I am trying to set up a new Slate AX running 4.03 firmware to act as a wifi bridge, and have run into a problem where the Slate AX is blocking access to clients connected to the AX’s LAN ports.
What I am trying to accomplish is this: I have two astronomical devices (telescope mount and a Raspberry Pi running Astroberry) that do not have wifi, only wired ethernet connections. I want to use the Slate AX to connect those two devices to the AX’s LAN ports, and they connect to the home’s wifi through the AX. I have set the AX into Extender mode, and I can verify that the two devices are receiving a DHCP address from the home network. However, I need to be able to access the two devices from the home network, to control them, and I can’t seem to do that. It is acting as if the Slate AX’s firewall is still active and blocking access to the devices connected to its LAN ports.
How can I place the Slate AX into a pure wifi bridge mode, so it is not blocking access to clients connected to its LAN ports?
Can you confirm that the 2 devices both have IP addresses that are in the same subnet as the Slate AX and home network (e.g., 192.168.8.0/24)? If so, they are all on the same LAN and the firewall should not be acting on. Also, try connecting a device to the LAN port to see if you can access the home network.
I do not work for and I do not have formal association with GL.iNet
Let’s see… monitoring the home network’s DHCP server (subnet 192.168.0.0/24), I can see when the AX comes up and gets an IP address in the home network. I can ping the AX, but that’s it.
So I plugged a laptop into one of the AX LAN ports. Confirmed that it received an IP from the home network DHCP. Laptop can see and access devices on the home net and internet.
However, trying to ping the laptop from the home net fails. Appears to be stopped at the address of the AX (destination port unreachable). Also cannot ping the AX from the laptop, which is expected with it in bridge mode. Trying to traceroute from the home lan to the laptop just shows the address of the AX and that’s as far as it gets.
So, the AX seems to be wifi bridging fine, and things connected to its LAN ports can reach the internet and home network, but things on the home network can’t reach things connected through the AX.
One thing comes to mind here: in the past, when I’ve set up a wifi bridge with an old router, one thing I’ve had to do is set the name of the wifi on the old router to match the wifi of the home network. With the AX, I have not done that, I just followed the docs and set the network mode. I see that the AX still has its “GL-AXT…” wifi networks out there, and I can connect to them. Doesn’t seem right that I should be able to do that.
I may have a workaround that I will try later. I can try resetting the AX, and leave it in its default router mode. I should be able to put the “Astroberry Pi” in the AX DMZ, and reach it that way from the home lan. The telescope mount will be accessed through the Astroberry, so technically it doesn’t need to be available from the home lan. As long as I can reach the Astroberry, everything should work. I may also try to disable the AX firewall and then bridge it, see if that makes a difference.
Personally, I do not like Extender mode in OpenWRT because it uses relayd, which kind of interconnects 2 subnets. In this way, there may be firewall acting between them. If the router will be dedicated to the 2 astronomical devices, then I would try doing a factory reset the router and set up the Extender mode again in case there is interference from a previous setting. It should be okay to have a different wifi SSID from the main router, which many extenders allow, or you can turn off the extended wifi via LuCI → Network → Wireless.
It is worthwhile to try Router mode and just add Port Forwarding from WAN to the devices on the required ports. I prefer port forwarding over DMZ, which is similar for ALL ports and is only for 1 device/IP address.
Thanks for the info. I agree about the port forwarding. Most of the time, I would go that route; it’s cleaner and allows for forwarding to more than one device. For purposes of this little setup, I went the lazy route just to get it working quick.
I reset the AX and set it back up as a regular repeater, connecting its wifi up to the house wifi. I then connected the Astroberry to one LAN port, and the telescope mount to the other LAN, and told the AX to give them dedicated ip addresses. Then, I put the Astroberry in the DMZ, because it’s all I have to get to. Now, I can VNC over to the Astroberry (by hitting the AX’s ip address), and from there control the whole setup. Simple, and it works.