Configuring LAN interfaces, TFTP, odhcpd & Unbound


I'm kind of new to OpenWRT, and am having a few issues setting up my WRT1900ACS (LinkSys) router the way I want it.
My setup is anything -but- "default" and I'm trying to segment my internal LAN in a specific manner.

Firstly, after reading a few articles about dnsmasq and several of those articles recommending replacing it with odhcpd and Unbound, I proceeded to do that.
Got basic functionality, routing, firewall, etc working. DNS works. I have internet access from the devices behind eth1 port on the WRT1900, but not from devices behind eth3 port, which could be due to the difference in how the "internal routers" on those ports are configured, and what firmware they are running. I'm thinking about replacing the one running the stock ISP firmware, more on that below.

So now, however, the internal devices are also not receiving an IPv6 address (they're being assigned 'local' addresses rather than the public IPv6 addresses that each of the LAN interfaces has been designated by OpenWRT, supplied by my ISP.)
This used to work when I was still using dnsmasq, and I can't for the life of me figure out what's been altered in the config files to produce this result.
Since replacing dnsmasq with odhcpd and Unbound, effectively removed the LuCi app for configuring DNS and DHCP, I'm stuck with looking through config files and trying to find what option to change, and OpenWRT config file structure is kind of new to me, so. I kind of need someone to a little bit maybe walk me through it, as I've tried to find documentation and articles on my specific issues and have been reading about so many different people's varying configurations and problems that my head is swimming, haha. :wink:

Secondly, I have the internal network configured as follows:
br-lan (default LAN bridge) - IPv4 :
eth1 (lan1) - IPv4 :
eth3 (lan3) - IPv4 :

I am trying to get the WRT1900ACS router (which is serving as the "main gateway" to my ISP supplied fiber line) - to supply IPs for the different IPv4 subnets listed above, to the connected devices on eth1 and eth3 which are both behind two more Technicolor routers, creating yet another layer of security (so far they're ISP-supplied routers, it's all I have currently...) - the one on eth1 also running OpenWRT and in bridge mode, and the other, on eth3, is the stock ISP firmware by Telia Sweden (fw: Cobalt 18.3) and I haven't found a way to flash it yet, it's the newer of the two, and replacing the firmware in this one might be tricky. They've patched against the ways to flash these TG799 routers since I believe it was fw v. 17.2, so the newer firmwares can't as easily be replaced. There might be a way, there might not, I'm still researching it before chucking that particular router entirely and replacing it with a TPLink Archer I have laying around.
Ideally, I would want to run OpenWRT on all three routers.

Now, the thing is also that, the internal devices behind the router on eth1 that's in bridge mode get an IP, so do devices connecting over WiFi, but they all get IPs from the br-lan subnet,, and not the way I've configured /etc/config/dhcp, to serve IPs from the separate subnets I listed above.

I'm kind of stuck here. And this entire issue has been giving me headaches all week. Please help! I will of course supply any additional information and LOG entries required to help me resolve this issue and move forward with the rest of this network implementation (I moved into a new place and am finally back on a fiber hookup, so am trying to set this all up in this manner for purposes of maximum security, longevity and usability).
However, if anyone has any suggestions about my network topology and design, I'm always open to suggestions about designing or configuring it differently. I -want- two separate internal LANs, and want to separate the WiFi network from the LAN segments, hence my attempt to leave the default br-lan bridge for serving the WiFi clients, and the eth1 and eth3 serving two separate internal LAN segments, that are not supposed to be able to directly communicate with one another.

I'm also simultaneously trying to get the WRT1900ACS to issue IPs and enable PXE boot to clients connected to the eth1 port, ie behind the router in bridge mode connected to the eth1 port on the "main gateway router"...
that are using PXE boot and I have a separate TFTP server for that, on that same LAN segment. They're giving me the "PXE-053 : No boot file found" error, even though I'm pretty certain I've got the TFPT server (running on a Ubuntu machine currently) - setup and configured correctly. It's been more than 15 years since I messed around with PXE booting though, so I might need some help double-checking that config as well.

When looking at the syslog, this is what I see when a PXE client tries to get an IP from odhcpd: (and again, can't for the life of me figure out why OpenWRT won't accept my config of the interfaces/devices, to have separate IPv4 segments for eth1 and eth3, and not used the br-lan IPv4 subnet for DHCP clients, help with that as well, please!)

Thu Jul  4 22:54:42 2024 daemon.debug odhcpd[23992]: Received 548 Bytes from
Thu Jul  4 22:54:42 2024 daemon.debug odhcpd[23992]: Got DHCPv4 request on lan
Thu Jul  4 22:54:42 2024 daemon.debug odhcpd[23992]: Assigning mapped IP: (try 1 of 150)
Thu Jul  4 22:54:42 2024 odhcpd[23992]: Received DHCPV4_MSG_DISCOVER from xx:xx:xx:xx:xx:xx on lan
Thu Jul  4 22:54:42 2024 daemon.debug odhcpd[23992]: Sent DHCPV4_MSG_OFFER to ff:ff:ff:ff:ff:ff -
Thu Jul  4 22:54:46 2024 daemon.debug odhcpd[23992]: Received 548 Bytes from

It's as if the additional odhcp options and 'config boot linux' section in /etc/config/dhcp aren't even being applied, which is rather odd IMHO.
I had the same problem when running dnsmasq, which is the main reason I decided to replace dnsmasq with odhcpd and Unbound.

All in all, I know how I would -prefer- to have this network design look and operate, but I'm open to any and all suggestions about doing it differently, as long as the eth1 and eth3 segments can't communicate directly, but the WiFi (ie, br-lan connnected) devices can reach both those segments and vice versa.

Should I maybe just remove the br-lan device entirely?
And re-configure interfaces/devices from scratch, without the network bridge?
I would prefer if the LAN ports on the WRT1900ACS were -not- bridged, so I tried removing those interfaces from the bridge, which made literally ZERO difference, so I added them back again.
The "bridge all the LAN interfaces" config seems to be the default way of OpenWRT, which makes sense I suppose, for the average user, but I'm far from average, in more ways than one, haha. :wink:
Anyway, I was concerned I might lose connectivity entirely and not be able to access the router at all if I removed the bridge, so I haven't tried that option yet.

I seriously need to take a break from this for now though, as I'm both seriously getting a headache again trying to wrap my head around it, and it's a bit past midnight here as I'm writing this, so gotta get some rest.

Any and all assistance and suggestions on how to proceed and get this operating the way I would prefer it to, are very much welcome and will be immensely appreciated.

Thank You Kindly!

Samurai 3000

Please post output of

ubus call system board
1 Like
root@gw:/# ubus call system board
        "kernel": "5.15.150",
        "hostname": "gw",
        "system": "ARMv7 Processor rev 1 (v7l)",
        "model": "Linksys WRT1900ACS",
        "board_name": "linksys,wrt1900acs",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.3",
                "revision": "r23809-234f1a2efa",
                "target": "mvebu/cortexa9",
                "description": "OpenWrt 23.05.3 r23809-234f1a2efa"