.1 SSID [ "SSID-2" ] HWAddr [ "DDWRT-1-ATH0-MAC-1" ] > Security Mode: WPA [ ∇ Disabled | WPA | RADIUS | WEP ] , Network Authentication: ✅ WPA2 Personal □ other Auth options , WPA Algorithms: ✅ CCMP-128 (AES) □ TKIP , WPA Shared Key: "SSID-2-passcode" , Key Renewal Interval: 3600 secs , 802.11r / Fast BSS Transmission Support: ◎ Enable ◉ Disable, 802.11w Management Frame Protection: Disabled [ ∇ Auto | Enabled | Disabled ] , Disable EAPOL Key Retries: ◉ Enable ◎ Disable, Custom Config: ""

Wireless > Ath0-WDS > Wireless Distribution System > WDS Settings > Wireless MAC: "DDWRT-1-ATH0-MAC-1" :
1. Disable [ ∇ Disable | Point to Point | LAN ] : MAC Address: 00:00:00:00:00:00 , Connection name: ""
...
9. Disable [ ∇ Disable | Point to Point | LAN ] : MAC Address: 00:00:00:00:00:00 , Connection name: ""

Wireless > Basic Settings > Wireless Physical Interface ath1 [ 5 GHz/802.11ac ] > QCA988x 802.11ac > Physical Interface ath1 - SSID [ "SSID-1" ] HWAddr [ "DDWRT-1-ATH1-MAC-5GHz-2" ] > Wireless Mode: Client Bridge (Routed) [ ∇ AP | Client | Client Bridge (Routed) | Adhoc | WDS Station | WDS AP ] , Default GW Mode: ◎ Auto(DHCP) ◉ Manual, Gateway: 192.168.10.254, Wireless Network Mode: Mixed [ ∇ Disabled | Mixed | A-only | NA-mixed | N-only (5GHz) |AC/N-mixed | AC-only ] , Channel Width: VHT80(80MHz) [ ∇ Full(20MHz) | Dynamic(20/40MHz) | Wide HT40(40MHz) | VHT80(80MHz) ] , Wireless Network Name (SSID) : "SSID-1" , Advanced Settings: ✅ , Regulatory Domain: "my-country", TX Power: 16 dBm, Antenna Gain: 0 dBi, Noise Immunity: ◎ Enable ◉ Disable, Protection Mode: None [ ∇ None | CTS | RTS/CTS ] , RTS Threshold: ◎ Enable ◉ Disable, Short Preamble: ◉ Enable ◎ Disable, Short GI: ◉ Enable ◎ Disable, TX Antenna Chains: 1+2+3 [ ∇ 1 | 1+2 | 1+3 | 1+2+3 ] , RX Antenna Chains: 1+2+3 [ ∇ 1 | 1+2 | 1+3 | 1+2+3 ] , AP Isolation: ◎ Enable ◉ Disable, Beacon Interval: 100, DTIM Interval: 2, Airtime Fairness: ◉ Enable ◎ Disable, Frame Compression: Disabled [ ∇ Disabled | LZO | LZ4 | LZMA ] , WMM Support: ◉ Enable ◎ Disable, Radar Detection: ◎ Enable ◉ Disable, Scanlist: default, Sensitivity Range (ACK Timing): 2000 meters, Network Configuration: ◉ Unbridged ◎ Bridged, Multicast Forwarding: ◎ Enable ◉ Disable, Masquerade/NAT: ◉ Enable ◎ Disable, Net Isolation: ◎ Enable ◉ Disable, Forced DNS Redirection: ◎ Enable ◉ Disable, IP-Address: 192.168.10.250, Subnet Mask: 255.255.255.0

Wireless > Wireless Security > Wireless Security ath1 > Physical Interface ath0 SSID [ "SSID-1" ] HWAddr [ "DDWRT-1-ATH1-MAC-5GHz-2" ] > Security Mode: WPA [ ∇ Disabled | WPA | RADIUS | WEP ] , Network Authentication: ✅ WPA2 Personal □ other Auth options , WPA Algorithms: ✅ CCMP-128 (AES) □ TKIP , WPA Shared Key: "SSID-1-passcode" , Key Renewal Interval: 3600 secs , 802.11r / Fast BSS Transmission Support: ◎ Enable ◉ Disable, Custom Config: ""

