Guest wifi has no access (firewall "open")
Posted: Sat Aug 26, 2023 10:04 am
Hi folks!
I am running a RB4011 as my main router and an access point hAP ax² which creates my wifi network.
Now I did create on the AP a guest wifi. I created a virtual wifi interface which uses my wifi1 as a master and I created a new bridge which only covers this interface.
A bridge with only one interface was a kind of weird for me but it was necessary as DHCP didn't accept the virtual wifi device and it seems to be quite common to create this bridge. Ok.
So, I created a DHCP on the AP, 10.10.10.0/24 with an according range and 10.10.10.1 is the address of the new bridge.
Everything works: I can connect to my Guest wifi SSID, get a IP of the specified range and it looks great.
However: I can't connect to anything. Neither to any client on the other networks nor to the Internet.
But: The firewall of the AP is not set yet. It allows all input and forwarding (expect defaults for invalid etc.) as my main firewall is on the RB4011.
I see traffic on my wifi channel and I see that on the firewall nothing is blocked.
So - the only reason can be that the routing from my new network to other networks doesn't work. But if I check routes on IP I can see my routes, also to 0.0.0.0 which takes the IP of the RB4011 main bridge.
What do I miss? Is there any setting which I need to make that the guest wifi knows how to route?
PS: I am not using VLANs in this setup. Several tutorials use VLANs and hence they can use the main bridge but I thought this works also w/o VLANs.
Best regards, Heisenberg
I am running a RB4011 as my main router and an access point hAP ax² which creates my wifi network.
Now I did create on the AP a guest wifi. I created a virtual wifi interface which uses my wifi1 as a master and I created a new bridge which only covers this interface.
A bridge with only one interface was a kind of weird for me but it was necessary as DHCP didn't accept the virtual wifi device and it seems to be quite common to create this bridge. Ok.
So, I created a DHCP on the AP, 10.10.10.0/24 with an according range and 10.10.10.1 is the address of the new bridge.
Everything works: I can connect to my Guest wifi SSID, get a IP of the specified range and it looks great.
However: I can't connect to anything. Neither to any client on the other networks nor to the Internet.
But: The firewall of the AP is not set yet. It allows all input and forwarding (expect defaults for invalid etc.) as my main firewall is on the RB4011.
I see traffic on my wifi channel and I see that on the firewall nothing is blocked.
So - the only reason can be that the routing from my new network to other networks doesn't work. But if I check routes on IP I can see my routes, also to 0.0.0.0 which takes the IP of the RB4011 main bridge.
What do I miss? Is there any setting which I need to make that the guest wifi knows how to route?
PS: I am not using VLANs in this setup. Several tutorials use VLANs and hence they can use the main bridge but I thought this works also w/o VLANs.
Best regards, Heisenberg