My problem is supposed to be very easy and very common, but I am having some difficulties to get it solved
Anyway, here my situation :
A :One FTTH router configured to work on 192.162.1.1/24 (firmware untouched)
B : Archer C7 using openwrt (want it to be configured under 192.168.0.1/24) and connected to one of the LAN ports of router A
C : Archer C7 using openwrt (want it to be configured under 192.168.2.1/24 and connected to one of the LAN ports of router A
The idea is to have two separate networks and avoid any communication between networks behind B& C.
I am stuck in the very first step of configuration : B is connected to A and address is 192.168.1.99. When i change the LAN config of router B to us 192.168.0.xxx instead of 192.168.1.xxx, I can't access router B anymore.
Any help would be appreciated (if my double NAT strategy isn't the best, please let me know )
If you can set your "modem" to a "pass-through", "bridge", or "transparent" mode, that would simplify things by eliminating the second NAT. The double NAT makes port-forwarding and routing more complicated.
If you stick with double NAT, I would
Router B
WAN static as 192.168.1.2/24 (to pick a "convenient" IP address in Router A's LAN subnet)
Default route via 192.168.1.1
LAN as 192.168.0.1/24
Supplies DHCP and probably DNS and NTP on its LAN
Router C
WAN static as 192.168.1.3/24
Default route via 192.168.1.1
LAN as 192.168.0.1/24
Supplies DHCP and probably DNS and NTP on its LAN
If you want to reach Router B and Router C from the 192.168.1.0/24 subnet, you'll need firewall rule(s) to accept input on WAN to port 22 for SSH (and possibly 443 for LuCI over HTTP-S or 80 if you're still using HTTP).
hey !
thank you for your quick and clear answer. indeed on router A port is on birdge mode (and router B is put on DMZ so I can simplify my routing if needed)
For suggested configuration on router B, I believe that's exactly what I did and I lost access to router B. I'll give a try again and screenshot configuration before validating. Thank you !
If the public IP address is on Router B's WAN, then I'd approach it by doing all the routing on Router B and setting up Router C as a (non-routing/bridged) "slave" over VLANs to Router B. Firewall rules to prevent cross-subnet routing and "inappropriate" access to the local interfaces of the routers would be needed on both Router B and Router C. At least for me, keeping the "fancy stuff" all in one place simplifies understanding what is happening, either for thinking about zone isolation or resolving issues.
Problem had nothing to do with network configuration, there is an emergency rollback feature.
I was able to change the LAN by editing /etc/config/network directly
To change your LAN IP with the GUI, go ahead and change it, click "save and apply", then don't touch anything for about a minute until the box with a red "Apply anyway" button pops up. Click that button then change your PC to the new network and connect back to the router on its new IP.
