Hello good people of OpenWRT community,
I'm looking to get better at basic home networking. I'm having issues with the setup I have to work like I would like it to work.
Here is my home(shared) setup:
Internet --> ISP router with ONT built in - mandatory (almost nothing can be changed in the settings) subnet 192.168.1.0, standard firewall, NAT etc ---> Two routers connected to the ISP router through LAN ports, no direct connection between these two routers, all traffic first goes to ISP router
First LAN port of ISP router ----> LAN cable goes to LAN port of my OpenWRT device (Netgear WNDR3700 v2), LAN address 192.168.1.10 as dumb router, no DHCP, firewall running, no NAT on interfaces, same subnet as ISP router, all devices get ip address from ISP router
Second LAN port of ISP router ---> LAN cable goes to WAN port of second router(some Hewlett Packard router), subnet 10.0.1.0, has address of 192.168.1.11 on ISP router, NAT enabled, firewall enabled, pretty much default configuration so most ports blocked --> devices connected to that router with LAN ports, including file server on IP address 10.0.1.6
My goal - I would like my OpenWRT device to act as a router, but not as a gateway. I want it to also do some basic firewalling. I want to be able to access file server with address 10.0.1.6 on the HP network. I don't want secondl NAT on my OpenWRT device, which probably is the culprit for all the issues I have.
What I tried:
- keeping WAN and LAN zone, allowing FORWARDING between these zones, allowing INPUT and OUTPUT as well. LAN interface with static address of 192.168.1.10, umanaged WAN interface, masqurade off, mtu clamping off. I guess it doesn't make sense.
When I connect cable from ISP router to my WAN port, no internet access. I can't access ISP router, I can still access my router. This may be better way to achieve my goal than solution nr 2 if I could get it work?
- Not using WAN port at all. Pretty much doing what is in the DumbAP guide https://openwrt.org/docs/guide-user/network/wifi/dumbap, except I kept firewall on and didn't delete any interfaces.
As expected, internet connection works. But I guess in this configuration, I can no longer do routing or firewalling. I created static route to 10.0.1.0 via 192.168.1.11. I can ping 192.168.1.11, but can't ping 10.0.1.1 or 10.0.1.6.
I tried port forwarding on HP for the server and it worked, but I would prefer the file server to be only accessible when I connect from OpenWRT devices and from HP devices through LAN connection. Devices connecting to ISP router directly like through Wi-FI or connected with LAN cable shouldn't easily be able to access the file server.
What would be the way to achieve my goal? If it's at all possible, of course.
Thank you for your help