I had setup my raspberry Pi 3B with OpenWRT, I can access it through SSH and the LuCi interface. I connect it to Internet through an Ethernet cable using the Ethernet port. I connect a device using one USB port through an USB-Ethernet adapter.
I want to test the case of when my device is not working. To do this I tried to block the access to the port using IPTABLES. Even I block every port and the mac and the IP it's still working.
This is at this point I need some help to understand.
I removed all the firewall on OpenWRT to restart from scratch and I can't create new one, when I create one and apply the change it doesn't add it.
I have 2 interfaces : br-WAN and LAN, but I don't get any IP attributed to the LAN one. The device is still working. I setup WAN at eth0 and LAN at eth1. From the UI it says "Connected : No" for the LAN interface. But the device is connected and I know his IP : 192.168.178.182.
My device communicate with my amazon server using 443 TCP, 123 UDP and 53 UDP ports. I would like to test the effects of blocking them to see the behavior . From this, when the device is not working I want to make a diagnostic tool running on the device which could say "443 TCP" is not enable.
This is why I need to setup a firewall to blocks the data coming from and going to the device
Something is wrong here. The factory reset didn't work. You should have 192.168.1.1/24 in LAN and DHCP in WAN. LAN should be assigned to LAN firewall zone so it should be green color and WAN should be red.
Which image did you flash?
WAN is now part of the WAN firewall zone, which by default doesn't let any inbound connections, unless opened from firewall.
What you can do is remove the cable from WAN port, plug it in LAN, wait till LAN gets IP from router DHCP and connect to that IP.
You need to tell us what your aim is. What your bigger network is like.
Technically, a router is a device that does the routing between the Wide Area Network (WAN) and the Local Area Network (LAN), or the outside an inside in plain English. If you don't want that separation, then you need to set the device as switch not router, so you have both ports at the LAN side.
If you want to bridge WAN and LAN then why make WAN in the first place?
You still have not explained what are you trying to achieve, so I cannot answer that yet.
If you want to separate the broadcast domains from wan side to lan side you don't need bridge.
If you want to have one broadcast domain between eth0 and eth1 make a bridge on LAN that covers both eth0 and eth1.
Verify that the LAN interface has go the IP address and not WAN, because WAN is blocking everything by default.
My suggestion is to restore factory defaults and start from scratch with a solid plan of what you want to achieve.
The RBPi is a router with which I want to control the data going to and from the device. The purpose of it is to understand the behavior of when I can't reach the device. From it, I'll make a tool to say "This port not activted" or "This domain is blacklisted". To do this I want to use the Firewall functionality. To me IPTABLES is a good start to DROP the packets going to certain ports or to certain web address to see the behavior of when something is not working. I tested the commands on another router but couldn't monitor what was going on so I know it's possible. Now with this setup I have been able to redirect the packet to my computer using :
I'm not entirely sure what DEvice on your graph is, but I will assume it's a laptop that you want it to take internet form the Pi via ethernet cable.
If your Pi is what connects your network to the outer world then yes, you need the WAN port and you need the firewall.
Yes. Though I'm not sure if it's fine like this or if you better make the USB adapter for the WAN and keep the on-board network port for the LAN to ensure access to the Pi even if the USB adaptor or driver misbehaves.
NO. You only bridge the LAN interface (whichever eth0 or eth1 you use for that) with the WiFi interface.
My router is still inside a larger but local network, so I don't need a WAN ?
I think I start understanding my mistakes. I still need ETH0 and ETH1 because they are two different interfaces.
I have LAN wich is DHCP and ETH0. Now I need another interface let's call it DEVICE with DHCP and ETH1 ?
In the scenario depicted above you can do the following:
LAN eth1 and DHCP if device runs DHCP server. Then you would have to switch off DHCP server on LAN port of Openwrt. If there is no other DHCP server, you need to assign static IP.
WAN eth0 and DHCP or PPPoE, depends on the provider. Allow port 22 on WAN interface in firewall section.
My mistakes came from the WAN. On the diagram "internet" isn't the provider connection, it's another LAN.
This is what I have and I can communicate with the device. I will try to drop the connections and If it works the problem will be solved