Does my router setup protects me against attacks from the internet?

Dominik-1980 · December 29, 2020, 9:34pm

Hello.

I am new to OpenWRT and I think its great!
I use it on an Raspberry Pi 3B+ and i managed to get it to work with my VPN Provider with the help of @trendy.
So now I installed a nice theme and was looking out for needful stuff.
I installed adblock and it works great.
Then I thought installing banip is also a good thing.
My question now is, will this work within my home network configuration?

I simply connected the Raspberry to my network switch with a LAN-Cable.
I set the IP of OpenWRT to static 192.168.1.2 and set the default gateway to 192.168.1.1 which is my FritzBox (main router) with the internet connection and disabled DHCP (Fritzbox is my DHCP server).
My Devices (Smartphone, iPad, Mac...) are still connected to the FritzBox Wireless Network, not that one on the OpenWRT but I set the IPs in this devices manually with gateway and DNS both set to 192.168.1.2 (OpenWRT).

So I get my connection over the VPN and adblock works also great.
My question is, are my devices protected with software like banip if the are connected to the FritzBox but use OpenWRT as gateway?

psherman · December 29, 2020, 9:43pm

In your current configuration, no, the OpenWrt installation is not doing anything for you. In order for the firewall and any other filtering to work, it must be in routing mode. This means that you would be creating a double-NAT situation (which is not ideal, but often not a problem these days). To do this, you would need to change the subnet of one of the devices. You might have, for example:

Internet > Fritzbox WAN > [Fritzbox LAN 192.168.1.0/24] > OpenWrt WAN > [OpenWrt LAN 192.168.2.0/24]

Or, if the fritzbox can be removed, or placed into bride mode, that would avoid double NAT since the WAN of your OpenWrt router would be your actual ISP supplied IP address.

Dominik-1980 · December 29, 2020, 10:27pm

Thank you. I thought as much.

Using 2 subnets is not an option because I have a complete Home Automation with Apples HomeKit and also Home Assistant with many devices that communicates via mDNS/Bonjour...

So I will take advantage of my VPN-Gateway and my adblocker...
Are there any other packages I can use sensibly with my network setup?