Guest networks and DHCP

[SirAce135]

Well the file is still there it is just completely blank. I am checking by running:
cd /jffs/configs
vi dnsmasq.conf

When I do that the file is completely empty.

And you are totally right, the output I was mentioning is actually "brctl show"
Under "ifconfig" I see a ton of interfaces here is my best guess at what they are and you let me know where I went wrong:

br0=Bridge of some sort (don't know exactly what its bridging)
eth0=Hardwired ethernet
eth1=2.4GHz non-guest
eth2=5GHz non-guest (1)
eth3=5GHz non-guest (2)
fwd0= ???
fwd1= ???
lo=loopback
vlan1= ???
wl0.1=2.4GHz guest
wl1.1=5GHz guest

The "brctl show" output made it seem like the bridge was bridging vlan1, wl0.1, and wl1.1 is that right? is vlan1 comprised of wl0.1 and wl1.1?

Thanks again for the super quick responses

 

[ColinTaylor]

Those interfaces look OK. vlan1 will be the physical LAN ports on the router. vlan1 and the wireless interfaces are bridged together to form a virtual interface called br0. Logically, br0 is your LAN. It just makes things simpler to route between the WAN (eth0) and the LAN (br0).

You need to get to the bottom of why your file is empty. Try creating it again and then type the following to confirm it's OK:

cat /jffs/configs/dnsmasq.conf

Reboot and check again.

 

[SirAce135]

Awesome, will do! I will also just format the jffs and recopy the file over to get a clean start. Simply enabling the jffs should've formatted it to begin with and the fact that it let me copy and edit the file in my mind would suggest its properly up and running.

Will report back with results once I get a chance to do this. Have a couple of calls to get done for work before that.

Thanks!

 

[SirAce135]

For some odd reason I keep getting a cloudflare warning saying I've been blocked from the site when I try to post.. I took a pic of my post. Lets see if this works.

 

[SirAce135]

Once again I cloudflare isnt letting me post the body of my message so I am attaching another picture of it.

 

[SirAce135]

I missed the first couple of lines on that last one, this is at the very top:

pid-file=/var/run/dnsmasq.pid
user=nobody
bind-dynamic

 

[ColinTaylor]

I don't think I can help you debug that file because I don't use guest networks so have nothing to compare it to. I was more interested in finding out why your config file was disappearing. Is that working now or is it still empty?

 

[SirAce135]

Yes, just tried it again and after reboot the file is still there, it is just completely blank.

Did I miss a step to enable config files being read from the /jffs/configs directory?

 

[SirAce135]

Actually, your command:

cat /jffs/configs/dnsmasq.conf

Brings up the file including my edits, but when I run:

vi /jffs/configs/dhcpmasq.conf

it shows an empty file. I'm all sorts of confused now lol

 

[ColinTaylor]

Actually, your command:

cat /jffs/configs/dnsmasq.conf

Brings up the file including my edits, but when I run:

vi /jffs/configs/dhcpmasq.conf

it shows an empty file. I'm all sorts of confused now lol

That's because you are mistyping the file name:
dnsmasq.conf
dhcpmasq.conf

 

[SirAce135]

You're absolutely right, I don't know why I got mixed up with the names. When I do "vi dnsmasq.config" it properly shows the file content as I left it before the reboot so its good.

Thanks for helping me sort that bit of the equation.

Now if I could only get the attention of someone running guest networks to lend a hand with debugging this file.

 

[ColinTaylor]

Can we take a step back and review...

How is your network currently set up and what are you trying to achieve?

 

[SirAce135]

Sure thing,

I have fios service with my router (Asus AC5300) plugged directly into my ONT.
My router is broadcasting 3 wifi networks (1x 2.4GHz, and 2 5GHz) on my LAN and 2 guest networks (1x 2.4GHz, 1x 5GHz).
The guest networks do NOT have intranet access enabled, and my DHCP server is being run from my Synology NAS which is hardwired to the router.

All of my LAN devices (hardwired and on all 3 of my internal wifi networks) can get DHCP IP addresses no problem.
Guests on my Guest wifi networks can't reach the DHCP server due to no intranet access.

The goal here is to have the router enable DHCP service ONLY for the guest networks.
This would work fine because everything on my LAN has MAC bound designated IPs.

 

[ColinTaylor]

I suppose I have to ask the obvious question: Why don't you use the DHCP server on the router for everything rather than splitting it across two devices?

 

[SirAce135]

Well for two reasons, the Router client table blanks our when I do, and the native Firmware only allows for 64 assigned IPs while the Merlin firmware allows for 128.
I have setup a smart home with tons of connected devices and it is very helpful to have them neatly sectioned off into static IP ranges. Most of these devices don't let you assign a static IP locally either.

So after much research and such, I ended up setting up my DHCP server on my Synology NAS. That portion of it is working absolutely beautifully.
Now it's just a matter of getting this very last detail sorted out

 

[ColinTaylor]

OK I'm not sure I follow what the problem using Merlin's firmware is but I'm sure it makes sense to you. Personally I'm using John's fork of Merlin and don't have any problems doing what you describe.

Given that the OP was over 2 and a half years ago and for different hardware, may I suggest the following approach.

1) Temporarily turn off or disconnect the DHCP server on the NAS.

2) Delete any custom dnsmasq files in /jffs/scripts and /jffs/configs and reboot the router.

3) Log on to the Asus web interface, enable the DHCP server and configure the LAN DNS&DHCP how you want it for your Wi-Fi guests. Don't worry about it effecting all clients, we'll deal with that later.

Use a DHCP IP range that doesn't overlap with what you've setup on the NAS. I know that in theory it shouldn't be an issue, but it will avoid confusion later and help with troubleshooting.

3) Test your wireless guest clients to make sure everything works as you want it.

4) You should now have a working /etc/dnsmasq.conf to use as a baseline.

5) Post the contents of /etc/dnsmasq.conf here so that we can have a look at it. I'm hoping that we will only need to replace references to br0 with wl0.1 and wl1.1.

6) Disable the DHCP server on the Asus and re-enable it on the NAS.

7) Ponder the meaning of life....

 

[ColinTaylor]

I just stumbled across this which might be of interest. It allows guest networks to use a DHCP server on the LAN without giving them any other access to it. Seems like a much more elegant solution than running two different DHCP servers.

http://www.snbforums.com/threads/passing-dhcp-requests-with-ebtables.15287/

 

[mlord]

After having the same problem -- no DHCP for guest networks when main LAN has its own DHCP server -- I came up with a script to automatically take care of things. This works for up to three guest networks per band, or six in total, same as the Merlin GUI.

It puts the 2.4GHz guests onto 192.168.10.*, 192.168.11.*, 192.168.12.*
and the 5GHz guests onto 192.168.20.*, 192.168.21.*, 192.168.22.*

Grab the script from here: http://rtr.ca/merlin/enable_dhcp_for_guests.sh
(snbforums won't allow it to be posted directly here, so..).

I invoke it from /jffs/scripts/firewall-start

Cheers

 

[john9527]

Grab the script from here:

Forgot to change to the variable to process each interface for dnsmasq

interface=$IFACE
dhcp-range=wl0.1,$IPADDR.2,$IPADDR.254,255.255.255.0,8h

 

[mlord]

Thanks for spotting that! Fixed.

Cheers