Wireless setup



  • This was very interesting you pointed out I named the “lan” as “br-lan” as seen in the ifconfig -a report I posted earlier.

    @Luciano-S said: For example, in your ifconfig from the Omega, you have a br-lan. In the tutorial i dont see a br-lan?! You have to be consequent with the naming. Otherwise it will never work.
    Why not?
    Because you named the lan "br-lan" and in the config of the Firewall it is named just "lan" !! Find the config file on the Omega and change it to the name as in the tutorial.

    There is nowhere in the tutorial, as you point out, where you are instructed to name a
    section “br-lan” and as a result nowhere did I do so. It is my theory this only appears as a function of the config -a command and not in any configuration files, whether it be network or firewall files.



  • To quote me you have to write

    @luciano said:
    > my quotes ... 
    

    then it appears like that:
    @luciano said:

    my quotes ...



  • If you don't find where you configured it the "br-lan", try in the firewall section to use "br-lan" !!

    By the way, I don't have all the equipment to do the tutorial ... but just from reading here i get chicken skin 😉



  • @Luciano-S. Finding where I configured it, is impossible, as stated in my reply I never configured any file to carry the name "br-lan"
    As for trying to change the firewall configuration file from any setting carrying the "lan" name to "br-lan" hmm seems kind of arbitrary,
    but will done none the less.
    There are a couple of places where this shows up in the firewall configuration file as show below using
    <----change to br-lan to indicate where I changed in the firewall config file as you suggested.

    Below see notes where I changed "lan" to "br-lan" assuming that is what you meant. After which will post results. Fingers crossed.

    root@Omega-xxxx:/etc/config# cat firewall
    config defaults
        option syn_flood    1
        option input        ACCEPT
        option output       ACCEPT
        option forward      REJECT
    # Uncomment this line to disable ipv6 rules
        option disable_ipv6 1
    
    config zone
        option name     lan      <----change to br-lan
        list   network      'wlan'
        list   network      'lan'  <----change to br-lan 
        option input        ACCEPT
        option output       ACCEPT
        option forward      ACCEPT
    
    config zone
        option name     wan
        list   network      'wwan'
        list   network      'wan'
        #list   network     'wan6'
        option input        ACCEPT
        option output       ACCEPT
        option forward      ACCEPT
        option masq     1
        option mtu_fix      1
    
    config forwarding
        option src      lan      <----change to br-lan
        option dest     wan
    
    # We need to accept udp packets on port 68,
    # see https://dev.openwrt.org/ticket/4108
    config rule
        option name     Allow-DHCP-Renew
        option src      wan
        option proto        udp
        option dest_port    68
        option target       ACCEPT
        option family       ipv4
    
    # Allow IPv4 ping
    config rule
        option name     Allow-Ping
        option src      wan
        option proto        icmp
        option icmp_type    echo-request
        option family       ipv4
        option target       ACCEPT
    
    # Allow DHCPv6 replies
    # see https://dev.openwrt.org/ticket/10381
    config rule
        option name     Allow-DHCPv6
        option src      wan
        option proto        udp
        option src_ip       fe80::/10
        option src_port     547
        option dest_ip      fe80::/10
        option dest_port    546
        option family       ipv6
        option target       ACCEPT
    
    # Allow essential incoming IPv6 ICMP traffic
    config rule
        option name     Allow-ICMPv6-Input
        option src      wan
        option proto    icmp
        list icmp_type      echo-request
        list icmp_type      echo-reply
        list icmp_type      destination-unreachable
        list icmp_type      packet-too-big
        list icmp_type      time-exceeded
        list icmp_type      bad-header
        list icmp_type      unknown-header-type
        list icmp_type      router-solicitation
        list icmp_type      neighbour-solicitation
        list icmp_type      router-advertisement
        list icmp_type      neighbour-advertisement
        option limit        1000/sec
        option family       ipv6
        option target       ACCEPT
    
    # Allow essential forwarded IPv6 ICMP traffic
    config rule
        option name     Allow-ICMPv6-Forward
        option src      wan
        option dest     *
        option proto        icmp
        list icmp_type      echo-request
        list icmp_type      echo-reply
        list icmp_type      destination-unreachable
        list icmp_type      packet-too-big
        list icmp_type      time-exceeded
        list icmp_type      bad-header
        list icmp_type      unknown-header-type
        option limit        1000/sec
        option family       ipv6
        option target       ACCEPT
    
