Unfortunately, untagged on WAN in VLAN3 will not work.
Back to my first reply, I was referring into something like:
config interface 'wan2'
option ifname '@wan'
...
But since you want to let one host to connect to the ISP dhcp directly, that would be as easy as to make LAN 4 port off in vlan1 and untagged in vlan2. VLan3 is not necessary at all.
If following your instructions, the IP address that was issued by WAN2 applies to all connected devices, but not to LAN4. At the same time, it is impossible to access the Internet on LAN4.
Which instructions did you follow? Because that was 2 different solutions. One for a wan2 that will be available for all hosts and one that will move lan4 in the same bridge with wan.
I did as following. As a result, IP-address from WAN2 was applied to all connected devices, and the device connected to LAN4 has no Internet connection at all.
You can use kmod-macvlan to spawn multiple virtual WAN interfaces sharing the same physical connection. After installing kmod-macvlan, follow Save ip link macvlan interfaces after reboot and use the resulting vethX interfaces to setup further WAN DHCP interfaces in LuCI.
Installed the package, added to my config the strings you suggested, rebooted the router, created a new interface with the same settings as before. The IP address didn't show up on it.
Is your provider expecting a specific MAC address by any chance?
No. The main thing is that they're not the same on several interfaces.
Could you mention your router model and share your current /etc/config/network?
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd44:a256:0a70::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option macaddr 'Hidden:94'
config device 'lan_eth0_1_dev'
option name 'eth0.1'
option macaddr 'Hidden:bb'
config interface 'wan'
option proto 'dhcp'
option peerdns '0'
list dns '1.1.1.1'
list dns '1.0.0.1'
option ifname 'eth0.2'
option macaddr 'Hidden:f6'
config device 'wan_eth0_2_dev'
option name 'eth0.2'
option macaddr 'Hidden:bc'
config device 'veth0'
option name 'veth0'
option type 'macvlan'
option ifname 'eth0'
config device 'veth1'
option name 'veth1'
option type 'macvlan'
option ifname 'eth0'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '1 2 3 4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '2'
option ports '0 6t'
config interface 'WAN2'
option proto 'dhcp'
option hostname 'NoName29'
option peerdns '0'
list dns '1.1.1.1'
list dns '1.0.0.1'
option macaddr 'Hidden:70'
option ifname 'veth0'
Try changing the option ifname entries of the config device vethX sections from eth0 to eth0.2.
Not sure if this is going to work but worth a try. It could also be that the underlying switch prevents the use of MAC VLANs due to filtering but try it anyway.
It helped, the IP address was out. But it applied to all connected devices as it did last time. I need only one device on the network to use this IP address.
Step 2 would now be delegating that IP to a specific device as you wrote. Personally I likely would go with a pair of SNAT / DNAT rules but a proxy ARP entry could work too iirc.
Firewall rules (replace w.x.y.z with the IP of the LAN host you want to route the extra IP to):
config redirect
option name 'Rewrite secondary WAN IP to LAN host'
option proto all
option src wan # make sure to assign wan2 to your wan zone
option src_dip wan2 # use IP address of secondary wan interface
option dest_ip w.x.y.z # the LAN IP to forward to
option target DNAT
config nat
option name 'Rewrite LAN host to secondary WAN IP'
option proto any
option src wan
option src_ip w.x.y.z # the LAN IP to forward to
option snat_ip wan2 # use IP of wan2
option target SNAT
The IP address that was issued by WAN2 still applies to all connected devices.
config redirect
option name 'Rewrite secondary WAN IP to LAN host'
option proto 'all'
option src 'wan'
option src_dip '**.***.**.223' # WAN2 ip
option dest_ip '192.168.1.229' # LAN ip
option target 'DNAT'
config nat
option name 'Rewrite LAN host to secondary WAN IP'
option src 'wan'
option src_ip '192.168.1.229' # LAN ip
option snat_ip '**.***.**.223' # WAN2 ip
option target 'SNAT'
list proto 'all'
I am not sure what you mean with "applies to all connected devices". Do you mean it is used as source IP for outgoing traffic?
In your "wan2" interface, advanced settings uncheck both "Use default gateway" and "Use DNS servers advertised by peer". See if it solves it.
You can also replace '**.***.**.223' with a literal wan2 in the firewall rules. This way the IP should be automatically derived from the interface so you do not need to update the config in case it ever changes.
I mean, the IP address applies to all devices (including PCs, phones), but I only need to apply it to one device connected to the router.
When I uncheck "Use default gateway" the Internet connection is lost.
Yeah, likely because the WAN2 default route overwrote the WAN one and now after disabling it you have none. Either try reconnecting WAN after disabling the default gateway on WAN2 or reboot the entire router.
Yeah, it helped. Thank you very much!
For some reason, open port 80 stopped working.
config redirect
option target 'DNAT'
option name 'HTTP'
option src_dport '80'
option dest 'lan'
option dest_ip '192.168.1.229'
option dest_port '80'
option src 'wan'