Configuring double NAT testbed on RPI 4b

Hello friends, I am trying to setup a testbed environment for a uni project. the intended design is to configure an openWRT router that wirelessly connects some devices, then the devices and the openWRT router (in some capacity) are accessable from the public internet.

I will not be using the openWRT router as my primary router, but rather, have it sitting behind my actual router. bridging the OpenWRT router and my primary router would invalidate the idea of the testbed (from my understanding), so the setup ends up being a double nat. the topology is as follows:

devices --> openWRT raspberry pi router --> my actual router --> outside internet

I have tried to follow what I can find on the internet for the past few days but have not gotten the devices connected to the openWRT router to connect to the internet in any capacity, only able to communicate with other devices on my primary router

my current configuration of the openWRT router is factory default asside from the following additions:

interfaces:

  • LAN
    device: BR-LAN
    ipv4 address: 192.168.1.111
    netmask: 255.255.255.0

  • WAN
    device: eth0
    ipv4 address: 192.168.1.102
    netmask: 255.255.255.0
    ipv4 gateway: 192.168.1.1 (my primary router's IP)

wireless configuration:
network: LAN

firewall zone settings:

the only network port on my RPI is connected to the LAN port of my primary router

I understand port forwards will need to be setup in the future, but currently im just trying to get devices connected to the openWRT router to be able to access the internet in any way. also, frustratingly, when the openWRT router is plugged into my primary router, when a device connects to ether router and gets IP assigned by DHCP, it always gets assigned the openWRT router's ip as the gateway.

primary router ip: 192.168.1.1
openWRT router's ip: 192.168.1.111 (ip of the lan interface)
openWRT WAN IP: 192.168.1.102

I read somewhere that the LAN and/or WAN interfaces need to be on a diffrent subnet to my primary router (???) but im not sure exactly. do I have to set up some specific NAT rules or firewall zone settings to make this work? or is my configuration just wrong

Any help is deeply appreciated, if anything I have said is unclear please ask me to explain.

any router

if you're not really interested in the routing, put eth0 in br-lan, instead of wan.

Wow! thanks this appears to work. i can ping 8.8.8.8 but still cant access the web. im assuming this is because DNS requests arent getting out. any idea what I should do?

EDIT: when connecting to my primary router, the device still gets served the openWRT router's ip as the default gateway. if i try to set my IP mannually to use the primary router's IP i still cant connect to the internet. this only becomes a problem when I plug in the openWRT router to my primary router and renew my DHCP lease, otherwise can still use the internet from primary router

did you do this ^^^ ?

in that case disable the LAN side DHCP , and perhaps reconfigure your RPi be a DHCP client, instead of using a static IP, not a must though.

yes i set both the lan and wan interface to br-lan. is this what you meant?

also when you say "reconfigure your RPi be a DHCP client", does that mean change the protocall of lan or wan to DHCP client instead of Static address in the luci interface? do I do this to both LAN and WAN?

the RPi only have one ethernet port by default, so where does the wan port come from ?

wan is already dhcp client, so it'd be for lan, but as I said, it's not mandatory.

still confused about what you're trying to achieve, despite the sketch in the 1st post :wink:

afted dissabling DHCP on the lan interface, the same problem still occours. when I press renew DHCP lease on a device connected to the openWRT router, it initially gets the default gateway assigned as the openWRT router's IP but then a second later gets assigned my primary routers IP

the RPi only have one ethernet port by default, so where does the wan port come from ?

correct there is only one ethernet port, this is being used as the wan port. other devices connect to the LAN via Wireless.

so does this mean that both my LAN and WAN interfaces should be assigned to br-lan?

ah!
then the initial config was correct.
but your lan and wan subnets can't be the same.

the RPis wifi ( = LAN ?), or some other wifi ?

then the initial config was correct.

so i set LAN to eth0, or WAN?

but your lan and wan subnets can't be the same.

if my primary router is 192.168.1.1, do i just set my WAN's IP to something like 192.168.2.102? will I have to configure anything on my router for this to continue working, its a /24 subnet

wan

you either reconfigure your primary router, or reconfigure the RPis LAN side IP (indirectly subnet), for instance 192.168.2.1.

the RPis wifi ( = LAN ?), or some other wifi ?

the wireless device is set to attatch to the network LAN

you're looking for the interfaces submenu, the wifi will change automagically.

my bad, the wifi is not configured in the interfaces menu, i thought the wireless menu was enough.

I changed the IP settings for the LAN to 192,168.2.1 and didnt come back intime to stop the rollback. now its stuck on waiting for rollback and has been like this for a few minutes. ive tried manually configuring my IP settings to connect to it but still cant. this has happened before and i have just reflashed the PI because I have no access to it via hdmi.

do i just reflash... :frowning:

never mind i just got access to it back! ignore that.

next time simply edit /etc/config/network, then reboot or restart the network service.

1 Like

if I am to add the wireless interface in the interfaces menu, how should I configure it. what device should it attatch to to make this work

nevermind, I appreciate your help but considering this is somewhat time sensitive for my project, im just going to ditch this idea and set up my PI as my primary router via PPPoE.

since the PI only has one network port, if I wanted to connect other devices to it via network cable, could I plug in my PI and the WAN gateway cable into a switch, and then plug in other devices into the switch to connect them to the router? since the PI has bad wireless. would this take extra configuration on the PI's side or do I just need to configure the lan interface to be PPPoE on device br-lan?

thanks so much for ur help so far btw. understand if this is to much to ask

wifi needs to be on the lan zone, yes.

AFAIK only way to use one port for wan and lan, is with VLANs, and you'll need a smart switch for it, if I'm not mistaken.

1 Like

ok I cba to do that then. ill just use the wireless for now lol. since the PI has only one lan port, what will my interfaces look like? do I have the lan interface as br-lan, and create a new WAN interface under eth0, and have wireless on LAN? which one would use the PPPoE protocall? thanks