Wireless > Ath1-WDS > Wireless Distribution System > WDS Settings > Wireless MAC: "DDWRT-1-ATH1-MAC-5GHz-2" :
1. LAN [ ∇ Disable | Point to Point | LAN ] : MAC Address: "RTR-1-MAC-5GHz" , Connection name: "RTR-1-MAC-5_DDWRT-5-2"
2. LAN [ ∇ Disable | Point to Point | LAN ] : MAC Address: "XTNDR-1-MAC-5GHz" , name: "XTNDR-1-MAC-5_DDWRT-5-2"
3. LAN [ ∇ Disable | Point to Point | LAN ] : MAC Address: "DDWRT-1-RTR-2-MAC-5GHz-1" , name: "DDWRT-1-5-1_DDWRT-5-2"
4. LAN [ ∇ Disable | Point to Point | LAN ] : MAC Address: "DDWRT-1-RTR-2-MAC-WAN" , name: "DDWRT-1-WAN_DDWRT-5-2"
5. LAN [ ∇ Disable | Point to Point | LAN ] : MAC Address: "DDWRT-1-RTR-2-MAC-LAN" , name: "DDWRT-1-LAN_DDWRT-5-2"
6. Disable [ ∇ Disable | Point to Point | LAN ] : MAC Address: 00:00:00:00:00:00 , name: ""
...
9. Disable [ ∇ Disable | Point to Point | LAN ] : MAC Address: 00:00:00:00:00:00 , name: ""

Security > Security > Firewall Protection > SPI Firewall: ◎ Enable ◉ Disable
Security > Security > Block WAN Requests: □ Block Anonymous WAN Requests (ping) □ Filter Multicast □ Filter WAN NAT Protection ✅ Filter IDENT (Port 113)
Security > VPN Passthrough > VPN > VPN Passthrough > IPSec Passthrough: ◉ Enable ◎ Disable, PPTP Passthrough: ◉ Enable ◎ Disable, L2TP Passthrough: ◉ Enable ◎ Disable


Services > Services Management > DHCP Client > DHCP Vendorclass: "", Request IP: ""
Services > Services Management > DHCP Server > ... default (not setup)
Services > Services Management > Dnsmasq > Dnsmasq: ◉ Enable ◎ Disable, Cache DNSSEC Data: ◉ Enable ◎ Disable, Local DNS: ◉ Enable ◎ Disable, No DNS Rebind: ◉ Enable ◎ Disable, Query DNS in Strict Order: ◉ Enable ◎ Disable, Add Requester MAC to DNS Query: ◎ Enable ◉ Disable, RFC4039 Rapid Commit Entries: ◎ Enable ◉ Disable, Maximum Cached Entries: 1500, Additional Dnsmasq Options: ""

Routing Table Entry List:
Code:
Destination..|.Subnet
LAN NET...|. Mask....| Gateway ....| Flags | Metric | interface
---------------┼------------------┼--------------------┼-------┼--------┼-----------
default ...| 0.0.0.0 ....| 192.168.10.254 | UG ..| 0 ...| LAN & WLAN
192.168.10.0 | 255.255.255.0 | * ........| U ..| 0 ...| LAN & WLAN
192.168.10.0 | 255.255.255.0 | * ........| U ..| 0 ...| ath1
192.168.16.0 | 255.255.255.0 | * ........| U ..| 0 ...| ath0
192.168.16.0 | 255.255.255.0 | * ........| U ..| 0 ...| ath0.1


My OBJECTIVES/Expectations:
i do not want "SSID-1" ("RTR-1") users/devices able to connect with any/2.4GHz/5GHz interface of "DDWRT-1-RTR-2" router ( except direct/wired/eth connection ) . If/when a user/device does not have "SSID-2-passcode" then s/he/it must not be able to connect with "DDWRT-1-RTR-2" router's "SSID-2". Only the 5GHz wifi WLAN interface ath1 of "DDWRT-1-RTR-2" router need to connect with "RTR-1" (or "XTNDR-1") 5GHz WLAN interfaces, and share RTR-1's internet connectivity with "SSID-2" users/devices behind "DDWRT-1-RTR-2".
--Erik.
Sponsor
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5080
Location: Akershus, Norway

PostPosted: Thu Apr 25, 2019 17:31    Post subject: Reply with quote
You have put the static route on the wrong router.

