Hi,
as TO obtained and while migrating my set-up from older HW did try to set up also a Guest WiFi so I learn something (mean by that isolated network ie. no LAN access, only WAN).
Unable archive results LuCI way enabled the ‘Guest WiFi’ option in reForis just to take a look how it’s done.
Back in LuCI again made a copy - only for FW rules simplifying it with UDP-TCP rule for DNS/DHCP ports - DHCP worked well but DNS presumably not.
Still no connectivity into ‘internet’ (LAN isolation yes, DHCP giving me IP ok, but nothing more goes through so FW misconfiguration?).
The guest-turris meanwhile always working alongside.
So SSH in - and put config directly into appropriate files (using vi) and restarted TO.
Can be seen below. (Did noticed there is a lot more in it than for those entries created in LuCI - even comparing values ‘turris-guest’ against LuCI).
Do know it should be done:
uci commit xyz
/etc/init.d/xyz restart
but don’t know syntax that good yet - is it problem if ‘vim way’? After restart the changes persist in file and LuCI is populated with result as well.
Did that as direct copy of ‘guest-turris’ just renaming entries (doubled the g,t) so it’s not in conflict with original and adding 10.110.222.2 for different IP range.
Right now it’s as this for example:
/etc/config/firewall
config rule ‘gguestt_turris_dns_rule’
option enabled ‘1’
option name ‘gguestt dns rule’
option src ‘tr_gguestt’
option proto ‘tcpudp’
option dest_port ‘53’
option target ‘ACCEPT’
config rule ‘gguestt_turris_dhcp_rule’
option enabled ‘1’
option name ‘gguestt dhcp rule’
option src ‘tr_gguestt’
option proto ‘udp’
option src_port ‘67-68’
option dest_port ‘67-68’
option target ‘ACCEPT’
and the rest of FW rules…
/etc/config/network
config interface ‘gguestt_turris’
option enabled ‘1’
option proto ‘static’
option device ‘br-gguestt-turris’
option ipaddr ‘10.110.222.1’
option netmask ‘255.255.255.0’
option ip6assign ‘64’
config device ‘br_gguestt_turris’
option name ‘br-gguestt-turris’
option type ‘bridge’
option bridge_empty ‘1’
/etc/config/dhcp
config dhcp ‘gguestt_turris’
option interface ‘gguestt_turris’
option ignore ‘0’
option start ‘100’
option limit ‘150’
option leasetime ‘3600’
option dhcpv6 ‘server’
option ra ‘server’
list dhcp_option ‘6,10.110.222.1’
and as last the WiFi AP tied on ‘gguestt_turris’ - that works well
The WiFi AP returning this when connected in it:
Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : ‘X adapter’
Physical Address. . . . . . . . . : ‘X MAC’
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.110.222.106(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : ‘-X datetime-’
Lease Expires . . . . . . . . . . : ‘-X datetime-’
Default Gateway . . . . . . . . . : 10.110.222.1
DHCP Server . . . . . . . . . . . : 10.110.222.1
ping ‘X address’
Ping request could not find host ‘some address’. Please check the name and try again.
nslookup ‘X address’
*** Default servers are not available
Server: UnKnown
Address: 127.0.0.1
*** UnKnown can’t find ‘X address’: No response from server
The working guest-turris conf. return the same but in diff IP range.
I’m on latest HBS, after medkit clean install via USB (messed up one time beyond capabilities of snapshot recov. so that’s why).
What I’m doing wrong if that can be seen by someone more keen than I’m or where search for more detailed logs?
In LuCI system log is moreover:
link dow as pulling out RJ45 cable from adapter > AP wlan auth, DHCP discover up to ack OK and last line about it is kresd leases refresh… no error or some blocking status.