AVM 4040: vlan

weka · December 15, 2019, 3:57pm

Thanks to your help I now own a brand new and shining FB 4040 running OpenWRT.

At last I don't need to fear to get "out of memory" again!

Two questions remain:

How can I completely deactivate ipv6? Although I set it to "ignore" on each interface, openwrt still throws ip4 and ipv6 addresses when doing nslookup. In my own private net, I really don't need ipv6, but I get the feeling that some programs sometimes need a little moment until they realize that there is no ipv6 connection. This may be wrong feelings, I don't know yet for sure.
My old router (a TP-Link) only had one network device, and both the LAN and the WAN interface were realized as VLANs. The 4040 has two real interfaces, which is not really a problem. But I need one of the LAN ports to be turned into a second WAN port for a second router. On TP-Link I could simply set the switch accordingly, but the switch on the 4040 does not allow eth1 to be switched in any way. So I came up with a work around: I created a VLAN with id 999, and bridged it with eth1 to "br-wan". Then I switched VLAN999 to port 4 and now I can use two WAN ports.

Is this the right way to achieve the desired effect or did I do something completely weird, stupid, or even dangerous?

trendy · December 15, 2019, 5:40pm

And this is correct, as long as the address you query has both A and AAAA records.

Nope. Delete this bridge. Create an interface wan2 and assign it on physical interface eth0.999 or whatever vlan you want.

weka · December 15, 2019, 6:17pm

Hm, that didn't work:

wan -> eth1 -> ip 1.2.3.4

wan2 -> eth0.999 -> ip 1.2.3.5

No success. I tried different IPs, I also tried making wan the default gateway for wan2. But neither worked.

Ho exactly do I need to configure this additional wan2 interface?

trendy · December 15, 2019, 8:19pm

Do I suspect right that you are trying to connect both wan and wan2 to the same upstream network?

weka · December 15, 2019, 8:31pm

Yes, you're right. I need the second WAN port for a cascaded router. I know I could use a little hub for this purpose, but that would mean yet another device to feed with electricity.

trendy · December 15, 2019, 8:35pm

What you are trying to accomplish doesn't work that simply.
You either have to create rules and routes for each wan, or use policy based routing package, or mwan3 for failover and load balancing.

weka · December 15, 2019, 8:44pm

Well, bridging WAN and VLAN999 does work exactly the way I need it: providing two WAN ports. One as an upstream and one for the cascaded second router.

The question is, whether this technique will bring any problems or security issues?

trendy · December 15, 2019, 10:02pm

I didn't understand properly.
You are trying to create some sort of backbone to the upstream router through the AVM4040.
Then you can bridge the interfaces eth1 and eth0.999 under wan with 1 IP address. You'll need to experiment a bit with firewall, as usually forwarding among wan zone interfaces is not allowed.

weka · December 15, 2019, 10:59pm

The setup I need is like this:

ISP router → network A: TV and audio receiver
↓
↓ (network A)
↓
router1 → network B: 3 x VLAN for private use
↓
↓ (network A)
↓
media server

The media server needs to operate an network A, otherwise the clients can't use it. I don't want to through a second cable from ISP to media server, that's why I prefer this cascading kind of solution. The second WAN port on router1 just needs to forward the traffic on network A, just like a simple hub.