I have a Huawei E5186 configured in its bridge mode (really, a half-bridge) and connected to the WAN interface of OpenWRT on my TP-Link Archer D7.
OpenWRT version: OpenWrt SNAPSHOT r15109-c71500fd45 / LuCI Master git-20.332.74200-03c77da
(support for the Archer D7 is not in a stable release yet)
It happily grants a DHCP lease for its WAN IP address to OpenWRT and works fine.
I want to able to access the modem configuration page at 192.168.8.1 (to view signal data). I've followed the instructions on the forum and here: https://openwrt.org/docs/guide-user/network/wan/access.modem.through.nat
And created the interface "modemaccess":
config interface 'modemaccess'
option proto 'static'
option ifname 'eth0.2'
option ipaddr '192.168.8.2'
option netmask '255.255.255.0'
option metric '500'
option force_link '0'
option auto '0'
Which works initially... (but note that if I follow its advice to disable masquerading on the modemaccess interface, it doesn't work, so I left that out).
However, if I reboot the router, or disconnect the wan cable and reconnect it, it can no longer use the internet, but CAN still access the modem interface at 192.168.8.1. If I disable the modemaccess interface, the internet returns. If I then re-enable the modemaccess interface, I can use both. It seems that the modemaccess interface must always be restarted after the wan interface.
I've tried giving the modemaccess interface a huge metric as you see above but this doesn't help.
Please note I am no longer physically located where the OpenWRT installation is- I am accessing it through a wireguard tunnel.
uci export network
package network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdf8:5c78:c118::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth1.1'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.10.1'
list dns '192.168.10.1'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
option peerdns '0'
list dns '1.0.0.1'
list dns '1.1.1.1'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '2 1 6t'
config interface 'wg0'
option proto 'wireguard'
option private_key 'REDACTED'
list addresses '192.168.9.250/24'
config wireguard_wg0
option description 'albia'
option public_key 'REDACTED'
option route_allowed_ips '1'
option persistent_keepalive '25'
option endpoint_host 'REDACTED'
option endpoint_port 'REDACTED'
option preshared_key 'REDACTED'
list allowed_ips '192.168.9.0/24'
config interface 'modemaccess'
option proto 'static'
option ifname 'eth0.2'
option ipaddr '192.168.8.2'
option netmask '255.255.255.0'
option metric '500'
option force_link '0'
option auto '0'
uci export firewall
package firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan wg0'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'modemaccess wan wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'