It's RTR-1 that needs the static route to 192.168.16.0/24 with 192.168.10.250 as gateway.

Presume 192.168.10.250 is the address on DDWRT-1-ATH1
atErik
DD-WRT Novice


Joined: 25 Apr 2019
Posts: 10

PostPosted: Thu Apr 25, 2019 18:38    Post subject: Reply with quote
Hi "Per Yngve Berg", the RTR-1 does not have any option for setting up any Static-routing.
RTR-1 router is from the ISP, only has very basic features when it comes to advanced-networking, but firewall related features are not bad, but kind of GUI based, and not very advanced or customizable or configurable.

i would not prefer any instruction to do any config in RTR-1.

i'm sure there are many other ways we must be able to link the 192.168.16.x (ath0.1) with internet by routing it through ath1's client (192.168.10.250) IP-address or ath1's gateway (192.168.10.254) IP-address, by setting adv-routing inside the DDWRT-1.

by the way, ath1 has full internet connectivity.
so routing in DDWRT-1 should be suffice.
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5080
Location: Akershus, Norway

PostPosted: Thu Apr 25, 2019 18:47    Post subject: Reply with quote
Yes, that's the problem with crappy isp routers. That's why we replace them with dd-wrt based routers.

RTR-1 does not know where the network 192.168.16.0/24 is and cannot route back the response from the Internet.

Your last option is to NAT 192.168.16.0/24 to 192.168.10.250.

iptables -t nat -A POSTROUTING -o ath1 -j MASQUERADE
atErik
DD-WRT Novice


Joined: 25 Apr 2019
Posts: 10

PostPosted: Thu Apr 25, 2019 20:31    Post subject: Reply with quote
this command did not work:
Code:
iptables -t nat -A POSTROUTING -o ath1 -j MASQUERADE

i applied the command, and tested with "SSID-2" WLAN device ... did not work.
Rebooted DDWRT-1 & again applied the command, & tested again. Did not work.
Routing table does not change at all.
Exact same behavior as before !

i changed "Route-1" static-routing from "LAN & WLAN" iface into "ath1", routing table changed to below:
Code:
Destination..|.Subnet
LAN NET...|. Mask....| Gateway ....| Flags | Metric | interface
---------------┼------------------┼--------------------┼-------┼--------┼-----------
default ...| 0.0.0.0 ....| 192.168.10.254 | UG ..| 0 ...| ath1
192.168.10.0 | 255.255.255.0 | * ........| U ..| 0 ...| LAN & WLAN
192.168.10.0 | 255.255.255.0 | * ........| U ..| 0 ...| ath1
192.168.16.0 | 255.255.255.0 | 192.168.10.250 | UG ..| 0 ...| ath1
192.168.16.0 | 255.255.255.0 | * ........| U ..| 0 ...| ath0
192.168.16.0 | 255.255.255.0 | * ........| U ..| 0 ...| ath0.1


Did not work, that is, still same behavior ! WLAN devices can connect with "SSID-2" & can obtain IP (192.168.16.x), DNS (192.168.10.254),etc, But no internet. And, Internet connectivity is fine on ethernet ports of DDWRT-1, ethernet devices just need a manual static IP (192.168.10.x) config.

