I want to be able to acces only the internet from the clients connected to the openwrt router.
In version 18 I was easily able to accomplish this by using the setting for bogon networks (at least I think it was that setting).
Now in version 19.07 I cannot get it to work.
Whatever setting I try I can still ping computers from openwrt's LAN that are in the grey network.
Did it maybe make problems that both networks are 198.168.0.### ip range?
What would I need to set in order to get only internet connection for the clients in openwrt's LAN network (orange)?
Replace 192.168.X.0/24 with your real grey subnet and copy/paste.
rule_name=$(uci add firewall rule)
uci batch << EOF
set firewall.$rule_name=rule
set firewall.$rule_name.enabled='1'
set firewall.$rule_name.src='lan'
set firewall.$rule_name.name='Block_grey'
set firewall.$rule_name.family='ipv4'
set firewall.$rule_name.proto='all'
set firewall.$rule_name.dest='wan'
set firewall.$rule_name.dest_ip='192.168.X.0/24'
set firewall.$rule_name.target='DROP'
EOF
yes, many thanks, this is now working!
It seems I didn't manage to set the ip range properly . And it seems that to make the setting effective, some sort of restart is needed. I could still ping computers in the grey network after pressing apply, but no more after a reboot of the openwrt box.
OpenWrt uses a stateful firewall. The state, i.e. conntrack entries ,aren't flushed when adding a rule nor when the firewall is restarted, but it can be done manually using conntrack from the conntrack package.