My Setup: I’m running my main router (RT-AC68U) in the house and I’ve attached an ethernet cable to a powerline adapter to carry the network out to my office. I’ve connected the other end of that to the WAN port on my newly acquired GL-AX1800 and I’ve connected an additional ethernet cable from LAN port 1 to my personal desktop PC.
What I’m trying to achieve: I want my wired connection to my PC to connect to the rest of my LAN using the DHCP service provided by my primary router. I also want to run a guest wifi on the GL-AX1800 so that I can connect my work laptop and keep it isolated from the rest of my network, sadly the signal for my guest network from my primary router isn’t strong enough to provide a stable connection.
What I’ve tried so far: Using the main GL-iNet UI I’ve configured the GL-AX1800 to act as an access point. This achieved the goal of allowing my personal PC (connected via cable) to connect and communicate with the rest of my network. Using LuCI I then tried enabling the guest network and connecting to that with my work laptop. Upon connecting my machine is assigned an IP address in the guest subnet of 192.168.8.1 but is unable to access the internet. I’ve tried following the guide: [OpenWrt Wiki] Guest Wi-Fi on a dumb wireless AP using LuCI but as that assumes a default configuration, most of what it suggests to configure appears to already be setup. I also tried using the main wifi connection and enabling client isolation to try and achieve the same thing but I was still able to reach all of the other devices on my network.
Is anyone able to point me in the right direction?
Access Point mode does not handle forwarding in the IP layer and does not provide NAT. Therefore, it can’t support Guest Network.
Is your personal devices connected to the RT-AC68U or AXT1800?
Why do you have to use DHCP on the RT-AC68U?
Can you consider a simpler solution?
-
Change connection method
Personal Devices → RT-AC68U → Internet
Work Devices → AXT1800 → RT-AC68U → Internet
-
Use AXT1800 as main router.
So the majority of my personal devices are connected to the RT-AC68U, all except my media server which is physically located in my office outside of the wifi range of the RT-AC68U. Originally the power line adapters were used to directly connect this machine to the LAN port of the RT-AC68U. I bought the AXT1800 deliberately to add wifi coverage to my office.
Based on what you said I tried a different approach. I kept the AXT1800 running in router mode with the ethernet cable connected to its WAN port.
I set the RT-AC68U to run on 172.16.0.1/24 with DHCP addresses in the range 172.16.0.2-254 with a statically allocated address for the AXT1800.
I then set the AXT1800 to run on 172.16.8.1/24 with DHCP addresses in the range 172.16.8.2-254
I then set a static route on the RT-AC68U to route traffic for 172.16.8.0/24 via the statically allocated address for the AXT1800.
With this in place using a machine attached to the RT-AC68U I am able to ping 172.16.8.1 successfully. However I cannot ping any machine which is attached to the AXT1800.
I’ve sanity checked that the machine is reachable when a ping is attempted from another machine on the AXT1800.
I’ve also temporarily disabled the firewall on both devices, but still cannot successfully ping across both routers. Any ideas?
Actually I’ve continued testing and having ssh’d into the router and stopped the firewall using:
service firewall stop
I was able to confirm the firewall was definitely stopped using:
iptables --list
Having confirmed no rules were in place, I was able to ping a machine attached to the ATX1800 from a machine attached to the RT-AC68U. This implies that what I need help with is how to configure the firewall to allow communication across the 2 subnets. Is this something you could assist with?
If I understand correctly, the personal device connected to the RT-AC68U needs access to your media server but needs to be isolated from your work device, right?
Have you tried using AXT1800 to forward the ports on your media server?
I think the isolation here is caused by NAT. So another suggestion is to upgrade to firmware version 4.2 and use the Drop-in Gateway feature. The Drop-in Gateway mode in firmware version 4.2 requires the DHCP on the main router to be turned off and the AXT1800 to provide DHCP entirely. The Drop-in Gateway mode in firmware version 4.2 requires that DHCP on the primary router be turned off and that the AXT1800 provide DHCP exclusively.