Kaar3l
June 17, 2025, 6:00pm
1
I have a dumbap ip: 192.168.100.151. Now I deleted all wan interfaces. Then I am using wan port for next vlan. This has dhcp and has network 192.168.1.X. I verified that laptop gets ip when I plug it into wan port. I did try to configure firewall but cant access internet from the wan port.
root@1043ND:/etc/config# cat network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.100.151'
option netmask '255.255.255.0'
option ip6assign '60'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '5 6t'
config interface 'WANport'
option proto 'static'
option device 'eth0.2'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
root@1043ND:/etc/config# cat firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'WANport'
Both of your networks are lacking a gateway and DNS.
That said, I'm not exactly sure what you're expecting the WANport network interface to do. What is upstream of this device? What ports are connected to what other devices?
Kaar3l
June 17, 2025, 6:06pm
3
One of Lan ports is connected to main AP ip 192.168.100.1. The WANport needs to connect a device that has 192.168.1.x subnet to internet.
root@1043ND:/etc/config# cat network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.100.151'
option netmask '255.255.255.0'
option ip6assign '60'
option gateway '192.168.100.1'
list dns '192.168.100.1'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '5 6t'
config interface 'WANport'
option proto 'static'
option device 'eth0.2'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option gateway '192.168.100.1'
list dns '192.168.100.1'
I added the gateways and dns's. Now when I ssh into router and I can ping from router.
So you need to add the gateway and dns (192.168.100.1 for both) to the lan network interface.
Then, you'll need to do one of the following:
If your main router supports static routes, add this to the main router's static route table
192.168.1.0/24 via 192.168.100.151
If your main router does not support static routes, adjust the firewall on the OpenWrt device:
move the WANport network to a different firewall zone
enable masquerading on the lan firewall zone
add forwarding from the new firewall zone (containing the WANport interface) to the lan firewall zone.
You may also need to enable a DHCP server on the WANport network.
1 Like
Kaar3l
June 17, 2025, 6:14pm
5
Thank you! I didn't modify main router. I had the WANport in lan firewall zone. I added masquerading and internet works. Thank you!
1 Like
system
June 27, 2025, 6:14pm
6
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.