Currently my setup looks like this: Internet --> Wireless Router 1 with 4 LAN ports
I would like to connect a new router (I’ll name it Router 2) to Router 1’s LAN port 4, and configure such that Router 1 does nothing but give direct access to the internet to router 2. Router 1 should not assign Router 2 an IP address or anything. I want Router 2 using its own firewall, acting as the DHCP Server for its clients, etc. Router 2 should not know about Router 1 or be affected by it. Router 2 should “believe” that there is nothing between Router 2 and the internet aside from its own configuration.
(Router 2 will eventually replace router 1, but in the meantime as I setup router 2 I want to have internet access to install packages, be able to test VLANs on it, etc. without accommodating for Router 1 being upstream)
I believe this is referred to as IP Passthrough, but I cold be wrong. Any help would be greatly appreciated.
Both routers are running OpenWRT 19.07.3 . For simplicity sake, we can assume they are both stock images with no customization yet.
Obviously it requires that your service provider allows you to use two or more IP addresses since Router 2 will request its own IP address.
Maybe what I am asking for cannot be done. I was hoping my one ISP address can be utilized by both routers, and now that I say that out loud I'm starting to think I may have been naive and this is impossible.
Then on Router 1 create a bridge containing wan port and the lan port which connects to the Router 2. (or on the switch assign the lan port in the same vlan as the wan)
Leave the interface unmanaged.
If your Router 1 uses vlan to separate WAN and LAN traffic, you could just move LAN port 4 from LAN vlan to WAN vlan, and connect it to the WAN port of Router 2 assuming your want Router 2 to perform routing.
If your Router 1 uses vlan to separate WAN and LAN traffic
It does.
you could just move LAN port 4 from LAN vlan to WAN vlan
I'm still learning, so please bear with me. When you say "move" are you referring to adjusting the tagging in the switch? @trendy suggested the same I believe with:
(or on the switch assign the lan port in the same vlan as the wan)
In Luci, how does one move a LAN Port?
assuming your want Router 2 to perform routing.
I do. Router 2 does not have any WiFi capabilities, so I want it routing to just the clients I connect to it.
EDIT: While Router 1 (with WiFi capabilities) routes for its wireless clients.
What are you trying to achieve with 2 routers? Is it to load balance the routing/NAT part? If not and you just need more Ethernet ports, it'd be simpler to use a switch, you could configure Router2 to work like a switch - switch off DHCP (and any service that send or respond to broadcast/multicast traffic like UPnP) and connect any Router1 LAN port to any Router2 LAN port.
I know that my ISP doesn't offer this on my plan. Pretty sure I was doomed from the start once @mikma pointed this out. I'll retire this thread since I didn't even think about that (massively important) fact.
I was editing my reply when you responded. I just wanted to know what you're trying to do with 2 routers. See my updated post above for more information.
Based on what you said in your original post, I assume you're trying to set up Router2 to replace Router1, but you want to minimize interruption while setting it all up, so you want to keep Router1 running? If so, you could just connect Router2 WAN to Router1 LAN and use DHCP for Router2 WAN, you'd end up with double NAT, but I assume it's acceptable since it's temporary. Once it's all set up, you could then change the Router2 WAN connection settings to work with your ISP (e.g. PPPoE etc)
As a new user, I can't post more than 3 replies in a thread, so I'll keep updating this post until I'm allowed to post more replies
Update 1
Actually I missed one thing, you need to make sure that Router1 and Router2 have different LAN subnets, e.g. if Router1 IP is 192.168.1.1 , you'd need to change Router2 IP to something like 192.168.2.1, I think the subnet would change automatically when router IP is changed.
It is best to avoid double NAT, it tends to break incoming connections which are usually needed by VoIP, P2P sharing etc (as opposed to outgoing connections like browsing the web), but since you're only testing your temporary set up for Router2, I'd expect it to be acceptable, as soon as you remove Router1, double NAT would revert back to single NAT (Router1 NAT is removed)
If Router1 works with default OpenWrt WAN configuration, you wouldn't need to change Router2 WAN, I only mentioned changing Router2 WAN in case your broadband connection needed that change (e.g. requiring PPPoE username/password)
Update 2
Did you make sure they had different LAN subnets mentioned above? If they had the same subnet, they wouldn't work regardless whether NAT was involved.
I assume you're trying to set up Router2 to replace Router1, but you want to minimize interruption while setting it all up, so you want to keep Router1 running?
Exactly, I'm sorry if that was unclear.
use DHCP for Router2 WAN
Specifically, does that mean Router 1 as the DHCP server automatically routes Router 2's traffic for it with no additional configuration? Just connect Router 2's WAN port to one of Router 1's LAN ports?
end up with double NAT
I thought this was bad practice and should be avoided, which is why I didn't just attempt it outright. Again, I don't know a ton but I thought Double NAT = BAD!
change the Router2 WAN
Where I am at in my OpenWRT understanding, I never mess with WAN settings. I leave them to their default values from fresh sys-upgrades because I don't want to jeopardize my home-network's security. I'm cool with dabbling on the LAN side of things, but I don't like adjusting WAN stuff without very specific assistance. Luckily my ISP is Verizon FiOS and it's just a patch cable from their ONT into my Router's WAN port without the need to adjust anything.
Basically: yes. BUT if NAT works once, it will probably work twice as well. Personally I'm on an LTE uplink and my provider does CGN (Carrier Grade NAT) anyway. The only downside I've seen so far is with poorly configured Skype servers, Office365 Skype works fine though...