我有一个备用的WRT160NL,我将其配置为桥接客户端,主要如下:本指南。主路由器的 IP 是 192.168.178.1,也连接到互联网。WRT 的 IP 是 192.168.178.2,此设备在客户端模式下通过 Wi-Fi 连接到主路由器。然后在 AP 模式(“模式:主”)下广播相同的 SSID,并且 WRT 上的 DHCP 被禁用。桥接接口连接“无线广域网”和 WRT 上的无线网络。
问题
现在我想配置访客 Wi-Fi,但似乎无法让它工作。我正在关注本指南新的客户网络已广播,我可以连接到它,还可以通过 DHCP 获取 IP。第一步,我尝试 ping 该网络的 WRT 接口地址,即 192.168.3.1。这失败了,我不知道为什么。在尝试其他任何操作(调整防火墙设置等)之前,我应该能够从子网内部 ping 路由器 IP,不是吗?由于我有一个桥接接口(“stabridge”),我将客户接口添加到桥接接口,但这也没有用。
配置文件
/etc/config/网络
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'lan'
option ifname 'eth0'
option force_link '1'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option gateway '192.168.178.1'
option dns '192.168.178.1'
option delegate '0'
option ipaddr '192.168.178.3'
config interface 'wwan'
option proto 'static'
option netmask '255.255.255.0'
option gateway '192.168.178.1'
option delegate '0'
option ipaddr '192.168.178.2'
config interface 'stabridge'
option proto 'relay'
option ipaddr '192.168.178.2'
option delegate '0'
list network 'guest'
list network 'lan'
list network 'wwan'
config interface 'guest'
option proto 'static'
option ipaddr '192.168.3.1'
option netmask '255.255.255.0'
option delegate '0'
/etc/config/无线
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11g'
option path 'platform/ath9k'
option htmode 'HT20'
option disabled '0'
option channel '4'
option txpower '21'
option country 'US'
config wifi-iface
option network 'wwan'
option ssid 'wi-fi'
option encryption 'psk2'
option device 'radio0'
option mode 'sta'
option bssid '24:65:11:XX:XX:XX'
option key 'wifipassword'
config wifi-iface
option device 'radio0'
option mode 'ap'
option ssid 'wi-fi'
option network 'lan'
option encryption 'psk2'
option key 'wifipassword'
config wifi-iface
option device 'radio0'
option mode 'ap'
option network 'guest'
option ssid 'wifi_guest'
option encryption 'psk2'
option key 'wifiguestpassword'
/etc/config/防火墙
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan wwan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6 wireless_open'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config rule
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'guest'
option input 'ACCEPT'
option forward 'REJECT'
option output 'ACCEPT'
option network 'guest'
config forwarding
option dest 'wan'
option src 'guest'
config rule
option target 'ACCEPT'
option src 'guest'
option proto 'tcp udp'
option dest_port '53'
option name 'Guest DNS'
config rule
option enabled '1'
option target 'ACCEPT'
option src 'guest'
option proto 'udp'
option dest_port '67-68'
option name 'Guest DHCP'
加分点:我尝试配置精确的与 DD-WRT 相同的设置这也失败了,我也无法从来宾网络内部 ping 通网关。我是不是遇到了一些硬件限制?
我缺少哪些步骤来配置访客网络以使用“wwan”连接到互联网?谢谢您的关注!
防火墙设置:
如果从网桥中移除了来宾网络,仍然无法从来宾网络内部 ping 通来宾网关。
root@OpenWrt:~# ifconfig
br-lan Link encap:Ethernet HWaddr BE:0F:EC:XX:XX:XX
inet addr:192.168.178.3 Bcast:192.168.178.255 Mask:255.255.255.0
inet6 addr: fe80::bc0f:ecff:fe6f:f226/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6944791 errors:0 dropped:4991 overruns:0 frame:0
TX packets:11086842 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:581010664 (554.0 MiB) TX bytes:15224175749 (14.1 GiB)
eth0 Link encap:Ethernet HWaddr BE:0F:EC:XX:XX:XX
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:291345 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:18850062 (17.9 MiB)
Interrupt:4
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:149 errors:0 dropped:0 overruns:0 frame:0
TX packets:149 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:10372 (10.1 KiB) TX bytes:10372 (10.1 KiB)
wlan0 Link encap:Ethernet HWaddr 00:03:7F:XX:XX:XX
inet addr:192.168.178.2 Bcast:192.168.178.255 Mask:255.255.255.0
inet6 addr: fe80::203:7fff:fec0:7cfa/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10984215 errors:0 dropped:2 overruns:0 frame:0
TX packets:7134194 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2342342874 (2.1 GiB) TX bytes:830422933 (791.9 MiB)
wlan0-1 Link encap:Ethernet HWaddr 02:03:7F:XX:XX:XX
inet6 addr: fe80::3:7fff:fec0:7cfa/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6989301 errors:0 dropped:0 overruns:0 frame:0
TX packets:11120218 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:714322711 (681.2 MiB) TX bytes:2590755125 (2.4 GiB)
wlan0-2 Link encap:Ethernet HWaddr 06:03:7F:XX:XX:XX
inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0
inet6 addr: fe80::403:7fff:fec0:7cfa/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:955 errors:0 dropped:6 overruns:0 frame:0
TX packets:270 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:90423 (88.3 KiB) TX bytes:47057 (45.9 KiB)
root@OpenWrt:~# ifdown br-lan
Interface br-lan not found
root@OpenWrt:~# ifdown eth0
Interface eth0 not found
root@OpenWrt:~# ifdown wlan0
Interface wlan0 not found
root@OpenWrt:~# ifdown wlan0-1
Interface wlan0-1 not found
root@OpenWrt:~# ifdown wlan0-2
Interface wlan0-2 not found
答案1
ping 192.168.3.1 确实应该可以工作。所以我认为你应该首先关注这一点。我认为问题在于
config interface 'stabridge'
...
list network 'guest'
因为客人不应该在桥中(如果它在桥中它自己的IP可能会被忽略)。