Since Internet is working in DDWRT-1 ethernet ports, can we link 192.168.16.x NET with 1 of the ethernet port (preset with a fixed IP) ?
atErik
DD-WRT Novice


Joined: 25 Apr 2019
Posts: 10

PostPosted: Fri Apr 26, 2019 9:30    Post subject: Reply with quote
now i have added total 3 routing rules, set from DDWRT menu > Setup > Advanced Routing > Static Routing:

Route # | Destination-LAN | Subnet-Mask .| Gateway ....| Interface | Metric | NAT
1 ....| 192.168.16.0 .| 255.255.255.0 | 192.168.10.250 | ath1 ..| 0 ...| ✅
2 ....| 192.168.16.0 .| 255.255.255.0 | 192.168.10.250 | ath0 ..| 0 ...| ✅
3 ....| 192.168.16.0 .| 255.255.255.0 | 192.168.10.250 | ath0.1 .| 0 ...| ✅


Routing table changed into below:
Code:
Destination .|.Subnet
LAN NET ..|.Mask ....| Gateway .....| Flags | Metric | interface
---------------┼------------------┼-------------------┼-------┼--------┼-----------
default ...| 0.0.0.0 ....| 192.168.10.254 | UG .| 0 ...| LAN & WLAN
192.168.10.0 | 255.255.255.0 | * ....... | U ..| 0 ...| LAN & WLAN
192.168.10.0 | 255.255.255.0 | * ....... | U ..| 0 ...| ath1
192.168.16.0 | 255.255.255.0 | 192.168.10.250 | UG .| 0 ...| ath1
192.168.16.0 | 255.255.255.0 | * ....... | U ..| 0 ...| ath0
192.168.16.0 | 255.255.255.0 | * ....... | U ..| 0 ...| ath0.1


After each route setup, Saved. After 3 "Save", "Apply-Settings". "Reboot-Router" DDWRT-1.

No Success Sad still same ! WLAN device(s) can connect with "SSID-2" & can obtain IP (192.168.16.x), DNS (192.168.10.254), etc, But have no internet connectivity !! and, Internet connectivity is fine on Ethernet ports of DDWRT-1 when ath1 is in "Client-Bridge-(Routed)" mode, Ethernet devices just need a manual static IP (192.168.10.x) config.

Attempting another TEST ...

Changed DDWRT-1's ath1 (5GHz) interface from "Client-Bridge-(Routed)" mode into "CLIENT" mode, ath1's unbridged fixed-IP is still same: 192.168.10.250 with NAT is enabled, and DDWRT-1 itself has a fixed-IP 192.168.10.252

IP Route table is same, as shown before in above.

No Success Sad even worse Sad WLAN device(s) can connect with "SSID-2" & can obtain IP (192.168.16.x), DNS-1 (192.168.10.254) DNS-2 (one DNS address from ISP which was specified in DDWRT-1's DHCP, but DDWRT-1's DHCP was disabled for "Client-Bridge" mode), etc, But still have no internet connectivity !! this time, Internet connectivity is absent on Ethernet ports of DDWRT-1 Sad when "ath1" is in "Client" mode.

Again tried with this modification:
DDWRT-menu > Setup > Advanced Routing > Dynamic Routing > Interface: changed from "LAN & WLAN" into "Disabled".

DDWRT-1's behavior remained same Sad

So switching "ath1" back-into the "Client-Bridge-(Routed)" wireless-mode, and selected "Unbridged" networking-mode for "ath1" with fixed-IP 192.168.10.250 and enabled NAT.

EDITED: adding both DNS-1 & DNS-2 detail in above data. And adding what changes are done in last paragraph i mentioned in above


Last edited by atErik on Sat Apr 27, 2019 23:05; edited 1 time in total
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5080
Location: Akershus, Norway

PostPosted: Fri Apr 26, 2019 17:10    Post subject: Reply with quote
iptables -t nat -A POSTROUTING -i ath0 -o ath1 -j SNAT --to-source `nvram get lan_ipaddr`
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Fri Apr 26, 2019 17:19    Post subject: Reply with quote
Per Yngve Berg wrote:
iptables -t nat -A POSTROUTING -i ath0 -o ath1 -j SNAT --to-source `nvram get lan_ipaddr`


FYI, the above will generate an error. You're not allowed to specify the input network interface (-i) on a POSTROUTING rule. That information has been lost by the time the packet gets to the POSTROUTING chain. That's why ppl will chose to indicate the source IP/network instead, which is obviously available in the packet.
atErik
DD-WRT Novice


