Name the use case: NAT from WiFi to Ethernet uplink

On campus (in halls), I got internet access via wired Ethernet. I am allowed to operate one MAC address only (which has to be registered with them). I'd still like to use my mobile devices through this uplink, though.

So my plan is to use my Netgear EX3800 with latest OpenWRT. I'll call it Netgear for brevity.

Netgear should span a WiFi for all my [mobile] end devices, with an own subnet. When sending on the Ethernet port, Netgear should only use it's own MAC and the IP it obtains via DHCP from campus' server. Never ever MACs of my end devices. It should never forward DHCP requests from my end devices. No plans to run a VPN or to filter anything. Connectivity between my end devices does not matter.

It looks to me that I need a NAT from WiFi sub-net to Ethernet - correct? What would be the right name of this use case and is there a configuration guide for it? (I think it neither repeater nor bridge).

I also think it's going to be a double NAT. I don't expect any troubles with web browsing and social media, but should I be prepared for troubles with Spotify?

there are a few posts on here re: "travelmate and hotels"... solutions will be found there...

edit: ok, its wired... read those threads anyway...

just plug it in... a stock setup will handle... if you have double nat problems check back in here with them...

you may wish to populate the hostname+mac in your wan network section... to something a client will send... otherwise the network admins will see...

client-identifier: "openwrt"
mac-vendor: "tp-link"


An attempt of a check-list:

  • populate hostname+mac in WAN network section (thanks, didn't think about it!)
  • expect DCHP client on wired side be already enabled
  • set WiFi country
  • create a WiFi network
  • anything to do in firewall section?

You were told above that a default setup would handle your concern and situation.

From your list, all you need to do on a default OpenWrt is configure WiFi. If you already gave them another MAC, you will need to spoof that on WAN too. Simple.


I misinterpreted "stock setup" as "no need for extra packages"
Sounds good, thanks for a very quick help guys

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.