Hey guys! I'm setting up Proxmox on my Raspberry Pi 4B 4GB and it requires having an Ethernet connection instead of wireless. This presents an issue where my Pi is now in my LAN interface instead of my IOT one.
The IOT interface uses a different IP address and has stricter rules than the LAN one, and the LAN devices can actually communicate into the IOT interface. This allows for certain devices like smart TVs to be able to still function with my parent's smart phone as well as allow me to be able to access my other raspberry pis connected to the IOT interface via ssh. I've started trying to set it up by creating a new VLAN with the ID 10.
How do I configure OpenWrt to group the port that my pi is connected to inside the IOT device? My router is an Archer A7 V5 running OpenWrt 21.02.2 r16495-bf0c965af0.
Settings
Firewall Rules
config zone
option name 'GuestZone'
option output 'ACCEPT'
option forward 'DROP'
option input 'DROP'
list network 'GUEST'
config zone
option name 'IOTZone'
option output 'ACCEPT'
option forward 'DROP'
option input 'DROP'
list network 'IOT'
option masq '1'
list device 'eth0.10'
config forwarding
option src 'GuestZone'
option dest 'wan'
config forwarding
option src 'IOTZone'
option dest 'wan'
config rule
option name 'Guest DHCP and DNS'
option src 'GuestZone'
option dest_port '53 67 68'
option target 'ACCEPT'
config rule
option name 'IOT DHCP and DNS'
option src 'IOTZone'
option dest_port '53 67 68'
option target 'ACCEPT'
config forwarding
option src 'lan'
option dest 'IOTZone'
Some of the configurations have sensitive data (like port forwards and network interface passwords) which was why I didn't share the full configurations. How do I make sure that the configurations don't contain sensitive information?
I have made a guess that logical port 5 corresponds to physical port 4 (as labeled on the case), but that could be wrong. If so, it will likely be logical port 2 in the switch configuration. In that case...
put logical port 5 back into the VLAN 1 definition
Part of the process is figuring out the mapping between the physical port labels, the ones in LuCI, and then the logical assignments in the config files. Once you know how those correlate, you can pretty easily set the VLAN appropriately.
Otherwise, you should be good to go if you follow my directions above.
I followed the instructions but now my computer can no longer find the pi; can't connect nor ping to it at all. What do I do now?
--Edit--
Moved the pi to the 4th port on my router, and I try pinging to it, I get this error on the console:
From ThinkNova icmp_seq=5 Destination unreachable: Address unreachable
And Openwrt's System logs says Sun May 22 21:10:45 2022 daemon.warn dnsmasq-dhcp[31385]: DHCP packet received on wlan1-iot which has no address, while before switching (having it in port 1), it didn't display anything at all other than all packets were lost
OH I see what happened! So I found out that I can actually ping to the device if I'm connected to the IOT wireless network, but can't ping if I'm in the LAN wireless network. Another thing I just realized is that I was pinging to the device using the device's hostname, which works fine if I ping while connected to the IOT network, but doesn't if I'm not (however I can ping to the device if I use the device's ip address if Im connected either to the IOT network or the LAN network). Any idea why I can't ping using the device's hostname when outside of the IOT network?
Yeah, the laptop is on the lan network, which is the 192.168.1.0/24 network! And yea, the address 192.168.4.191 is the pi's current ip address (however I plan on setting the static ip address as 192.168.4.120). The scenario where I couldn't ping to the pi with its hostname was when the laptop was connected to the lan network (I get that address unreachable error); however I can ping to the pi with its ip address when the laptop is on the lan network.