Unfortunately, untagged on WAN in VLAN3 will not work.
Back to my first reply, I was referring into something like:
config interface 'wan2' option ifname '@wan' ...
But since you want to let one host to connect to the ISP dhcp directly, that would be as easy as to make LAN 4 port off in vlan1 and untagged in vlan2. VLan3 is not necessary at all.
If following your instructions, the IP address that was issued by WAN2 applies to all connected devices, but not to LAN4. At the same time, it is impossible to access the Internet on LAN4.
Which instructions did you follow? Because that was 2 different solutions. One for a wan2 that will be available for all hosts and one that will move lan4 in the same bridge with wan.
I did as following. As a result, IP-address from WAN2 was applied to all connected devices, and the device connected to LAN4 has no Internet connection at all.
You can use
kmod-macvlan to spawn multiple virtual WAN interfaces sharing the same physical connection. After installing
kmod-macvlan, follow Save ip link macvlan interfaces after reboot and use the resulting
vethX interfaces to setup further WAN DHCP interfaces in LuCI.
Installed the package, added to my config the strings you suggested, rebooted the router, created a new interface with the same settings as before. The IP address didn't show up on it.
Is your provider expecting a specific MAC address by any chance?
No. The main thing is that they're not the same on several interfaces.
Could you mention your router model and share your current /etc/config/network?
config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config globals 'globals' option ula_prefix 'fd44:a256:0a70::/48' config interface 'lan' option type 'bridge' option ifname 'eth0.1' option proto 'static' option ipaddr '192.168.1.1' option netmask '255.255.255.0' option ip6assign '60' option macaddr 'Hidden:94' config device 'lan_eth0_1_dev' option name 'eth0.1' option macaddr 'Hidden:bb' config interface 'wan' option proto 'dhcp' option peerdns '0' list dns '220.127.116.11' list dns '18.104.22.168' option ifname 'eth0.2' option macaddr 'Hidden:f6' config device 'wan_eth0_2_dev' option name 'eth0.2' option macaddr 'Hidden:bc' config device 'veth0' option name 'veth0' option type 'macvlan' option ifname 'eth0' config device 'veth1' option name 'veth1' option type 'macvlan' option ifname 'eth0' config switch option name 'switch0' option reset '1' option enable_vlan '1' config switch_vlan option device 'switch0' option vlan '1' option vid '1' option ports '1 2 3 4 6t' config switch_vlan option device 'switch0' option vlan '2' option vid '2' option ports '0 6t' config interface 'WAN2' option proto 'dhcp' option hostname 'NoName29' option peerdns '0' list dns '22.214.171.124' list dns '126.96.36.199' option macaddr 'Hidden:70' option ifname 'veth0'
Try changing the
option ifname entries of the
config device vethX sections from
Not sure if this is going to work but worth a try. It could also be that the underlying switch prevents the use of MAC VLANs due to filtering but try it anyway.
It helped, the IP address was out. But it applied to all connected devices as it did last time. I need only one device on the network to use this IP address.
Step 2 would now be delegating that IP to a specific device as you wrote. Personally I likely would go with a pair of SNAT / DNAT rules but a proxy ARP entry could work too iirc.
Firewall rules (replace
w.x.y.z with the IP of the LAN host you want to route the extra IP to):
config redirect option name 'Rewrite secondary WAN IP to LAN host' option proto all option src wan # make sure to assign wan2 to your wan zone option src_dip wan2 # use IP address of secondary wan interface option dest_ip w.x.y.z # the LAN IP to forward to option target DNAT config nat option name 'Rewrite LAN host to secondary WAN IP' option proto any option src wan option src_ip w.x.y.z # the LAN IP to forward to option snat_ip wan2 # use IP of wan2 option target SNAT
The IP address that was issued by WAN2 still applies to all connected devices.
config redirect option name 'Rewrite secondary WAN IP to LAN host' option proto 'all' option src 'wan' option src_dip '**.***.**.223' # WAN2 ip option dest_ip '192.168.1.229' # LAN ip option target 'DNAT' config nat option name 'Rewrite LAN host to secondary WAN IP' option src 'wan' option src_ip '192.168.1.229' # LAN ip option snat_ip '**.***.**.223' # WAN2 ip option target 'SNAT' list proto 'all'
I am not sure what you mean with "applies to all connected devices". Do you mean it is used as source IP for outgoing traffic?
In your "wan2" interface, advanced settings uncheck both "Use default gateway" and "Use DNS servers advertised by peer". See if it solves it.
You can also replace
'**.***.**.223' with a literal
wan2 in the firewall rules. This way the IP should be automatically derived from the interface so you do not need to update the config in case it ever changes.
I mean, the IP address applies to all devices (including PCs, phones), but I only need to apply it to one device connected to the router.
When I uncheck "Use default gateway" the Internet connection is lost.
Yeah, likely because the WAN2 default route overwrote the WAN one and now after disabling it you have none. Either try reconnecting WAN after disabling the default gateway on WAN2 or reboot the entire router.
Yeah, it helped. Thank you very much!
For some reason, open port 80 stopped working.
config redirect option target 'DNAT' option name 'HTTP' option src_dport '80' option dest 'lan' option dest_ip '192.168.1.229' option dest_port '80' option src 'wan'