Connect x86 router to ISP Router in bridge mode

Hello, I decided to install OpenWRT in my new x86 router this weekend and I can't configure it correctly.

I have set my ISP router (ONT Router) in bridge mode and I want to use the x86 router as my main router. But I can't get internet connection.

I have connected 2 RJ45 cables in the x86 router: one cable that goes into the interface eth1 (WAN port) connected to the ISP router and the other one that goes into the interface eth0 (LAN port) to my computer network interface as the image above shows.

My ISP provides me WAN IP via DHCP with VLAN ID for internet (VLAN 10)

I was using an old Asus router before buying the x86 router and I didn't have any problems because Asus GUI interface made the job for me. I didn't configure any VLAN ID parameters before because I could get internet connection automatically.

I don't have the necessary knowledge to configure manually this settings in OpenWRT so if someone can help I would appreciate a lot.

Last thing I have realised is that I can ping public IP addresses with the x86 router but ping fails when I try to ping my private IP PC address with the x86 router. The PC can only ping the router. I also disabled firewall temporally for avoiding connectivity problems and nothing worked.

My default network config:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix '--------'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'

All help is welcome.

Simple to accomplish. Just use dotted notation eth1.10:

config interface 'wan'
        option device 'eth1.10'
        option proto 'dhcp'

Unfortunately I've tried it before and it didn't work...

Are you sure your bridge-mode router requires the VLAN?

I followed these steps of this user because we have the same ISP router brand:

https://forum.openwrt.org/t/novice-trying-to-understand-bridging-and-vlans-for-correct-configuration/157314

As far as I understand my ISP router uses VLANs for internet, voip and iptv. But as I said before I didn't have to tweak these settings on my old Asus router...

In that thread, there is a mention of PPPoE as the connection protocol for the internet service. You've got your router setup with DHCP.

It would make sense to look at your Asus router and document all the settings on the wan interface -- connection protocol (and credentials, if relevant), VLAN ID, etc.

I restore my Asus router to make sure I don't need the VLAN ID tagging and I can get internet without tagging VLANs.

Here is my WAN settings on the Asus router:

I think the problem is something related to LAN-WAN communication or IPv4 routes, because WAN works on the router (I can ping public IP with the x86 router via CLI) but I can't ping my IP Private PC with the x86 router:

root@OpenWrt:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=118 time=13.051 ms
64 bytes from 8.8.8.8: seq=1 ttl=118 time=12.657 ms

--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 12.657/12.854/13.051 ms

root@OpenWrt:~# ping 192.168.1.111
PING 192.168.1.111 (192.168.1.111): 56 data bytes

--- 192.168.1.111 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss

My WAN/LAN settings on LuCI:

Any idea?

Does the wan ip on your openwrt router begin with 192.168?

No, it's a public IP what I get in both routers it starts with 180.

In "special requirement from ISP", I see a redacted MAC adress. If your ISP needs a special MAC adress, than you should also change eth1 (WAN) in the x86 router.

Ok. Let’s look at the configuration again.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

I did this with no results:

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'
        option macaddr 'E0:--:-:--:--:41'

I didn't write in the Asus router the ISP MAC address and I got internet automatically. So it seems it's not necessary because I don't have internet access on the x86 router with this config...

1 Like
root@OpenWrt:~# ubus call system board
{
        "kernel": "5.15.150",
        "hostname": "OpenWrt",
        "system": "Intel(R) N100",
        "model": "Default string Default string",
        "board_name": "default-string-default-string",
        "rootfs_type": "ext4",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.3",
                "revision": "r23809-234f1a2efa",
                "target": "x86/64",
                "description": "OpenWrt 23.05.3 r23809-234f1a2efa"
        }
}
root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix '--------------::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth1'
        option proto 'dhcpv6'

root@OpenWrt:~# cat /etc/config/wireless
cat: can't open '/etc/config/wireless': No such file or directory

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

I don't have Wifi card at the moment or an Access Point, I don't need it for the moment. Also I have disabled the firewall on the Startup.

I'm not seeing any issues with your OpenWrt router.

You tested pings from the router itself to the internet and that worked, correct?
What do you see from a computer connected to eth0 of your OpenWrt router?

  • What is the IP address, subnet mask, DNS server, and router/gateway that it gets via DHCP?
  • What happens when you run ping tests to the following from a computer connected to eth1:

You tested pings from the router itself to the internet and that worked, correct?

Yes, that's correct.

What do you see from a computer connected to eth0 of your OpenWrt router?
What is the IP address, subnet mask, DNS server, and router/gateway that it gets via DHCP?

This is what I see from my computer:

C:\Users\PC>ipconfig

Windows IP Configuration


Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . : lan
   Link-local IPv6 Address . . . . . : fe80::3e52:a1ff:fe44:6937%8
   IPv4 Address. . . . . . . . . . . : 192.168.1.111
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1

C:\Users\PC>ping 192.168.1.1

Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64

Ping statistics for 192.168.1.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

My computer can see the router and it receives and sents data as it shows in Windows:

  • What happens when you run ping tests to the following from a computer connected to eth1:

When I change the cables eth1 connected to the computer and eth0 connected to the router in bridge mode I can't get private IP in my computer via DHCP, gateway dissappears too. So I can't connect via ssh or LuCI via website. See this:

C:\Users\PC>ipconfig

Windows IP Configuration


Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::3e52:a1ff:fe44:6937%8
   Autoconfiguration IPv4 Address. . : 169.---.---.242
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :

C:\Users\PC>ping 192.168.1.1

Pinging 192.168.1.1 with 32 bytes of data:
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.

Ping statistics for 192.168.1.1:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)

I don't know what's happening but it seems LAN can't reach WAN.

Is this the same computer?

This one looks normal:

Whereas this indicates the PC was unable to obtain an IP address via DHCP (you don't need to redact this, btw):

Is this the same computer?

Yes, it's the same computer.

Sorry, this is what I obtain:

C:\Users\PC>ipconfig

Windows IP Configuration


Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::3e52:a1ff:fe44:6937%8
   Autoconfiguration IPv4 Address. . : 169.254.118.242
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :

This indicates that the computer was unable to obtain an address via DHCP.

What about the earlier example? Where did that come from?

It comes when eth1 (WAN) is connected to the bridged mode router and eth0 (LAN) connected to the computer.

When I switch cables from the interfaces I can't get IP via DHCP.

The ISP connection (from the bridge mode router) should be connected to eth1 of your OpenWrt router, and eth0 should be connected to the computer downstream.

In that situation, things should work.

Are you doing something different? If so, can you be more precise in your description (what cables go to where) and also explain why?