Hi, please excuse my ignorance. I don't know anything about networks and want to learn.
I have two routers, one from my ISP that I have to use because it includes the modem, and one with OpenWRT freshly installed with the default configuration.
If I plug the WAN port of the OpenWRT router into the LAN port of the ISP router, and then connect devices to wifi on the OpenWRT router, will the ISP router be able to see MAC addresses or other info about which devices are connected to the OpenWRT router?
If the answer is yes, what do I need to do in order to make it so the ISP router doesn't know anything about which devices are connected?
I think maybe the OpenWRT router needs to create a subnet or a VLAN, but as I said, I don't know anything about networks, so I have only a vague idea of what those are. I hope someone can point me in the right direction. Thanks!
In the default configuration, OpenWrt will NAT or masquerade all the LAN devices to look like one user on the WAN port. The ISP router will only see one MAC address and one IP address, the one belonging to the OpenWrt router.
The ISP can of course see the places on the Internet that your devices are connecting to, which does reveal quite a bit about the nature of the devices. If this is a problem you can use a VPN service.
Also there is no nat for ipv6 in which case the ISP will see the IPv6 addresses in use on your LAN
Moreover, packets from devices behind the OpenWrt router will have a TTL one unit lower, and your ISP will be able to know its existence.
TTL can be manipulated to cover any traces of other devices in the lan.
Thanks! It sounds like the default configuration of OpenWrt already does what I want.
But here's what confuses me and makes me think this is not true:
The ISP router's IP address is 192.168.1.1 on its own network. The OpenWRT router's IP address on ethernet (when I connect it to a computer without any other network) is also 192.168.1.1.
If I connect to the OpenWRT router's wifi and go to http://192.168.1.1, it's not OpenWRT. It's the ISP's router configuration page. This makes it seem like the two routers are on the same network and have conflicting IP addresses.
Why is that happening?
You need to change one of them, for example change OpenWrt to 192.168.2.1, so that the networks do not overlap and conflict. Then it can be clearly routed that anything 192.168.2.X is in the LAN, and everything else (including 192.168.1.1) is in the WAN.
I wanted the OpenWRT router to create a "separate network" (sorry, I don't know what the right term is) "inside" the ISP router's network, so everything in the OpenWRT router's network appears as just one device to the ISP router.
If the ISP router has an IP address in the OpenWRT router's network, it sounds like it means there is actually no "separate network," and the ISP router sees every individual device connected to the OpenWRT router. Right? (I think I could confirm that by checking the ISP router's list of connected devices.)
So then my question is how to get the OpenWRT router to create this separate network.
uci set network.lan.ipaddr='192.168.2.1'
uci commit network
service network restart
Changing the IP address may be a good idea, but it's irrelevant.
I confirmed that the ISP router sees all devices connected to the OpenWRT router's wifi as if they were directly connected to the ISP router.
Back to the original question: how to configure the OpenWRT router to prevent this?
That is precisely because the IP addresses conflict. Everything is still in the same network, so the ISP router is routing everyone. OpenWrt is not doing any routing.
I actually changed the IP address already (to 192.168.2.1). The ISP router still sees all devices connected to the OpenWRT router's wifi as if they were directly connected to the ISP router.
It sounds like you've got a LAN port on the OpenWrt connected to the LAN port on the ISP router. You want things wired as:
ISP Router -> [ WAN port on OpenWrt ::: LAN port on OpenWrt ] -> Rest of your devices
That might be it. Actually, I shouldn't have said "WAN port" because my router only has one port. It's https://openwrt.org/toh/hwdata/netgear/netgear_ex6100_v2
Is it possible to get the setup I want with this router, or do I need a different router?
Oh it's a range extender. Yes you will have some issues with this. If you want to only used wireless clients and have the Ethernet be a WAN you could do that. You'd need to change the physical setting for WAN to be the eth0 and change the br-lan to be a bridge with nothing in it.
If you also want to wire in some additional device you'll need a different router, or a managed switch
I only want wireless clients, so this could work. (Except I don't know how I'd connect an ethernet cable for troubleshooting if something goes wrong with the wifi.)
Would you mind explaining how to "change the physical setting for WAN to be the eth0 and change the br-lan to be a bridge with nothing in it"? I'm not even sure if that's a hardware thing or software. I noticed the router has a switch where one side says "Access Point" and the other says "Extender", but I don't know if OpenWRT understands that.
I think it actually has two radios, so maybe the one I'm not using could be the WAN, if that's not too complicated...
Since I don't know what I'm doing, I prefer whatever is the simplest way to get this working.
Connect via wifi, go to luci, select WAN and then select the "physical settings" tab and tell it to use eth0 as its interface. Save (but not save and apply).
Go to LAN and do physical settings select "bridge interfaces" and then unselect eth0 in the pull down menu below.
After doing all these things click save and apply. If you did it right, it won't lock you out and everything will just work. If it's going to lock you out it will come back after a timeout with a complaint that it couldn't apply... do NOT apply unchecked. This shouldn't break anything so you shouldn't have that complaint/timeout.
I got stuck at the first step: when connected to the OpenWRT router's wifi, I can't access 192.168.2.1 (by web browser, ssh, or even ping). It worked fine on ethernet. (I don't know if this is related to the IP address change because I didn't try 192.168.1.1 on wifi before changing it.) Why would that happen?
uci export network; uci export wireless; uci export firewall; ip -4 addr