Guest Wifi on Repeater

Discussion in 'Tomato Firmware' started by oscarkb, Jul 20, 2012.

  1. oscarkb

    oscarkb Serious Server Member

    Hello your gurus
    I have a problem that I tried to sort out several weeks but I got no where so I came here asking for help.
    I have 2 router Asus RT-N16 and Belkin N300 Share Max both running Shibby 097 firmware.
    Asus RT-N16 works perfectly as primary router. I can create 2 different SSID (HOME and GUEST) with different subnet and via VLAN and WLAN. I can connect and access internet on both SSID. They are very stable though.
    I configure the Belkin N300 the same way and it work perfectly. I can connect to both SSID and can access the internet. In general both router work as primary router

    Now I try to setup the Belkin N300 as wireless extender. I can link the 2 routers together using the access point +WDS method (WPA, G only, same channel, same SSID)
    My Belkin router is set as DHCP disable, IP address, default gateway, DNS, routing is set to router

    br0 subnet dhcp disable
    br1 subnet dhcp enable

    VLAN setting
    1 port 1 2 3 4 LAN (br0)
    2 WAN WAN
    3 LAN1(br1)

    Virtual wireless
    wl0 enable 206HOME AP+WDS LAN(br0)
    wl0.1 enable 206FRIEND AP LAN1(br1)

    I have run the iptables command allowing port 53 and port 67

    Here is the problem. I connect my laptop to the secondary router (Belkin) and I can access the internet via wired LAN port. I can access the internet via HOME206. But I can not access the internet via 206FRIEND which I could when using as primary router.

    I have enable the LAN ACCESS LAN to LAN1 and LAN1 to LAN as well
    Is there any setting in the secondary router or the primary router that I have missed which did not allow 206FRIEND to access the internet?

    Please hekp
  2. Dark_Shadow

    Dark_Shadow LI Guru Member

  3. oscarkb

    oscarkb Serious Server Member

    Virtual wireless seem to have mismatch MAC between hwaddr and bssid but I fixed all that.
    The point is they WORKS when br0 is DHCP ENABLE, when br0 is DHCP DISABLE, they don't work. I can connect to the LAN but not the internet. I believe it's the DNS thing
  4. waeking

    waeking Addicted to LI Member

    if you can "ping" and not "ping" then you have a dns problem. If you can't do the first ping then you have a different problem. ie: iptables or routing.
  5. oscarkb

    oscarkb Serious Server Member

    No can not even ping It timed out

    Somehow the packet did not get to the primary router

    I added to the firewall script
    iptables -I FORWARD -i br1 -d `nvram get wan_ipaddr`/`nvram get wan_netmask` -m state --state NEW -j ACCEPT
    iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
    iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
    iptables -I INPUT -i br1 -m state --state NEW -j DROP
    iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT
    iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
    iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT

    Everything works perfect now.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice