OK
I am about to go for it
If i have read everything correct
1. SSH into router
2. cd /tmp
3. curl --output firmware.bin ftp://ftp.dd-wrt.com/betas/2023/01-12-2023-r51288/netgear-r7800/dd-wrt-webupgrade.bin
4. When router has finished upgrade process and can be seen in web page
5. SSH back into router
6. Run nvram erase && reboot
7. Enter 192.168.1.1 enter back my username and password
8. Manually enter all old settings & paste my DNSMasq List back
9. Reboot everything should be back as it was (i hope)
Is that correct?
Last edited by thorrrr on Sat Jan 14, 2023 14:20; edited 2 times in total
Joined: 18 Mar 2014 Posts: 12915 Location: Netherlands
Posted: Sat Jan 14, 2023 14:18 Post subject:
Looks good, it can take up to 2 minutes before the router has detected firmware.bin and upgrades.
So be patient!
I usually do an upgrade via the GUI (Administration/firmware Upgrade) but this should also work.
If you do it via the GUI choose "Do NOT reset" after flashing.
Ok it upgraded fine it reset fine but soon as I started putting my settings in and saved I lost it
I changed my local ip to 192.168.23.1
Subnet to 255.255.255.0
How can I get back in
Can I thank you for all your help yesterday and everything is running fine.
I have on 2 occasions when I rebooted the router found it does not show on the correct address http:/192.168.23.1, I must unplug and reboot the router then it works!
My plan is moving to Opensense on Tue or Wed, and I have been dissecting your message on best way to set up WAP. I have understood 90% of your instruction.
The part I would like further help on is the latter part.
Quote:-
“Note: for Broadcom routers for best throughput enable CTF on Basic Setup Page
You have to add the following rule to the firewall in order to get internet access from clients attached to a VAP/Bridge on your WAP.
In the web-interface of the router (the WAP): Administration > Commands save Firewall:
#Always necessary (alternatively set static route on main router and NAT traffic from VAP/Bridge out via WAN):
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to $(nvram get lan_ipaddr)
If you want to only have the VAP/bridge to have internet access and not access to the rest of the network
#Replace with the appropriate interface of your VAP, e.g. wl0.1, wlan0.1 etc:
GUEST_IF="wlan1.1"
#Net Isolation does not work on a WAP so keep it disabled, add for isolating VAP from main network:
iptables -I FORWARD -i $GUEST_IF -d $(nvram get lan_ipaddr)/$(nvram get lan_netmask) -m state --state NEW -j REJECT
I know where the command tab is but not sure about some of the technical comments.
Query to understand “Keep DNSMasq enabled (both on Basic Setup page and Services page)” Will DNS not be handled by Opensense ?
What is VAP/Bridge ?
You mention I need to add a Firewall rule in the dd-wrt router or add one in Opensense! Is there a preferred way my understanding is Opensense should be the main Firewall and best to handle everything!
Also, I want all my Wi-Fi devices to have full access to my Network. If it is the preferred option to enter firewall rule, what do I need exactly to type into the command area?
Finally, just in case you know does Opensense have the functionality as DNSMasq Additional Options to deal with list like I have in DD-WRT? If not, can you import this list into OpenSense?
It is the only rule necessary to get full access from all attached clients to your WAP.
But it is only needed if you have added extra Virtual Interfaces (VAP/Bridges) e.g. for Guest net work /IoT etc.
Maybe you do not need it now but you are wanting it in the future, but in the future you forget about this and as it does not hurt to add the rule so better add it now.
HI
I have moved over just doing the DD-WRT router to WAP
Your instruction
Local IP address in subnet of primary router but outside DHCP scope, make sure the used IP address is unique on your network you cannot have duplicates.
Gateway and Local DNS pointing to primary router
[/i]
My DD-WRT ROuter is 192.168.23.1
Opnsesne Box 192.168.23.2
Subnet 192.168.23.0
I have followed the instructions everything was fine until i added the firewall rule.
Now my whole LAN is down and i have no access to DD-WRT i have no WiFI and no WAN
from my laptop which is wireless.
But i have no access to anything locally or externally even wired
Last edited by thorrrr on Thu Jan 19, 2023 11:11; edited 2 times in total
I cannot help you with OPNSense you have to ask at the forum over there.
Do you think this is an Opnsense issue?
I lost everything soon as i entered the firewall rule i did each one stage by stage.
But this one thing lost me my network also i did backup DD-WRT but i have no interface now.
Is there anyway of getting back in to restore?
Sorry also i have no Wifi from this unit now