[Help]Setup OpenWrt router as managed switch

Installing and Using OpenWrt Network and Wireless Configuration
1

Hello i managed to install openwrt 12.09 on an old router i have but i'm having trouble configuring it.
I have an ISP router that i want to act as the router and dhcp server. I have connected the openwrt router(192.168.1.128) to one ethernet port of the ISP router(192.168.1.1). Devices that connect to the wlan0 interface of the openwrt get dhcp and internet access without problem. But, devices that connect at the ethernet ports of the openwrt don't get either. I tried following a guide to setup the openwrt as a switch with vlans, but it didn't work, adding static routes to the devices also didn't work. I need devices that are connected on the ethernet ports of the openwrt to be able to communicate with devices that are connected to the ISP router and relay the dhcp to the ISP router as well.
Here is my configuration:

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan'
        option ifname 'eth0'
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.1.128'
        option gateway '192.168.1.1'
        option broadcast '192.168.1.255'
        option dns '8.8.8.8 1.1.1.1'
        option stp '1'

config adsl-device 'adsl'
        option fwannex 'a'
        option annex 'a2p'

config atm-bridge 'atm'
        option unit '0'
        option vpi '1'
        option vci '32'
        option encaps 'llc'
        option payload 'bridged'

config interface 'wan'
        option ifname 'nas0'
        option proto 'pppoe'
        option auto '0'
		

		
root@OpenWrt:~# cat /etc/config/firewall
config defaults
        option syn_flood        1
        option input            ACCEPT
        option output           ACCEPT
        option forward          REJECT
# Uncomment this line to disable ipv6 rules
#       option disable_ipv6     1

config zone
        option name             lan
        option network          'lan'
        option input            ACCEPT
        option output           ACCEPT
        option forward          REJECT

config zone
        option name             wan
        option network          'wan'
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
        option masq             1
        option mtu_fix          1

config forwarding
        option src              lan
        option dest             wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
        option name             Allow-DHCP-Renew
        option src              wan
        option proto            udp
        option dest_port        68
        option target           ACCEPT
        option family           ipv4

# Allow IPv4 ping
config rule
        option name             Allow-Ping
        option src              wan
        option proto            icmp
        option icmp_type        echo-request
        option family           ipv4
        option target           ACCEPT

# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
        option name             Allow-DHCPv6
        option src              wan
        option proto            udp
        option src_ip           fe80::/10
        option src_port         547
        option dest_ip          fe80::/10
        option dest_port        546
        option family           ipv6
        option target           ACCEPT

# Allow essential incoming IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Input
        option src              wan
        option proto    icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        list icmp_type          router-solicitation
        list icmp_type          neighbour-solicitation
        list icmp_type          router-advertisement
        list icmp_type          neighbour-advertisement
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

# Allow essential forwarded IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Forward
        option src              wan
        option dest             *
        option proto            icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

# include a file with users custom iptables rules
config include
        option path /etc/firewall.user
2

If you're connected using the WAN port of the openwrt router, you need to change the subnet on one of them, it cannot be the same on both sides of the firewall.

Change switch LAN to something else than 192.168.1 or on LAN side of openwrt router.

Want everything on the same subnet, convert router to

1 Like
3

Can the firewall be turned off completely?
In the place of the openwrt router i had another router running linux that turned off the firewall and pointed to relay dhcp to 192.168.1.1 and had no problem with having the same subnet on both.
I can't understand what you mean about the WAN port of the router. The one that is setup for PPPOE?This port is not used at all. The isp modem acts as the pppoe modem.

4

Most routers have a WAN port, since you haven't specified which one you're using, I assumed yours had one, too.

Want to disable the fw, set it up dumb AP based on the link above.
Or do you really want two separate subnets?

1 Like
5

Can the firewall be turned off completely?

Yes. Network -> Firewall -> Traffic Rules -> New Rule

  • Protocol: Any
  • Source zone: Any
  • Destination zone: Any
  • Action: allow

Then System -> Startup -> Firewall (disable, stop)

6

Disabled firewall from booting after adding the rule to allow any traffic. Disabled dnsmasq. My router doesn't have odhcpd , so nothing changed.
And nothing...still the same. Devices connected to the ethernet ports of the openwrt router don't get dhcp nor can ping devices connected to the ISP router.

image
image911Ă—332 15.7 KB 


config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.1.128'
        option gateway '192.168.1.1'
        option dns '8.8.8.8 1.1.1.1'
        option _orig_ifname 'eth0 wlan0'
        option _orig_bridge 'true'
        option ifname 'eth0'
7

image
image1124Ă—104 3.47 KB

8

Sorry for multiple posts, but new users cant post more than one pic per post.
image

Also tried adding this to my network config and bridging the eth0 with eth0.1, but only thing i managed to do is lose completely connectivity to the openwrt. Had to revert changes from uart.

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 4 5t'  # 1. add 0 in here
9

If you set a static IP on the wired clients, can they access internet?

Are you sure 192.168.1.128 isn't in the DHCP range, and there's an IP conflict?

10

No, nothing.
My respbian has this static setup:
dhcpcd.conf

# Example static IP configuration:
interface eth0
static ip_address=192.168.1.37/24
#static ip6_address=fd51:42f8:caae:d92e::ff/64
static routers=192.168.1.1
static domain_name_servers=192.168.1.1 8.8.8.8 1.1.1.1

and static routes:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.1.1     0.0.0.0         UG    202    0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     202    0        0 eth0```

** Devices connected to the wlan0 of the openwrt get dhcp and ping everything.
11

I haven't played around with rasbian for a very long time, but how is dhcpcd.conf involved in client side static IP?

12

Same here. :confused:
Every time i need to make a change in the configuration it's been so much time from the last, that i need to search everything from the start...
First result from google setting static ip on rasbian gives info about dhcpcd.conf though.

13

Well, if rasbian is the issue, you might be in the wrong forum ,)

But what does ifconfig (exec in cli) say about the IP of the RPi?

DHCPD is the DHCP demon, and run by the device providing the IPs, not on the client side, usually the router.

14

Just tested again with my Windows laptop connected with ethernet cable to openwrt.
Static ip, default mask and gateway 192.168.1.1 and 192.168.1.128. Nothing.

15

And does pinging 192.168.1.1 work?
Same with 8.8.8.8...?

16

Nope, i can only ping 192.168.1.128. Everything else i get host unreachable.
Earlier today i was playing around with vlans in the openwrt configuration and at some point i was getting port unreachable. I tried playing with the firewall but i couldn't make it work.... After all the things i've tried the whole day i can't remember what changes i had made...

17

Then reset it, start from scratch.

18

Now the configuration is from scratch. I don't mean that getting port unreachable might have messed things up. I mean with the firewall disabled now, it could be the solution.

19
20

Already been posted....