Hi All,
I'm new to using OpenWrt and just playing around with a BT HH5 I've flashed to try and understand how OpenWrt works and the configuration before I purchase something more appropriate. I'm using the latest firmware I believe (OpenWrt 21.02.1 r16325-88151b8303 / LuCI openwrt-21.02 branch git-21.295.67054-13df80d)
I've run into some problems trying to achieve the connectivity I want to test and am looking for some help please. As i say I'm just playing around with a test switch but what I was hoping to achieve was to configure the BT HH5 with each LAN port being it's own VLAN and one WLAN being its own VLAN/network i.e all networks seperated from each other and no WAN configuration at all. I then wanted to configure the firewall to allow certain zones to pass traffic between each other or test the traffic rules to see what sort of granularity I could achieve.
I've tried all sorts of configurations and been reading lots on the forum and wiki about how certain things work but suspect I'm missing some fundamentals. The config is now in a bit of a mess and rather than provide the details I thought it might be easier to ask some questions that might help enlighten me and then re-configure........
Bridge - I've more or less deleted the default config and started afresh with just the LAN/WLAN. I have 4 VLANs configured via the switch menu one for each LAN port and each VLAN has it's own subnet (using static addresses not DHCP). Do I need a "bridge" I suspect not but thought I would ask, my interfaces are all VLANs?
VLANs - Each port set as untagged and assigned to a VLAN accordingly. The CPU (eth0) is set to tagged for all VLANs. I assume this is correct or at least ok? I can confirm that the VLANs can't talk to each other as expected so that's ok and I know that if I change the config so two ports are in a particular VLAN then those two devices can commuicate in isolation. Other than the VLAN used to manage the BT HH do the VLANs need IP addresses, I've tried it with both IP addresses and unmanaged I'm assuming not?
Firewall Forwarding/Zones - even though I have isolated with VLANs I assumed that I would still be able to get one VLAN to commuicate with another via appropriate firewall forwarding zone rules. However, this isn't working and I've tried basically accepting everything on all chains.
I'm assuming that if I allow traffic to flow between zones in both directions I don't need to add specific traffic rules (even though I have tried this and it didn't work)?
Routing - I'm wondering whether my problems all relate to routing somehow. So I have read that all VLANs get to the CPU via the tagged configuration I made in the switch menu but then what? I've not done anything specific for routing or enabled masquerading so how does the traffic get from one subnet to another without being routed/natted? I can see that the firewall zones might be forwarding the traffic but surely the traffic would be from different subnets - is this the problem? I did think about static routes but then couldn't work out what the default route would be? Oh and one last thing I did try the configuartion with two of the VLANs using the same subnet but in different firewall zones and this didn't work either.
All the config has been done thru the GUI not via CL
Sorry for all the questions any pointers whatsoever should help, thanks