Thanks for taking the time to read this.
I need some advice on what to look at/think about with an OpenWRT install.
I have been running a base vanilla OpenWRT/LEDE install for the last year and know the basics but need to delve far deeper than my limited knowledge permits me.
I have a Linksys Linksys WRT1900ACS running OpenWRT 18.06 and next week my broadband is being upgraded and I need to make some big changes. Please help me by checking if my thinking is sound.
1.) The new install will come with 8 static IP addresses. For the sake of argument we will call them 80.xx.xx.160 - 167. I am assuming that following [SOLVED] How to configure static block / multiple static IPs on WAN? will help me set these up.
This mean I will end up with the Following WANs:
WAN - Generic WAN PPOE connection (same as I have now) and will use 80.xx.xx.160
WAN161 - linked to 80.xxx.xxx.161
WAN162 - linked to 80.xxx.xxx.162
WAN163 - linked to 80.xxx.xxx.163
and so on
2.) I want 80.xx.xx.161 and 80.xx.xx.160 to have Web servers on them. I want them to only send & receive traffic to the internet using their relevant IP. I am assuming that VLANs are my friend here and that each one needs to be in a separate VLAN.
And that I will to set the Firewall Zones up something like:
config forwarding option src 'vlan161' option dest 'wan161' config forwarding option src 'vlan162' option dest 'wan162'
And then for WANx to VLANx have port forwarding rules like:
config 'redirect' option 'name' 'HTTPS' option 'src' 'wan161' option 'proto' 'tcpudp' option 'src_dport' '2222' option 'dest_ip' '192.xxx.xxx.xxx' option 'target' 'DNAT' option 'dest' 'vlan161'
This seem OK?
3.) I wish to permit access to the VLANs from my LAN but not the other way round. I am assuming that this is done with Firewall Zones.
config forwarding option src 'lan' option dest 'vlan161'
Is there anything else I need to do and think about?
My thanks for being clueless boring you all. Any advice much appreciated.