    # include a file with users custom iptables rules
    config include
        option path /etc/firewall.user
    
    
    ### EXAMPLE CONFIG SECTIONS
    # do not allow a specific ip to access wan
    #config rule
    #   option src      lan
    #   option src_ip   192.168.45.2
    #   option dest     wan
    #   option proto    tcp
    #   option target   REJECT
    
    # block a specific mac on wan
    #config rule
    #   option dest     wan
    #   option src_mac  00:11:22:33:44:66
    #   option target   REJECT
    
    # block incoming ICMP traffic on a zone
    #config rule
    #   option src      lan
    #   option proto    ICMP
    #   option target   DROP
    
    # port redirect port coming in on wan to lan
    #config redirect
    #   option src          wan
    #   option src_dport    80
    #   option dest         lan
    #   option dest_ip      192.168.16.235
    #   option dest_port    80
    #   option proto        tcp
    
    # port redirect of remapped ssh port (22001) on wan
    #config redirect
    #   option src      wan
    #   option src_dport    22001
    #   option dest     lan
    #   option dest_port    22
    #   option proto        tcp
    
    # allow IPsec/ESP and ISAKMP passthrough
    #config rule
    #   option src      wan
    #   option dest     lan
    #   option protocol     esp
    #   option target       ACCEPT
    
    #config rule
    #   option src      wan
    #   option dest     lan
    #   option src_port     500
    #   option dest_port    500
    #   option proto        udp
    #   option target       ACCEPT
    
    ### FULL CONFIG SECTIONS
    #config rule
    #   option src      lan
    #   option src_ip   192.168.45.2
    #   option src_mac  00:11:22:33:44:55
    #   option src_port 80
    #   option dest     wan
    #   option dest_ip  194.25.2.129
    #   option dest_port    120
    #   option proto    tcp
    #   option target   REJECT
    
    #config redirect
    #   option src      lan
    #   option src_ip   192.168.45.2
    #   option src_mac  00:11:22:33:44:55
    #   option src_port     1024
    #   option src_dport    80
    #   option dest_ip  194.25.2.129
    #   option dest_port    120
    #   option proto    tcp
    
    


  • @Luciano-S tried and no success thanks for the ideas, though.



  • @administrators Have decided to continue to experiment with this setup attempting to make it function. Have one last request before I do and that is could you post the network, wireless and firewall files used in the working session you have completed.

    Thank you.



  • Never mind got it working.



  • @Guest said:

    Never mind got it working.

    Would be nice if you share your learning curve with other newbies, in the spirit of open-source!



  • Now for the cleaning up of the procedure, more to come.



  • Hi @Guest,

    I have done the Ethernet Bridge Tutorial (https://wiki.onion.io/Tutorials/Using-Omega-As-Wifi-Ethernet-Bridge) and enabled Internet access on my laptop (with its wireless radios turned off) via an Ethernet cable and the Ethernet Expansion. I am actually using the forum and writing this post using only said Ethernet connection. This procedure takes about 5 minutes.

    Full example /etc/config/network and /etc/config/firewall files are available in their modified and "ready" state here: https://gist.github.com/gbo-actual/ac79e9345a477b0024b368b292d4492b. The link to these files have been added to the tutorial above.

    Once you have updated the files, run the two commands in this specific order (or reboot the Omega):

    /etc/init.d/firewall restart
    /etc/init.d/network restart
    

    And wait until it has finished (the command prompt will reappear). You can now plug in an Ethernet-capable device to the Omega (if it's your computer, disconnect from any wireless networks first).

    When acting as an Ethernet bridge, this disables the Omega's WiFi AP.

    Gabe



  • @Gabriel-Ongpauco Thank you Gab, dropped your configuration files over mine (rebooted) and the connection continued to function. Would you post the wireless configuration file?
    Held off posting my solution due to one problem. When connecting laptop all works fine no problems can be found.
    But when I connect my Mole camera as the only device entering the ethernet expansion port it does not work.
    The Mole camera functions fine when I bypass the Omega and connect directly in my LAN switch.
    One test involved turning off the firewall but still no go.

    Agreed concerning turning off the wireless radio on laptop so to avoid alternative wifi connection screwing up the testing. Only using the hardwired ethernet connection on the laptop. As a test I unplug to make sure I am not getting signal from wifi as opposed to hardwired ethernet.



  • @Guest said in Wireless setup:

    But when I connect my Mole camera as the only device entering the ethernet expansion port it does not work.

    Does the cam not have a fix ip in a other range than the Omega?? If yes change it to something like 192.168.3.xx (xx) means a number outside of your DHCP range. Otherwise you can get difficulties when you have duplicated IP's.



