Configure in and out with 2 ethernet port

jtssi · December 12, 2022, 10:58am

Hello, I would like to know if it is possible to configure the network interfaces, to do as on the picture. I would like openwrt to be my firewall between my internet box and my network.
I would like to have the box as input and the network as output.

thank you in advance

darksky · December 12, 2022, 11:00am

Yes, you are defining a router/firewall + AP.

jtssi · December 12, 2022, 11:03am

thanks for the answer, but how to define which ethernet port is in or out? thanks

lleachii · December 12, 2022, 11:27am

Ethernet port ingress and egress by default. Also OpenWrt defines a Loal Area Network (LAN) port(s) and Wide Area Ethernet (WAN or Internet) port. So, can you better describe what function you're refrencing?

elder_tinkerer · December 12, 2022, 11:36am

Well, of course they're both in and out...traffic goes in both directions.

Which one is the LAN (your network) side and the WAN (modem) depends on the device (what is the maker/name of your OpenWrt device?) and the configuration.

Did you get your device already set up with OpenWrt or do you did it yourself?

For a quick check, set one of your PCs to DHCP and connect it to one of the two ports of the OpenWrt device. You should get an IP address on your PC in the kind of 192.168.1.xxx. If nothing happens, try the other port.
This port would than be your LAN (network) port.

darksky · December 12, 2022, 11:37am

To expand on what @lleachii said: you can literally define any of your ports as the one for the modem to use and any of the others for the swtich and/or optionally other devices. Standard naming convention is to retain the WAN port for uplink to the modem, and LAN1-x as your internal ones.

Do you plan to introduce VLANs into the mix?
Is your switch a managed or unmanaged?

eduperez · December 12, 2022, 3:09pm

This is exactly the default configuration for any supported device with two ethernet interfaces.

jtssi · December 15, 2022, 9:58am

Hello, I'm back with a little delay.
I use a raspberry 4b.

I updated my shema.

darksky · December 15, 2022, 10:03am

Looks fine... generally the modem is assigned 192.168.100.1 by default (depending on brand). Recommend you use the internal NIC (eth0) on the RPi4 to be your LAN facing one and put the USB NIC (eth1) on the modem simply in case the USB NIC breaks. This way you will still have LAN access.

jtssi · December 15, 2022, 10:31am

Thank you, is there any configuration to do? There will be no conflict between the RPI and the MODEM BOX which are in dhcp?

eduperez · December 15, 2022, 2:54pm

Do you really want to have a double-NAT setup? If there are no other devices connected to the modem, and the RPi acts as "the main router", wouldn't you prefer to have a public IP address on it?

jtssi · December 15, 2022, 4:36pm

Hi, on my main router (modem box), there are IP cameras wifi.

eduperez · December 16, 2022, 8:24am

The only configuration you need is to ensure that the OpenWrt's LAN does not use the same IP range as the modem's LAN.