Joined: 25 Apr 2019
Posts: 10

PostPosted: Fri Apr 26, 2019 19:21    Post subject: Reply with quote
Hi "Per Yngve Berg" & "eibgrad", i have made some changes, before you posted the command & analysis,
See below which were changed,
and please let me know if you still consider the command to be still appropriate.
i think its still right.
Also let me know, do i need to remove any static-route rule.

virtual wlan "ath0.1" was removed.
"ath0" now have IP "192.168.16.1".
(like before, "ath0" is in "AP" mode).
this should make config easier.

DHCPD (DHCP-0) which was attached with "ath0.1" earlier, was now attached with the "ath0"

now DDWRT-1 has these 4 static-routing RULES, configured through the DDWRT-menu > Setup > Advanced Routing > Static Routing:
Route
Rule # | Destination-LAN | Subnet-Mask ..| Gateway ....| Interface .| Metric | NAT
1...| 192.168.16.0 .| 255.255.255.0 .| 192.168.16.1 . | ath0 ....| 0 ...| ✅
2...| 192.168.16.0 .| 255.255.255.0 .| 192.168.16.1 . | LAN-&-WLAN | 0 ...| ✅
3...| 192.168.16.1 .| 255.255.255.255 | 192.168.10.250 | LAN-&-WLAN | 0 ...| ✅
4...| 192.168.16.1 .| 255.255.255.0 .| 192.168.10.250 | ath1 ....| 0 ...| ✅

Routing table changed, now its appearing as below:
Code:
Destination .|.Subnet
LAN NET ..|.Mask ....| Gateway .....| Flags | Metric | interface
---------------┼------------------┼-------------------┼-------┼--------┼-----------
default ...| 0.0.0.0 ....| 192.168.10.254 | UG .| 0 ...| LAN & WAN
192.168.10.0 | 255.255.255.0 | * ....... | U ..| 0 ...| LAN & WLAN
192.168.10.0 | 255.255.255.0 | * ....... | U ..| 0 ...| ath1
192.168.16.0 | 255.255.255.0 | 192.168.16.1 .| UG .| 0 ...| ath0
192.168.16.0 | 255.255.255.0 | * ....... | U ..| 0 ...| ath0


DDWRT-1 still behaving unwanted ! WLAN device can connect with "SSID-2" & can obtain IP (192.168.16.x), DNS-1 (192.168.10.254) & DNS-2 (one DNS address from ISP which was specified in DDWRT-1's DHCP, but DDWRT-1's DHCP was disabled for "Client-Bridge" mode), etc, But still has NO internet connectivity !! and, Internet connectivity is still fine on Ethernet ports of DDWRT-1 when "ath1" is in "Client-Bridge-(Routed)" mode, Ethernet devices just need a manual static IP (192.168.10.x) settings.

executed your command.

but DDWRT-1 behaves exactly same as before Sad
Routing table also same exactly as before.

EDITED: adding both DNS-1 & DNS-2 in above data


Last edited by atErik on Sat Apr 27, 2019 23:07; edited 2 times in total
atErik
DD-WRT Novice


Joined: 25 Apr 2019
Posts: 10

PostPosted: Fri Apr 26, 2019 19:34    Post subject: Reply with quote
Changed static-route rule again:

Route
Rule # | Destination-LAN | Subnet-Mask ..| Gateway ....| Interface .| Metric | NAT
1...| 192.168.16.0 .| 255.255.255.0 .| 192.168.16.1 . | ath0 ....| 0 ...| ✅
2...| 192.168.16.0 .| 255.255.255.0 .| 192.168.16.1 . | LAN-&-WLAN | 0 ...| ✅
3...| 192.168.16.1 .| 255.255.255.255 | 192.168.10.250 | LAN-&-WLAN | 0 ...| ✅
4...| 192.168.16.0 .| 255.255.255.0 .| 192.168.10.250 | ath1 ....| 0 ...| ✅

"Save". "Apply-Settings".
Routing table changed.
now its appearing as below:

