Follow the instructions from my previous post.
On the LuCi interface :
On my Device :
sudo ip addr add 192.168.178.182 dev enp3s0f1
Still no internet 
Also ETABLES looks quite similar to IPTABLES so It's fine to me to use it if bridging works ?
I told you to use a different subnet and you used the same...
Also the ip addr command might need a subnet as well.
1 Like
I am really confuse about how to do it. Maybe the problem is even not clear for you.
Should I start a new thread ?
If yes I'll let you suggest your ideas/solutions than referring to my existing solutions which can bias how you help me.
Change the IP address of one of the interfaces. If you have one interface on 192.168.178.0/24, have the other on 192.168.179.0/24 for example
So to change the subnet on the interface of the router side, I do it using the interface or using a command line ?
It doesn't matter. You can do it form the GUI, no problem.
What matters is that if you need the two interfaces to have IPs on different network for the routing to work between them.
.
Could you tell me if this configuration is correct ?
EDIT : I applied this configuration to the DEVICE interface, I have to applied the same configuration to the device network car too ?
I don't know which interface is that, but anyway remove the "/24" from the IP address. When we talk about the network IP we say 192.168.179.0/24 to indicate that the most significant 24 bit of the IP address (that is the first 3 parts: 192.168.179) are the subset ID (i.e. subnet mask is 255.255.255.0), and that the last part is what changes for each device. So your IP should be 192.168.179.45.
Try this change and see if it works. If it doesn't, please share the output of the following
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/firewall
cat /etc/config/dhcp
I applied the following configuration to ETH1 "DEVICES" using the interface :
- Adress : 192.168.179.45
- Netmask : 255.255.255.0
- Broadcast : 192.168.179.255
It's so weird I got this even the interface shows the contrary
OUTPUT (done on the RSPi) :
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fde6:7b32:9520::/48'
config interface 'lan'
option ifname 'eth0'
option ipaddr '192.168.179.45'
option netmask '255.255.255.0'
option broadcast '192.168.179.255'
option proto 'dhcp'
config interface 'devices'
option ifname 'eth1'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.179.45'
option broadcast '192.168.179.255'
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'platform/soc/3f300000.mmc/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
option htmode 'HT20'
option disabled '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'devices'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option input 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config forwarding
option dest 'lan'
option src 'wan'
config forwarding
option dest 'wan'
option src 'lan'
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
I don't know why you LAN interface keeps getting IP from the DEVICES interface. It could be something I haven't noticed, but I don't know if the reason could be that you are calling that interface LAN while it's actually the upstream interface, as far as the Pi is concerned.
Or did you possibly changing the IP of your router?
Either way, it's good practice to keep consistency within your config and also with common convention. Upstream is WAN and downstream is LAN
I restarted from scratch (agaiiiiinn).
I am now using the ethernet port (ETH0) for the WAN and the USB port for the LAN (ETH1).
I can connect but don't have internet yet. I was connected to both WiFi and ethernet
OK, now IPs look good.
Though, WAN doesn't seem to have Firewall zone. Yuo should go to WAN interface configuration, Firewall Settings tab and choose WAN zone. It should have red/pink colour as you had before.
Done !
It's colored but it's not red/pink it's light green, does this matter ?
I have now an internet connection throught the USB-ethernet cable (LAN interface)
So both interfaces are green?
Internet should be on the WAN interface. I don't understand why you keep changing things.
ًWAN interface, WAN firewall zone, internet source
LAN interface, LAN firewall zone, your device
1 Like
Green but different color, I think it doesn't matter.
Sorry, I didn't explained well. WAN is on the internet side going throught the ethernet port of the RSPI and so I have an internet connection using the USB-ETHERNET interface, which means it works.
This is my actual configuration 
Anyway, everything is working now, I tested the Firewall blocking and it also works when I DROP the port connections using IPTABLES.
Thank you so much.
I'll edit my first post with the different solutions.