  • My laptop automatically receives all the settings needed to connect via DHCP setting on the laptop. The same settings were configured on the camera as stated before it handled the DHCP connection flawlessly while bypassing the Omega, connected to my LAN. So no, it does not have a fixed or static IP address.



  • @Guest,

    The wireless file (I assume you mean /etc/config/wireless) was not changed during the tutorial and it should be fine to use from a factory reset if you need a fresh one. This is also where wifi login info is stored, so I cannot post mine.

    I suggest playing around more with your camera's setup and settings since as far as we can tell, the Omega is providing network access through the Ethernet Expansion and functioning normally.



  • @Gabriel-Ongpauco Your assumption was correct the /etc/config/wireless file. FYI if you are stating your 'login info' is exposed I just comment over the top of it like:
    And one last request could you post the results from ifconfig -a from your setup? Thank you appreciate your help.

    config wifi-device 'radio0'
            option type 'mac80211'
            option hwmode '11g'
            option path 'platform/ar933x_wmac'
            option htmode 'HT20'
            option disabled '0'
            option channel '9'
            option txpower '30'
            option country 'US'
    
    config wifi-iface
            option device 'radio0'
            option network 'wlan'
            option mode 'ap'
            option ssid 'Omega-1234'
            option encryption 'psk2'
            option key 'just comment over it'
            option disabled '0'
    
    config wifi-iface
            option device 'radio0'
            option ssid 'mine'
            option encryption 'psk2'
            option network 'wwan'
            option mode 'sta'
            option key 'not shown'
            option disabled '0'


  • @None-None With little or no knowledge dicided to try verbatim your suggestion.
    Started with a FACTORY RESET Omega.
    Then checked out the names of the interfaces which would be needed with the brctl command.

    Ran the ifconfig -a command and got the following:

    
    /# ifconfig -a
    eth0      Link encap:Ethernet  HWaddr 40:A3:6B:C1:17:0B
              BROADCAST MULTICAST  MTU:1500  Metric:1
              RX packets:6 errors:0 dropped:3 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:583 (583.0 B)  TX bytes:0 (0.0 B)
              Interrupt:4
    
    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:144 errors:0 dropped:0 overruns:0 frame:0
              TX packets:144 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:9792 (9.5 KiB)  TX bytes:9792 (9.5 KiB)
    
    wlan0     Link encap:Ethernet  HWaddr 40:A3:6B:C1:17:0C
              inet addr:192.168.3.1  Bcast:192.168.3.255   Mask:255.255.255.0
              inet6 addr: fe80::42a3:6bff:fec1:170c/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:43 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:0 (0.0 B)  TX bytes:9272 (9.0 KiB)
    

    Then ran ….

    # brctl addbr br-lan
    
    # brctl addif br-lan eth0 wlan0
    [  485.950000] device eth0 entered promiscuous mode
    brctl: invalid argument 'wlan0' to 'brctl'
    

    config -a after running the brctl command:

    # ifconfig -a
    br-lan    Link encap:Ethernet  HWaddr 40:A3:6B:C1:17:0B
              BROADCAST MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
    
    eth0      Link encap:Ethernet  HWaddr 40:A3:6B:C1:17:0B
              BROADCAST MULTICAST  MTU:1500  Metric:1
              RX packets:6 errors:0 dropped:3 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:583 (583.0 B)  TX bytes:0 (0.0 B)
              Interrupt:4
    
    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:2064 errors:0 dropped:0 overruns:0 frame:0
              TX packets:2064 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:140352 (137.0 KiB)  TX bytes:140352 (137.0 KiB)
    
    wlan0     Link encap:Ethernet  HWaddr 40:A3:6B:C1:17:0C
              inet addr:192.168.3.1  Bcast:192.168.3.255  Mask:255.255.255.0
              inet6 addr: fe80::42a3:6bff:fec1:170c/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:43 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:0 (0.0 B)  TX bytes:9272 (9.0 KiB)
    

    Seems like the wlan is not the correct entry, maybe at this point you can see what it is leading me astray?


  • Banned

    This post is deleted!


  • @Guest Hi, Thanks for explaining in detail. Is your tutorial will work for:

    Changing network priority between Ethernet and WIFI.

    1. Ethernet need to be at 1st priority.
    2. WIFI needed just as fallback network, If ethernet not working then search for WIFI connectivity

Log in to reply
 

Looks like your connection to Community was lost, please wait while we try to reconnect.