Confusing traffic numbers on modem interface

Hello, i have a wan interface set with static ip to the modem, as i have pppoe on the router.

I notice that metrics doesn't work anymore and wan network goes trought this interface instead of the dedicated pppoe interface. What can i do to mantain access to the modem and also have pppoe on the router? Some way to block wan traffic to the static ip interface would be good. Any idea? (also why metrics doesn't work... i set the wan interface with metrics 1 and modem interface with metrics 6000, why modem interface have priority to wan?)

Here the network file

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd49:5134:465f::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.2.1'

config interface 'guest'
	option proto 'static'
	option netmask '255.255.255.0'
	option _orig_ifname 'wlan1-1'
	option _orig_bridge 'false'
	option type 'bridge'
	option metric '10'
	option ipaddr '192.168.20.1'

config interface 'wan'
	option ifname 'eth1.2'
	option proto 'pppoe'
	option username 'ciao'
	option password 'testoh'
	option ipv6 'auto'
	option metric '0'

config interface 'wan6'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'
	option ifname 'eth1.2'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 5t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '4 6t'

config interface 'wan_ipv6'
	option proto 'pppoe'
	option ifname 'eth1.2'
	option username 'adsl@alice6.it'
	option password 'IPV6@alice6'
	option ipv6 'auto'
	option metric '10'

config interface 'modem'
	option proto 'static'
	option ifname 'eth1.2'
	option ipaddr '192.168.1.7'
	option netmask '255.255.255.0'
	option metric '100'

What does

ip route

show?

(I also note that it looks like you're getting or trying to get an IPv6 address, which may end up being the "preferred" route, which might be from your WAN interface, rather than the PPoE interface.)

root@Ansuel-Router:~# ip route
default via 192.168.100.1 dev pppoe-wan proto static
default via 192.168.100.1 dev pppoe-wan_ipv6 proto static metric 10
192.168.1.0/24 dev eth1.2 proto static scope link metric 100
192.168.2.0/24 dev br-lan proto kernel scope link src 192.168.2.1
192.168.20.0/24 dev br-guest proto static scope link metric 10
192.168.100.1 dev pppoe-wan proto kernel scope link src 80.182.173.205
192.168.100.1 dev pppoe-wan_ipv6 proto kernel scope link src 79.24.190.38

i want to deny traffico for 192.168.1.0 (i want to access the modem, not use his connection as the modem has internet connection too)

Edit: I mis-read the config, the 192.168.100.0/nn network does not appear in the above config.
I'm guessing that the routing table is populated when

config interface ‘modem’
    option proto ‘static’
    option ifname ‘eth1.2’
    option ipaddr ‘192.168.1.7’
    option netmask ‘255.255.255.0’
    option metric ‘100’

is read in, especially as the PPoE interface isn't active yet.

I don't know how to resolve that within the UCI structure. Perhaps another reader can provide more advice on the specifics.

I don't think you'll need to block the traffic to the modem, but you will likely need to skip NAT of it.

then what is the purpose of the metrics option ? am i wrong of metrics should be a sort of priority of one interface over others?

At least as I understand Linux routing, the most specific, applicable route from the routing table in use is selected. I believe that only in the case that there is more than one of the same specificity is the metric consulted.

Looking at it again, it appears that 192.168.100.1 is your default gateway, which is not configured by your config on one of your network interfaces.

I would imagine that you'll still see traffic counters on eth1.2 increasing, as it looks like your PPPoE routes through that to your ISP.

Still a strange looking routing table for me, as 192.168.100.1 is typically not in the same subnet of either 80.182.173.205 or 79.24.190.38 Then again, I haven't used PPPoE in a very long time.

192.168.100.1 is the internal ip of the isp dslam... so metrics is for the same ip.... that's why it doesn't work...
considering i can make static route on both modem and router (as the modem is openwrt too) how can i make a static route to it?

Makes more sense then.

You've got outside connectivity, correct?
The problem is that you don't have connectivity to the modem's management interface, correct?

I think NAT (SNAT using the management subnet as source address) is required since the modem will only know how to route back to this subnet. It doesn't know how to reach the LAN behind the Openwrt router.

I.e. masquerading should be enabled on the zone with the modem interface. An alternative is to set up a temporary port forwarding using ssh -L

Ummm no

My modem have internet connectivity and my router have a public IP with pppoe

If I set the static IP interface (to access the UI page of the modem) all the internet traffic doesn't go through the pppoe interface. I want that the modem interface permit me to only access the modem ui and nothing more (I don't want internet connection from it)

How can you get internet access through the modem interface when you don't configure a gateway? I.e. there is no default route using eth1.2. I don't understand.

If masquerading interferes with pppoe then there is the option to ssh to the router with "-L port:modem_ip:modem_port" instead.

Don't ask me... Problem is that I see 300gb of traffic on my modem interface and 10 mb on pppoe

It does go through the pppoe WAN interface. You wouldn't have internet connectivity if it didn't.

You have 300gb of traffic on eth1.2. That's the interface both your "modem" and "pppoe" interface are running on.

In LuCI, this combined traffic gets displayed on the "modem" interface. It is running on eth1.2, so it displays the traffic of eth1.2.

As for the "WAN" (i.e. pppoe) interface, you see a much smaller amount of traffic because its counter gets reset upon every (dis-)connect. Think of it as an extra counter, not a complementary one.

Bottom line: Your setup is fine.

@takimata thx a lot... that expalin all

Glad to help. Could you do the forum a favor and rename the topic of this thread to something like "Confusing traffic numbers on modem interface" or something similar? Your question really has nothing to do with "disabling network" and shouldn't show up for somebody who is searching in this direction.

(I would do it myself, but due to lack of activity I fall in and out of the necessary "regular" member status all the time.)