[egc]

I administer networks with 30+ reservations copy paste these is a life saver

[thorrrr]

OK
I am about to go for it
If i have read everything correct
1. SSH into router
2. cd /tmp
3. curl --output firmware.bin ftp://ftp.dd-wrt.com/betas/2023/01-12-2023-r51288/netgear-r7800/dd-wrt-webupgrade.bin
4. When router has finished upgrade process and can be seen in web page
5. SSH back into router
6. Run nvram erase && reboot
7. Enter 192.168.1.1 enter back my username and password
8. Manually enter all old settings & paste my DNSMasq List back
9. Reboot everything should be back as it was (i hope)

Is that correct?

[egc]

Looks good, it can take up to 2 minutes before the router has detected firmware.bin and upgrades.
So be patient!

I usually do an upgrade via the GUI (Administration/firmware Upgrade) but this should also work.
If you do it via the GUI choose "Do NOT reset" after flashing.

A manual reset like you are doing after the upgrade is safer.

[thorrrr]

Ok it upgraded fine it reset fine but soon as I started putting my settings in and saved I lost it
I changed my local ip to 192.168.23.1
Subnet to 255.255.255.0
How can I get back in

[egc]

If you really upgraded then there is nowhere to put in a mask like 255.255.255.0

See attachement how it should look like, I changed the default IP address from 192.168.1.1 to 192.168.0.1

If you put in 255.255.255.0 somewhere then you need to hit the reset button while the router is running, press it for about 5 sec.

[thorrrr]

OK
You were right i entered in wrong place

My first screen is setup new

Please could you review my settings on Wifi to see if i have best settinsh its 4 years since i set this up

[thorrrr]

My old wireless was

I have no idea what SuperChannel is must be new

After pressing Save and Apply when i have done them all do i need to reboot ?

[egc]

For Wireless settings see: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324014 this is a sticky in the Atheros/Qualcomm forum and also mentioned in the R7800 install guide

For using a Pihole for DNS: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=331414
A sticky in the Advanced networking forum

[thorrrr]

Hi

Can I thank you for all your help yesterday and everything is running fine.

I have on 2 occasions when I rebooted the router found it does not show on the correct address http:/192.168.23.1, I must unplug and reboot the router then it works!

My plan is moving to Opensense on Tue or Wed, and I have been dissecting your message on best way to set up WAP. I have understood 90% of your instruction.
The part I would like further help on is the latter part.

Quote:-

“Note: for Broadcom routers for best throughput enable CTF on Basic Setup Page

You have to add the following rule to the firewall in order to get internet access from clients attached to a VAP/Bridge on your WAP.
In the web-interface of the router (the WAP): Administration > Commands save Firewall:
#Always necessary (alternatively set static route on main router and NAT traffic from VAP/Bridge out via WAN):
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to $(nvram get lan_ipaddr)

If you want to only have the VAP/bridge to have internet access and not access to the rest of the network
#Replace with the appropriate interface of your VAP, e.g. wl0.1, wlan0.1 etc:
GUEST_IF="wlan1.1"
#Net Isolation does not work on a WAP so keep it disabled, add for isolating VAP from main network:
iptables -I FORWARD -i $GUEST_IF -d $(nvram get lan_ipaddr)/$(nvram get lan_netmask) -m state --state NEW -j REJECT

#For isolating the WAP itself from the VAP/bridge:
iptables -I INPUT -i $GUEST_IF -m state --state NEW -j REJECT
iptables -I INPUT -i $GUEST_IF -p udp --dport 67 -j ACCEPT
iptables -I INPUT -i $GUEST_IF -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i $GUEST_IF -p tcp --dport 53 -j ACCEPT”



I know where the command tab is but not sure about some of the technical comments.

Query to understand “Keep DNSMasq enabled (both on Basic Setup page and Services page)” Will DNS not be handled by Opensense ?

What is VAP/Bridge ?

You mention I need to add a Firewall rule in the dd-wrt router or add one in Opensense! Is there a preferred way my understanding is Opensense should be the main Firewall and best to handle everything!

Also, I want all my Wi-Fi devices to have full access to my Network. If it is the preferred option to enter firewall rule, what do I need exactly to type into the command area?

Finally, just in case you know does Opensense have the functionality as DNSMasq Additional Options to deal with list like I have in DD-WRT? If not, can you import this list into OpenSense?

[egc]

This rule is the one that should be added to the firewall of the WAP:

[thorrrr]

HI
I have moved over just doing the DD-WRT router to WAP
Your instruction

Local IP address in subnet of primary router but outside DHCP scope, make sure the used IP address is unique on your network you cannot have duplicates.
Gateway and Local DNS pointing to primary router
[/i]
My DD-WRT ROuter is 192.168.23.1
Opnsesne Box 192.168.23.2
Subnet 192.168.23.0

https://i.imgur.com/HAtNgFF.png

So are we saying this area should be

https://i.imgur.com/pbwH0Pl.png

[thorrrr]

I have followed the instructions everything was fine until i added the firewall rule.
Now my whole LAN is down and i have no access to DD-WRT i have no WiFI and no WAN
from my laptop which is wireless.
But i have no access to anything locally or externally even wired

[egc]

I cannot help you with OPNSense you have to ask at the forum over there.

[thorrrr]

[egc]

I have no experience with OPNsense so difficult to say.