Luci administration of an OpenWRT router connected to a client OpenWRT router

Installing and Using OpenWrt
1

I have a main OpenWRT machine (router 1) and a secondary OpenWRT machine (router 2) I've connected to the first via the "Connect to client Wi-Fi network" instructions, and everything is working amazingly. This setup is simply to extend wifi to a few stationary IoT devices and provide DNS adblocking ability to them as well.

I'd like to allow one trusted computer on router 1 to access Luci on router 2 by its router 1 IP. My only question is if this proposed firewall rule (on the secondary device) is safe:

allowadministration
allowadministration972×1238 64.8 KB

As far as I understand it, router 2 uses the first device as a gateway and can never be touched by the internet itself because it is hidden by router 1's NAT. Is this correct? Could the rule be locked down tighter? It's a bit of a noob question but I wanted to double check my understanding. I also experimented with MAC address allowances, but I couldn't seem to get it to work.

2

It mostly depends on what you are looking for. What you've built, is a router cascade, which is usually regarded as a kludge if your (proprietary) routers can't do any better, but OpenWrt could…

Normally, the better solution for this would be a flat network with WDS/ 4addr to handle the wireless backhaul. But even if you want a more segregated network, there'd be a better approach, handling the policies/ firewalling on the primary router (alone, e.g. via a second (WDS-)AP interface in addition to your normal AP interface (there can only be a single WDS-AP interface)).

1 Like
3

Thank you. I will take a look a these options and see which works best.

4

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.