Hi, this perhaps seems like a ridiculous question but I am currently in a ridiculous scenario. Perhaps it's best to start off with my current setup and then explain why it is this way:
Garbage ISP router is the key here. I'm renting, the wifi on the isp router is so bad I could write 5 paragraphs on it (goes way beyond just being slow), and the landlord can't be bothered to even call them up. On top of this, the router has no configuration interface (the isp requires that the contract holder call them to activate it, and that's not gonna happen). I'm forwarding ports by running a cron job that continually allocates them through UPnP. The ethernet interfaces on it however seem to work properly.
Goal
So I set things up as above, everything is now ok. The one problem I do still have however is that in order to forward ports, I now have to do it twice - once on the openwrt router and once on the isp router. And ofc I also can't access the machines on the .2 network from the .1 network.
I would like to keep "free travel" between both networks, as would happen if the openwrt router was merely serving as an access point/switch. The reason I'm not doing that however, and instead aim to keep this separate .2 network, is I'm doing split DNS, statically allocated addresses, and I don't want to depend on the isp router's DHCP (or anything else) - it frequently goes haywire or just straight up dies, and I'd like my .2 network to keep working normally when it does.
Question
I understand that if I just bridge wan with lan, I'll have two "competing" DHCP servers. With nat however, 192.168.1.5 can never talk directly to 192.168.2.3. I was thinking perhaps "walling-off" DHCP traffic (essentially making 2 different DHCP "domains") might work, but then the openwrt router would have to send out ARP "updates" on the .1 network so the isp router would know which port to route the .2 destination packets to (assuming that would even work).
You can set your OpenWRt router as a dumb AP
You then have one large subnet for seamless access.
If you do not want this and you want the OpenWRT router on its own subnet with own DHCP server then you have to set a static route on the ISP router: ip route add 192.168.2.0/24 via 192.168.1.5
The next step is to allow traffic from the ISP routers subnet (192.168.1.0/24) on the router:
/etc/config/firewall:
config rule
option name 'allow_forward'
option src 'wan'
option dest '*'
option target 'ACCEPT'
list src_ip '192.168.0.0/16'
option enabled '1'
config rule
option name 'allow_input'
option src 'wan'
option target 'ACCEPT'
list src_ip '192.168.0.0/16'
option enabled '1'
Perhaps my post was a bit long. I mentioned the ISP router has no configuration interface. Hence my speculation in the end with regards to using ARP to manually 'force' this routing on the part of the isp router, but that was assuming it would hold .2 network addresses in its ARP table which I'm not sure it would.
Also wouldn't allowing traffic like that cause conflict between the two DHCP servers? Or does it know not to forward broadcast data?
If they are PCs like on the diagram, you could configure the routes directly on the end devices in the 192.168.1.x network, pointing the 192.168.2.x network towards the OpwnWrt router, then allowing the .1.x individual devices' IP on the OpenWrt router's firewall.
Though a better solution would be to connect all your end devices behind the OpenWrt router. If you want to keep them separated you can configure 2 different VLANs, and have different DNS settings on each network if that's what you want. Edit: of course you can still permit on the firewall any specific traffic you want to pass between the VLANs.
