How to configure for only internet via WAN?

given is a network structure like in this picture:

I want to be able to acces only the internet from the clients connected to the openwrt router.
In version 18 I was easily able to accomplish this by using the setting for bogon networks (at least I think it was that setting).
Now in version 19.07 I cannot get it to work.
Whatever setting I try I can still ping computers from openwrt's LAN that are in the grey network.
Did it maybe make problems that both networks are 198.168.0.### ip range?

What would I need to set in order to get only internet connection for the clients in openwrt's LAN network (orange)?


Replace 192.168.X.0/24 with your real grey subnet and copy/paste.

rule_name=$(uci add firewall rule) 
uci batch << EOF
set firewall.$rule_name=rule
set firewall.$rule_name.enabled='1'
set firewall.$rule_name.src='lan'
set firewall.$'Block_grey'
set firewall.$'ipv4'
set firewall.$rule_name.proto='all'
set firewall.$rule_name.dest='wan'
set firewall.$rule_name.dest_ip='192.168.X.0/24'
set firewall.$'DROP'

then uci commit firewall

1 Like

yes, many thanks, this is now working!
It seems I didn't manage to set the ip range properly :upside_down_face: . And it seems that to make the setting effective, some sort of restart is needed. I could still ping computers in the grey network after pressing apply, but no more after a reboot of the openwrt box.


OpenWrt uses a stateful firewall. The state, i.e. conntrack entries ,aren't flushed when adding a rule nor when the firewall is restarted, but it can be done manually using conntrack from the conntrack package.


This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.