A beginner’s guide to setting up OpenWrt with dual nics

Hagbertumple · January 17, 2021, 7:45pm

Hey all, I’ve read a ton and fear I’m overthinking this. Still, with my modem in bridge mode I wanna make sure I’m setting it up right first before I swap it in as my main router.

Can anyone please help me with a super simple guide for properly setting up openwrt in a dual-nic environment?

One nic for lan, one for wan

I’m using a rpi4, with a usb3 tp-link ue300 as my secondary nic - drivers already installed.

Using the “extras” image from https://github.com/wulfy23/rpi4/tree/master/builds/ which has the Luci GUI

Wan side is 10.0.0.1, lan is 192.168.1.1

Huge thanks and apologies I’m just not getting it, probably because I’m overthinking it.

Borromini · January 17, 2021, 7:48pm

You are... If your modem is bridged as you say, you'd be getting an IP from your ISP on the WAN side. So why are you setting that IP yourself?

Also, 10.0.0.1 is a private IP and not a world routable one. It's meant for (large) LANs.

Hagbertumple · January 17, 2021, 8:09pm

You are absolutely correct. Sorry - my bad. Just going off my current router before it was bridged. Too much on my mind redoing my network.

So wan side, do I set it up as a dhcp client then?

Also dhcp is not needed on the lan side as pihole will handle it.

Much thanks for the help!

Borromini · January 17, 2021, 8:41pm

All depends on what your ISP provides.

Hagbertumple · January 17, 2021, 9:12pm

Thanks again for your help, it’s appreciated.

Yep looks like my current router is just dhcp to my isp.

So new interface - wan - dhcp client
Firewall zone is set to wan
Bound to eth0
DNS set to my pihole at 192.168.1.9

Is that correct?

Now lan side. Static Ip at 192.168.1.1
eth1 for interface
Do I need firewall zone here too?
Do I have to bind these 2 interfaces together somehow?

Thanks again.

Borromini · January 17, 2021, 9:20pm

You shouldn't need anything extra. OpenWrt has the WAN/LAN stuff configured transparently, as long as you have the interfaces set up the right way in /etc/config/network (which it sounds like you have) then the defaults are good.

Hagbertumple · January 17, 2021, 9:35pm

Ok, just to confirm

One wan on eth0, firewall wan

One lan on eth1, no firewall

I’m using the great luci GUI as well.

That should do it?

Borromini · January 17, 2021, 9:39pm

That sounds about right. The firewall is active both on WAN and LAN, though, but it's more permissive for traffic that stays on the LAN or goes from LAN to WAN. Do check /etc/config/firewall if you want to see the defaults.

Hagbertumple · January 17, 2021, 9:50pm

Ok perfect. Huge thanks for your help once again

Looks like I was over thinking it.

Hagbertumple · January 18, 2021, 7:38am

So this should work, correct?

I’m still struggling with overthinking it I think. Put it online entering what I thought his was in luci, but it failed

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0’
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.1.1'

config interface 'wan'
        option ifname 'eth1’
        option proto 'dhcp'

Borromini · January 18, 2021, 8:58am

LAN is no bridge in your case it's just a single interface. So remove that.

Please use the code tags on top of the editor ( </> ) to post configuration file contents etc.

Hagbertumple · January 20, 2021, 2:58am

Ok still not working

As much info as I can think of giving is below

Huge thanks for the help, once again

192.168.1.9 is my pihole and dhcp server

So,close!


root@rpi4-openwrt /34# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         50.xx.xx.xx      0.0.0.0         UG    0      0        0 eth1
50.xx.xx.xx      *               255.255.252.0   U     0      0        0 eth1
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0


config interface 'lan'
	option ifname 'eth0'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.1.1'
	list dns '192.168.1.9'
	option ipaddr '192.168.1.1'

config interface 'wan'
	option ifname 'eth1'
	option proto 'dhcp'
	option peerdns '0'
	list dns '192.168.1.9'


From LUci dashboard 

LAN
Type: Ethernet Adapter
Device: eth0
Connected: yes
MAC: —
RX: 1.03 MB (8324 Pkts.)
TX: 1.43 MB (2068 Pkts.)
eth0
	
Protocol: Static address
Uptime: 0h 2m 59s
MAC: —
RX: 1.03 MB (8324 Pkts.)
TX: 1.43 MB (2068 Pkts.)
IPv4: 192.168.1.1/24
IPv6: fd6d:—:::1/60
	
WAN
Type: Ethernet Adapter
Device: eth1
Connected: yes
MAC: —
RX: 4.96 MB (93130 Pkts.)
TX: 388.67 KB (4896 Pkts.)
eth1
	
Protocol: DHCP client
Uptime: 0h 1m 6s
MAC: —
RX: 4.96 MB (93130 Pkts.)
TX: 388.67 KB (4896 Pkts.)
IPv4: 50.xx.xx.xx/22

vgaetera · January 20, 2021, 3:45am

Fix the network config:

uci -q delete network.lan.gateway
uci -q delete network.wan.dns
uci commit network
/etc/init.d/network restart

If the issue persists, post the output:

uci show network; uci show firewall; uci show dhcp

Hagbertumple · January 20, 2021, 4:26am

Huge thanks for the help!

I executed those command plus removed some custom redirects I’m setting up for port forwarding. Apparently my syntax is incorrect. Time to check thru it.

And it works!

Thanks again!

Hagbertumple · January 20, 2021, 4:44am

As well, my firewall syntax seemed to be fine, but I entered one manually then copied and pasted to duplicate the others

So up and running 110%

Huge thanks again for everyone’s help. I appreciate it greatly

system · January 30, 2021, 4:44am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.