Help with setting up masquerade on Rocket M5/OpenWrt

I have a group of Rocket M5s with OpenWrt running 802.11s on a closed mesh network. I would like to setup one of the M5 devices so that it can occasionally be physically connected to an internet connected router for the purpose of allowing all the devices on the closed mesh network to access the internet when needed. I believe this best done via masquerade, but I do not know how to set that up. Could someone tell me or give me screen caps of the proper settings to make that happen through the Luci GUI? Thanks in advance for anyone who can help me.

Does anyone have a company or tech support service that I could hire to get this configuration performed?

It is not that complicated, set devices to have that node as "default router", then on specific device add WAN network into WAN firewall zone and you are all set - WAN up - have internet WAN down - no internet. You may need to check default clean install along /etc/config/firewall or luci/net/firewall and transfer to gateway device.

This is like other devices that have only one Ethernet port.

  • Be logged in by wifi, as obviously the Ethernet port is going to stop working as a LAN.
  • Remove eth0 from br-lan. (Network-->Devices-->br-lan)
  • Create a new network Interface named exactly wan (lower case) with Protocol DHCP Client and Device eth0.
  • If the wan side network is trusted, you can optionally open ports 22, 80, and 443 in the firewall from wan so you can use ssh and http(s) to administer the device from the wan side.
  • Connect the eth0 port to an upstream network that can reach the Internet. An IP address should be obtained by DHCP. This address must not overlap the IP subnets you are using on the LAN(s).
  • The internal DHCP server will advertise this node as the gateway to the Internet. If you have other DHCP servers on the mesh, they need to also advertise this node's LAN IP as the gateway.

Naming the wan interface 'wan' is important as the default firewall is already set up to block incoming traffic and masquerade outgoing connections to that network.

1 Like

Thank you!!

Thanks, I will give this a try tonight.

1 Like

That’s working, but I cannot find out where in the settings on the other Rocket devices to have them advertise the gateway node’s IP address instead of their own IPs. All the client devices connected to other APs are getting assigned the local AP’s IP address instead of the gateway’s IP address.

Where in the Luci interface is the "default router" setting? Thanks!!

IPv4 gateway?

Can’t find that setting. Is that set in the Luci GUI or only via CLI?

Either it is dhcp option 3 or in static configuration next to IP/mask