Hi i am in need of help currently my current network system is a bit janky to say the least.
Right now i have a Guest Network which is isolated from my Private Network however i am trying to move DHCP over to my PiHole servers but hit a snag as i have set the guest network as isolated so i would like to transfer the whole
setup to VLAN's it wuld then make it easier for me then to set the Router and Proxmox server to use vlans and then attach networks on the promox server to the docker server i am running with DDNS DHCP and Adblock DNS.
However DSA VLAN's is nothing like SwitchConfig VLANS. I have even tried moving lan 3 lan 4 from br-lan to br-guest and that just kills the ethernet out right on reboot.
So any pointers would be greatful on this, I need Guest Network to be truely seperate from LAN but at the same time i want my DNS2 with DHCP server only to be accessed by guest and not like it is currently with intercept rules in firewall.
So for example
Router (192.168.1.x) ----> Pihole DNS1/DHCP (192.168.1.25) via the Docker VM with other services
Modem (10.0.1.1) ---> Router (192.168.1.x) ----> Docker VM DSLSTATS Container with these two connected to Proxmox Server LAN Port 1
Router (10.2.0.x) ----> Pihole DNS2/DHCP (Currently 192.168.1.26 but want that on 10.2.0.x network) via the Docker VM but no access to everything else. Connected to Proxmox Server LAN Port 2
/etc/config/network
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option device 'lo'
config globals 'globals'
option packet_steering '1'
option ula_prefix 'auto'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.1.3'
option delegate '0'
option device 'br-lan'
config interface 'wan'
option proto 'pppoe'
option username 'usr'
option password 'pass'
option device 'wan'
option mtu '1492'
option delegate '0'
option ipv6 'auto'
option peerdns '0'
list dns '1.0.0.2'
list dns '1.1.1.2'
config device 'wan_wan_dev'
option name 'wan'
option macaddr '62:38:e0:ce:37:58'
option ipv6 '0'
option mtu '1500'
option txqueuelen '1000'
config interface 'wan6'
option proto 'dhcpv6'
option device 'wan'
option auto '0'
option reqaddress 'none'
option reqprefix 'no'
config interface 'modem'
option proto 'static'
option netmask '255.255.255.0'
option device 'wan'
option delegate '0'
option ipaddr '10.0.1.2'
config interface 'guest'
option proto 'static'
option ipaddr '10.2.0.3'
option netmask '255.255.255.0'
option type 'bridge'
option delegate '0'
option device 'br-guest'
config device
option name 'lan1'
option mtu '1500'
option ipv6 '0'
option txqueuelen '1000'
config device
option name 'eth0'
option ipv6 '0'
option mtu '1500'
option txqueuelen '1000'
config device
option name 'lan2'
option ipv6 '0'
option txqueuelen '1000'
config device
option name 'lan3'
option ipv6 '0'
config device
option name 'lan4'
option ipv6 '0'
option txqueuelen '1000'
config device
option name 'wlan0'
option ipv6 '0'
config device
option name 'pppoe-wan'
option ipv6 '0'
option txqueuelen '1000'
option mtu '1492'
config device
option name 'wlan1'
option ipv6 '0'
option txqueuelen '1000'
config device
option name 'wlan0-1'
option ipv6 '0'
option txqueuelen '1000'
config device
option name 'wlan1-1'
option ipv6 '0'
option txqueuelen '1000'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
option txqueuelen '1000'
option ipv6 '0'
config device 'guest_dev'
option type 'bridge'
option name 'br-guest'
Since you don't need tagged output on any Ethernet ports it is considerably simpler. Generally just refer to the ports by their names wan lan1 lan2 etc. Note there is no eth0 any more.
You don't need any config device except to build bridges (and maybe to override MAC addresses). Build the bridges as a bridge device, do not use option type bridge in a config interface. An ethernet port can only be in one bridge. It does not work to use something like lan4.2 to try to make a port tagged in two bridges (see below)
The more general construct, which looks a lot like swconfig in the end, is to make one bridge with all the Ethernet ports in it, and VLAN tagging within that bridge. This ends up translating properly to hardware switching.
config device
option name 'br-eth'
option type 'bridge'
list ports 'wan'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
# The LAN is vlan1 inside the switch, like with swconfig
config bridge-vlan
option vlan '1'
# Note you can make a port tagged with the notation :t here instead of :u which is untagged.
list ports 'lan1:u'
list ports 'lan2:u'
list ports 'lan3:u'
# As with swconfig, the wan is a separate vlan, number 2.
config bridge-vlan
option vlan 2
list ports 'wan:u'
config bridge-vlan
option vlan 3
list ports 'lan4:u'
# Now pull the vlans out into the layer 3 networks with the notation br-eth.X, where X is 1 for the LAN ports,
# 2 for wan and 3 for guest.
config interface 'lan'
option device 'br-eth.1'
...
config interface 'wan'
option device 'br-eth.2'
...
etc.
Attach wifi APs using option network 'guest' etc in /etc/config/wireless. As with the old syntax, don't reference any wifi interfaces inside /etc/config/network.
Take option device wan out of the config interface 'wan' block. Also you can delete wan6 if your ISP doesn't support IPv6, even if they did support IPv6 it is different for pppoe.
Will find out when my father and others stop using the network (I rather live with a working network right now then flash an edited stock backup and internet goes down it would be the end of the world lol).
So will keep you updated as i will flash the other partition and then restore the config to that.
Connecting via Wireless resulted in nothing working couldn't ping the router and the router couldn't ping me (lucky for serial TTL), however could ping the proxmox server now as the wireless cards i have don't have option for vlan tags that broke that.
The same happened with a wired connection untill i got my trusty R61e Thinkpad out and changed the vlan tag to 1 and then it worked.
So i guess VLAN'ing is out the question so back to the drawing board.