How do I set up a NAT/DHCP isolated private local network?

I just started using OpenWRT so please don't think I am an idiot!

I am trying to set up a TP-Link RE450 router/range extender basically as an access point/extender but with a NAT isolated wireless LAN that is a completely different zone. I wish to connect wirelessly to a "wan" with addresses 192.168.1.x as the source and create a wireless "lan" isolated from the "wan" with a DHCP server handing out addresses 10.0.0.x to the clients on the "lan".

I can easily set up the RE450 with the wan and lan as described but not the DHCP server so all clients are in the same 192.168.1.x zone even though I can set the network names and passwords for my "lan" separately.

Every time I try to set up a DHCP server I lose the ability to communicate with the router and I have to go to failsafe mode and reset the whole thing.

I had a cheap Tenda router/range extender that did this easily with very simple setup but it seems very complicated with OpenWRT.

I WOULD BE THANKFUL FOR ANY HELP! I am an experienced professional but I am a dummy when it comes to OpenWRT.


What exactly are you trying to do to the DHCP server and you lose connectivity?
With the default configuration, the DHCP server will give to the LAN host IP addresses in the .100-250 range.
So, as long as the LAN IP address is correct in the 10.X.Y.Z range, you don't need to change anything else.
Also have a look at the travelmate package. Although developed for traveling routers, it could work in your case too.

1 Like

Thanks for your note. I find that no matter how I configure the client and master, the router acts as a range extender and does not utilize its own NAT and DHCP functions.

If the client has an ipv4 address of W.X.Y.Z served up by the WAN, the master (and thus the LAN) then gives out addresses of W.X.Y.N where N is being determined the WAN DHCP server and everything is passed through like a range extender.

Ironically if I turn off the

It works OK but it is not acting as a router.

How can I get the DHCP server and NAT to work? There has to be a way. THANK YOU FOR ANY HELP!

Better post here the following configurations to better understand what have you done.
Login to the router by ssh.
Then give the following commands as you see them:

uci show network; uci show wireless; uci show dhcp; uci show firewall; \
ip -4 addr; ip -4 ru; ip -4 ro

Finally paste the output here in preformatted text </>

This is called a guest network. Create a new network with its own DHCP server serving a different IP range. Create a firewall zone for it and have that zone forward to the main LAN. Turn on masq and mtu_fix on the LAN network, this will have the guests all NAT through the one LAN IP of your router.

At this point, guests are mostly isloated, but if they know of an IP in your LAN range they will still be able to reach it, since everything after the NAT is considered part of the Internet. So you also need firewall rules to block guests out of the lan, such as by blocking all 192.168.X.X. addresses so they can only use the public Internet.

Thank you so much for the suggestions. I fooled and fooled with this and with the suggestions I solved it.

Using SSL and editing /etc/config/dhcp with vi. You set dhmc option "force" to 1. As:

config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
option force '1'

Alternatively you can find this in the GUI interface under DHCP settings -> Advanced


Careful with this setting.
It might mean that another DHCP server was detected and this is not good.