Code:
Destination .|.Subnet
LAN NET ..|.Mask ....| Gateway .....| Flags | Metric | interface
---------------┼------------------┼-------------------┼-------┼--------┼-----------
default ...| 0.0.0.0 ....| 192.168.10.254 | UG .| 0 ...| ath1
192.168.10.0 | 255.255.255.0 | * ....... | U ..| 0 ...| LAN & WLAN
192.168.10.0 | 255.255.255.0 | * ....... | U ..| 0 ...| ath1
192.168.16.0 | 255.255.255.0 | 192.168.10.250 | UG .| 0 ...| ath1
192.168.16.0 | 255.255.255.0 | 192.168.16.1 .| UG .| 0 ...| ath0
192.168.16.0 | 255.255.255.0 | * ....... | U ..| 0 ...| ath0


DDWRT-1 still behaving unwanted. "SSID-2" devices do not have internet connectivity Sad

After rebooting DDWRT-1, routing table changed, or final settings take effect:
Routing table changed.
now its appearing as below:
Code:
Destination .|.Subnet
LAN NET ..|.Mask ....| Gateway .....| Flags | Metric | interface
---------------┼------------------┼-------------------┼-------┼--------┼-----------
default ...| 0.0.0.0 ....| 192.168.10.254 | UG .| 0 ...| LAN & WAN
192.168.10.0 | 255.255.255.0 | * ....... | U ..| 0 ...| LAN & WLAN
192.168.10.0 | 255.255.255.0 | * ....... | U ..| 0 ...| ath1
192.168.16.0 | 255.255.255.0 | 192.168.10.250 | UG .| 0 ...| ath1
192.168.16.0 | 255.255.255.0 | 192.168.16.1 .| UG .| 0 ...| ath0
192.168.16.0 | 255.255.255.0 | * ....... | U ..| 0 ...| ath0


executed your command again:
Code:
iptables -t nat -A POSTROUTING -i ath0 -o ath1 -j SNAT --to-source `nvram get lan_ipaddr`

routing table remains same.

no internet connectivity for "SSID-2" wlan ath0 devices yet. Sad


Last edited by atErik on Fri Apr 26, 2019 19:58; edited 1 time in total
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 3676
Location: Netherlands

PostPosted: Fri Apr 26, 2019 19:50    Post subject: Reply with quote
Delete all those static routes.

Try: iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
Simple PBR (Policy Based Routing) script: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318662
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN server setup guide:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
atErik
DD-WRT Novice


Joined: 25 Apr 2019
Posts: 10

PostPosted: Fri Apr 26, 2019 20:26    Post subject: Reply with quote
deleted all static route rules, per your("egc") instruction.

"Save". "Apply-Settings". "Reboot".

now routing table is:
Code:
Destination .|.Subnet
LAN NET ..|.Mask ....| Gateway .....| Flags | Metric | interface
---------------┼------------------┼-------------------┼-------┼--------┼-----------
default ...| 0.0.0.0 ....| 192.168.10.254 | UG .| 0 ...| LAN & WLAN
192.168.10.0 | 255.255.255.0 | * ....... | U ..| 0 ...| LAN & WLAN
192.168.10.0 | 255.255.255.0 | * ....... | U ..| 0 ...| ath1
192.168.16.0 | 255.255.255.0 | * ....... | U ..| 0 ...| ath0


Executed your("egc") provided command:
Code:
iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE


route table remains same.

internet connectivity still unavailable for "SSID-2" ath0 wlan devices. Sad
( DDWRT-1 eth devices have internet connectivity, as before )

"Reboot Router".
Executed user "Per Yngve Berg" provided command:
Code:
iptables -t nat -A POSTROUTING -i ath0 -o ath1 -j SNAT --to-source `nvram get lan_ipaddr`


route table remains same.

no internet connectivity for "SSID-2" devices Sad
atErik
DD-WRT Novice


Joined: 25 Apr 2019
Posts: 10

PostPosted: Sat Apr 27, 2019 11:01    Post subject: Reply with quote
Changed ath0 from "Unbridged" to "Bridge".
( The previous "Bridge" mode allowed me to specify my-desired different subNET 192.168.16.x for the "SSID-2", and enable the NAT mode )

the ath1 is same as before: "Unbridged" + NAT-enabled, and has a fixed IP 192.168.10.250

"Save"."Apply-Settings"."Reboot-Router".

