Connect the internet

In fact the filters will be made by a firmware that will be listening to a UDP port on both networks, what you really want and make the card connect on both networks, one being the 192.168.1.x network and the other 192.168.3.x so that I can do this listen from the UDP port

Are you looking for firewall (I.e selectively passing traffic), or ‘watching’ as in monitoring? If you want to monitor, but allow all traffic through, you could setup port mirroring on a managed switch (openwrt should be able to do this).

I just want to connect to two different networks each on a different port.

I need to disable the firewall and disable dhcp.

Are these two existing networks? Or is the openwrt router creating a new network?

Is it literally just routing between two networks (open) or do you want to limit the inter-network connectivity? You’ll also probably need to be able to add static routes to the other routers - can you do this?

the two networks already exist, I just want to connect to them, one the router is at 192.168.1.1 and the other has a router at 192.168.3.1

Do you have the ability to add static routes to the other routers?

I can put yes

make the two interfaces DHCP clients... voila!

You should start with a clean (default) configuration.

Create 2 additional VLANs on the switch, assign each network as untagged to one port on the switch (you'll turn those ports 'off' for the other VLANs. [FWIW, you could use the existing WAN and LAN, or just add one VLAN, but I'm recommending 2 new VLANs so that you are explicitly creating the networks, just as part of the exercise].

Then go to the interfaces and create a new interface for each of the VLANs. Make them either static IP or DHCP (depending on if you are having the upstream routers provide the IP address to this one; if you select static, make sure it is unused and outside the DHCP range for each upstream network). Create new firewall zones for each of the new interfaces.

In the firewall, allow forwarding in both directions between these two firewall zones.

Finally, in each of the upstream routers, set the static routes:
On the 192.168.1.1 router, you will insert a static route to 192.168.3.0/24 via 192.168.1.x (where x is the address of the OpenWrt router on that network).

The other router will need a similar route to 192.168.1.0/24 via 192.168.3.y (where y is the address of the openWrt router on that network).

Connect the cables to the appropriate ports and you should be good to go.

then my difficulty enters, I need to do this directly in the system settings without using lua, because the version of openrwt for this card does not activate lua, even selecting it in make config, I'm doing all the configuration using the serial.
How would the network file look?

using the configuration below I was able to make port 6 connect to the network, but 3 still does not connect.

vi network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdb4:d8ae:418a::/48'

config interface 'lan'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.0.23'
        option netmask '255.255.255.0'

config device 'lan_eth0_1_dev'
        option name 'eth0.1'
        option macaddr 'fa:62:5b:8b:9b:14'

config interface 'wan'
        option ifname 'eth0.2'
        option proto 'static'
        option ipaddr '192.168.0.22'
        option netmask '255.255.0.0'
        option gateway '192.168.0.1'
        option dns '8.8.8.8'

config device 'wan_eth0_2_dev'
        option name 'eth0.2'
        option macaddr 'fa:62:5b:8b:9b:15'

config interface 'wan6'
        option ifname 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 6t'

config switch_vlan
        option device 'switch1'
        option vlan '2'
        option vid '2'
        option ports '2 3t'


Sorry, I've missed some posts, so are you sure to use 'switch1' instead of 'switch0'? In any case I recommend you to add port 0t - it is tagged port, connected with CPU. I can mistake, but you should find port, connected with CPU.

switch 0 is the one that is working, if I remove the 6t and put 0t 6 it stops working, if I leave 0t 6t it also doesn't work. only works if i leave 0 6t!

Yes you only have one switch use the same name for it throughout.

You want a VLAN with 3 untagged and 6 tagged in the same VLAN. This links port 3 to the CPU, applying a tag before it hits the CPU and removing tags before going out on port 3 as the ordinary non-VLAN-aware device on the other end of the cable requires.

Generally the CPU port (6) should be tagged in all the VLANs, and each physical port will be connected untagged to exactly one VLAN.

I managed to solve it for a while, but for those who have the same problem as me, just do the following, when creating the Openwrt kernel for the IOT module to be used, uncheck the DHCP server and make options with the new settings.
In the IOT module with the new openwrt version installed, just use the configurations below:

vi /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd78:c7ae:2307::/48'

config interface 'lan2'
        option ifname 'eth0.2'
        option proto 'static'
        option ipaddr '192.168.3.22'
        option netmask '255.255.0.0'
        option dns '8.8.8.8'
        option gateway '192.168.3.1'
	option macaddr 'fa:62:5b:8b:9b:15'

config interface 'lan'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.0.23'
        option netmask '255.255.0.0'
        option gateway '192.168.0.1'
        list dns '8.8.8.8'
	option macaddr 'fa:62:5b:8b:9b:14'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '3 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0 6t'

vi /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan lan2'

config zone
        option name 'wan'
        option output 'ACCEPT'
        option mtu_fix '1'
        option network 'wan wan6 wan2'
        option input 'ACCEPT'
        option forward 'ACCEPT'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config forwarding
        option dest 'lan'
        option src 'wan'

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.