What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Lan to Guest

palito

New Around Here
Hello,

i have search for days, but i do not understand where my problem is on a RT-AC88U with 386.14_2 firmware,
My setup is simple, after factory reset, i only do this setup : (with Wan unplug)
Set language to english, Enable ssh, Set router ip to 192.168.2.1 and enable wifi 2hgz guest (Access Intranet disable)

After a reboot if i try to ping from lan 192.168.2.x to wifi 2hgz guest 192.168.101.x it do not work
but if i add this rule, it's ok : iptables -I FORWARD -i br0 -o br1 -s 192.168.2.10 -j ACCEPT

after that if i plug wan cable it do not work anymore, even after reboot, even after add the rule again

Any advise ?
 
If you want main LAN clients to access Guest WiFi clients then try using YazFi. You can setup one-way to Guest within the YazFi GUI which should accomplish the same as your IPTables rule.

wl01_ONEWAYTOGUEST​

Should LAN be able to initiate connections to Guest Network clients (but not the opposite)? (true/false) Cannot be enabled if _TWOWAYTOGUEST is enabled
 
Sorry, i should have add this to the post, but as YazFi cannot work with aimesh, i cannot use it, as i have nodes involved
i almost succeeded to enable lan to guest adding the iptable rules
my problem is that as long as i connect wan, it do not work anymore
 
Hello,

i have search for days, but i do not understand where my problem is on a RT-AC88U with 386.14_2 firmware,
My setup is simple, after factory reset, i only do this setup : (with Wan unplug)
Set language to english, Enable ssh, Set router ip to 192.168.2.1 and enable wifi 2hgz guest (Access Intranet disable)

After a reboot if i try to ping from lan 192.168.2.x to wifi 2hgz guest 192.168.101.x it do not work
but if i add this rule, it's ok : iptables -I FORWARD -i br0 -o br1 -s 192.168.2.10 -j ACCEPT

after that if i plug wan cable it do not work anymore, even after reboot, even after add the rule again

Any advise ?
Move to GN2 then you are on same net as main.
GN1 is on other net, used with Aimesh.
 
i don't want to be on the main network
i want to use Guest Wifi for IOT devices, so on 192.168.101.x network (Access Intranet disable)
but i also want to acces them from LAN 192.168.2.x
An before plug wan port i can do it by adding this rule iptables -I FORWARD -i br0 -o br1 -s 192.168.2.10 -j ACCEPT
but after i plug wan port, it do not work anymore
 
i don't want to be on the main network
i want to use Guest Wifi for IOT devices, so on 192.168.101.x network (Access Intranet disable)
but i also want to acces them from LAN 192.168.2.x
An before plug wan port i can do it by adding this rule iptables -I FORWARD -i br0 -o br1 -s 192.168.2.10 -j ACCEPT
but after i plug wan port, it do not work anymore
You can put your script in a firewall-start script which persists a reboot.

 
it's not a problem about persisting to a reboot
even if i reboot and add the rule again, it do not work
after wan is plugged , it do not work anymore
 
it's not a problem about persisting to a reboot
even if i reboot and add the rule again, it do not work
after wan is plugged , it do not work anymore
Have you tried wan-event or wan-start script ? Read more on user script wiki.
 
for now, i don't need scripts, i don't care if it do not persists to a reboot

i need the rule or other command to make this work (enable Lan to Guest )
i will automate this after i succeeded to make it work
 
Last edited:
i even try to flush all iptables rules and then accept all :
iptables -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

but after wan is pluged still the same issue,
i cannot ping 192.168.101.x network (Access Intranet disable) from Lan
it do not work
 
i even try to flush all iptables rules and then accept all :
iptables -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

but after wan is pluged still the same issue,
i cannot ping 192.168.101.x network (Access Intranet disable) from Lan
it do not work
Do you get anything with this comand?
ebtables -t broute -L BROUTING --Lx --Lc
 
i get this :

ebtables -t broute -A BROUTING -p IPv4 -i wl0.1 --ip-dst 192.168.101.1 --ip-proto icmp -j ACCEPT -c 0 0
ebtables -t broute -A BROUTING -p IPv4 -i wl0.1 --ip-dst 192.168.101.0/24 --ip-proto icmp -j DROP -c 0 0
ebtables -t broute -A BROUTING -p IPv4 -i wl0.1 --ip-dst 192.168.2.0/24 --ip-proto icmp -j DROP -c 0 0
ebtables -t broute -A BROUTING -p IPv4 -i wl0.1 --ip-dst 192.168.101.0/24 --ip-proto tcp -j DROP -c 0 0
ebtables -t broute -A BROUTING -p IPv4 -i wl0.1 --ip-dst 192.168.2.0/24 --ip-proto tcp -j DROP -c 0 0
 
Run this se if you can ping, 192.168.2.10

ebtables -t broute -D BROUTING -p IPv4 -i wl0.1 --ip-dst 192.168.2.0/24 --ip-proto tcp -j DROP -c 0 0

This removing that rule.
 
thanks a lot, i was not aware of ebtables

i sitll don't understand why before plug wan port it works with adding an iptables rule only

but after plug wan port i have to do some change on ebtables
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Back
Top