i have an old totolink router that should act as a second router for an apartment.
it's running openwrt 14.07 with no recent update.
my main subnet is 192.168.5.0, while the subnet of the router (totolink) is 192.168.1.1
how can i block access to 192.168.5.0 subnet from the lan side of the totolink router?
on tp-link default firmware, there's internet access policy feature where i can specify an ip range, and then block access on lan. that works perfectly, but i dont' want to use a tplink (more expensive) router for this specific purpose.
Maybe…maybe not, now we are at fw3 and next major release will probably have a upgraded fw4 with new functions to solve some modern problems.
What “firewall” version do you have on 14 and what capabilities does that have?
Do you have uci on 14 or how do you write the configs?
But if your stated hypothesis is true you should be able to use the current fw manual in the user guide.
Have you tried that?
The thing is that you will not find support that easy to find because OpenWRT 14 is way beyond obsolete. Obsolete is more like OpenWRT 17.
Can’t you just place them in the same interface with the same gateway?
If you run OpenWRT 14 you are not concerned for security anyway, and not performance either?
Or upgrade to something much less obsolete like 18.06 or 19.07 so someone here actually know/remember what you are dealing with.
not really sure why such a trivial thing would need a change. it's not a complicated syntax, it's 1 rule in a very basic form.
how would it look like for openwrt 21? what should i do if i had v21 installed?
on mikrotik (rb931, so it's a 15 eur router) i got it running in 3 minutes - define gateway, define dhcp, and in firewall put a single line : drop forward connection from 192.168.1.0/24 going to 192.168.5.0/24
on tp-link default firmware it's different but it's still doable by defining an ip range and then forbidding it in the access rule (like blacklisting a webpage but instead blacklisting an ip range).
this old totolink doesn't have any support for more modern openwrt except 14. it's a realtek chip and can't find any newer version for it.
Beyond all of the comments about this version being truly ancient and unsupported, have you checked that this is an official openwrt version, as compared to a vendor specific variant? That could drastically affect what features are available and the syntax they require.
Everything is subject to change in technology. Sometimes there are specific underlying reasons a change must happen (for example, VLAN configuration from swconfig to dsa), and other times it is related to having a common and consistent syntax with respect to other things throughout the uci / openwrt environment
while not reading the forum i found this out but i did what i wanted in a completely different way: i have setup an interface alias on my main router , that has a different subnet. and then on the totolink router i changed the wan ip subnet to reflect the alias subnet on the main router.
i think i can now (if needed) block inter-subnet communication all on the same router.
but i also think i could setup the traffic rules in barrier breaker , i was looking in firewall zone settings all the time instead of creating a custom traffic rule.
so overall, from 0 options i ended with 2 options that both can work
thanks
ps the totolink router is an n300rt, which has only some weird support for openwrt 14. original firmware is a disaster so even openwrt BB is a lot better.
would be nice to run at least openwrt 18 on it, but it's probably impossible.