Routing table changed to:
[code]Destination .|.Subnet
LAN NET ..|.Mask ....| Gateway .....| Flags | Metric | interface
---------------┼------------------┼-------------------┼-------┼--------┼-----------
default ...| 0.0.0.0 ....| 192.168.10.254 | UG .| 0 ...| LAN & WLAN
192.168.10.0 | 255.255.255.0 | * ....... | U ..| 0 ...| LAN & WLAN
192.168.10.0 | 255.255.255.0 | * ....... | U ..| 0 ...| ath1

Current Bridging Table:
Bridge name: br0, STP: no, Interface: ath0 eth0 eth1

( by the way, DDWRT-menu > Setup > Networking > DHCPD > Multiple DHCP Server > still showing:
Interface ath0: IP 192.168.16.1/255.255.255.0
DHCP 0 | ath0 | On | Start 10 | 90 | Lease time 1440 )

With above config/settings, This time INTERNET connectivity is WORKING in "SSID-2" devices. Smile

But, SSID-2 devices are getting IP from 192.168.10.x NET ( and DHCP is 192.168.10.254, DNS-1 is 192.168.10.254, DNS-2 is 0.0.0.0 ) , these are used/allotted by the ISP's RTR-1, (RTR-1's DHCP is 192.168.10.254) and it appears "SSID-2" devices are getting those IP-settings delivered from RTR-1's DHCP. Sad

Some users may like that arrangement.
But, i do not want/like this arrangement/functionality.

I want SSID-2 devices get DHCP IP from 192.168.16.x NET, as "SSID-2" was intended to be separate from home users/devices, and used only by my home-office devices/users.

Separate NET creates little bit better security, as various net traffic/packets remain contained within their side of the specific net.

And another issue is, despite the DHCP-0 for ath0 currently displaying its still using 192.168.16.x NET for ath0 (i've shown related data few para above), why is it not working ? i guess ath0 "Bridge" mode detached the DHCP-0 from the ath0 SSID-2.

How can we force the "ath0" to use the DHCP-0 with 192.168.16.x NET, and also ultimately route 192.168.16.x IPs through the "ath1" (IP 192.168.10.250) with NAT-enabled ?

should i add back the static-routes ?

EDITED: highlighted the word "INTERNET" & "WORKING". Adding a para for separate NET's benefit.


Last edited by atErik on Sat Apr 27, 2019 23:22; edited 2 times in total
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5080
Location: Akershus, Norway

PostPosted: Sat Apr 27, 2019 12:07    Post subject: Reply with quote
NAT rules are not shown in the routing table.

Firewall rules are listed with iptables -VnL

One of these rules should work

iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o br0 -j SNAT --to-source `nvram get lan_ipaddr`

Put into command and save as firewall.
atErik
DD-WRT Novice


Joined: 25 Apr 2019
Posts: 10

PostPosted: Sat Apr 27, 2019 12:53    Post subject: Reply with quote
Hi Per Yngve Berg, i read your messages, thanks.

SSID-2 device can now reach Internet, but not by using 192.168.16.x NET.

your given iptables commands are for enabling the 192.168.16.x DHCP for ath0 ?

Again CHANGED config : i've again added back the virtual interface "ath0.1" (192.168.16.1) under "ath0", and re-assigned the DHCP-0 for "ath0.1" & "ath0.1" is in "Unbridged" mode & NAT-enabled, and "SSID-2" broadcast is enabled for "ath0.1".
Disabled SSID-2 broadcast in "ath0", kept "ath0" in "bridge" mode.

ath0 had+has Internet connectivity (when its in "Bridge" mode) as its connected with br0,
So only "ath0.1" (192.168.16.x NET) packets need to be routed+NAT into ath0 or routed+NAT into br0 (192.168.10.x), i think.
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum