OpenWRT WDS Configuration with Webif

This document isn't really done. The part about the MAC addresses should have been left out. I didn't describe at all how to set up the Wifi parts. (For Wifi, make all the settings the same on all APs.)

This is a simple description of configuring OpenWRT with Webif (web interface) to use WDS. WDS is a simplified way to create a bridged network of many access points that use a single access point to route to the internet.

Setting up a WDS network is simpler than setting up a routed network or a bridged network, and has the advantage of being very easy to extend (by adding more access points). All nodes connected via WiFi or ethernet appear to be on the same network.

The network being set up consists of two access points. Both are running OpenWRT WhiteRussian RC5. That distro comes with the simple webif web-based config tool. You should reflash each of your APs with this software, for consistency. If you can, clear the NVRAM too, because the bridged interface must be enabled.

Connect your computer's ethernet to port 1 of the "remote" access point that won't be directly connected to the internet. In this example, I've named that AP "phobos". The AP connected to the internet is called "mars". (Phobos is a satellite of Mars.)

First, go into the system info and get the MAC address of the AP. Save it somewhere.

Next, go into the LAN configuration and change the IP address. Every AP should have a unique IP address (otherwise, you won't be able to configure them -- though the routing may still work).

Save the settings, and then activate them. The AP should no longer be accessible via the old URL. Type in the new IP address into your browser to continue configuration.

Set the WDS setting to Enabled. Then, save and activate this as well. You may need to turn the router on and off (or ssh in, and reboot it).

Once that's done, disconnect the ethernet cable from "phobos" and connect it to "mars", the AP that's on the Internet. Go into it's administration interface (http://192.168.1.1) and turn on WDS. Add the MAC address, which you saved before, into the allowed MAC addresses.

Set the Filtered mode to Enabled.

Save and activate. The network should now work. You may need to reboot this AP too.

Connect your ethernet to "phobos" again, and try to access the internet. It should work. If not, try rebooting the access point again.

Once you've done all this, you have a semi-private WDS network. Nothing is encrypted, and the network is open to everyone, but, your access point will restrict other WDS access points from extending the network.

To make the network totally open, so APs can be added without restriction, set the Filtered Mode to Disabled.

Disabling DHCP and the Firewall

You need to disable the DHCP server and the Firewall on the AP not connected to the internet. This way, only one router is providing DHCP and firewalling to the LAN.

I don't have a web-based way to do this (that I trust) so here's the difficult way:

ssh root@192.168.1.2
rm /etc/init.d/S50dnsmasq
rm /etc/init.d/S45firewall

(A web based method might be to remove the dnsmaq and iptables packages... but that might cause the router to stop working.)

If you don't disable dnsmasq, it'll do DHCP on the LAN, which would cause your computer to use 192.168.1.2 as it's DNS server. It should be using 192.168.1.1. It could also cause some problems when two DHCPs are competing to give an IP address to an interface that's being initalized.