Need help with network configuration

Hi everyone. I'm a newbie to networking, I'm familiar with the basics but still need to look into the more advanced stuff.
I'm thinking about hosting a minecraft server to play with my friends and I'd like to split my network so that the rest of the devices can't be accessed from the server. I understand that the correct way would be to do it with vlans, but the hardware I have doesn't allow creating them.
I've created the following diagram to show the current state of the network.

Router 1 is the one provided by the internet company and I can't configure practically anything and the second one has OpenWRT installed. The minecraft server will use a double nat to access the internet and the second router will have the 25565 open and forwarded to the server. With this configuration would an attacker be able to access the rest of the devices on the main network? If so, I'd like some recommendations from you to improve security and keep the main network as fast as possible.

1 Like

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

I have the default settings. The server and the router are not connected yet. I wanted to know if that configuration was valid and secure before connecting everything.

I dont see any OpenWRT in your picture.

If your goal is to prevent the server behind Router 2 from accessing devices that are on the main network behind Router 1, you will need to add a firewall rule into router 2 that prevents such access. The rule will be similar to what you see in this tutorial - the last step in section 3 (but it will be applied to the wan zone of your OpenWrt router).

Your port forward will need to be 2 parts:

  • in router 1, you need to set a port forward on the desired port to the address of the OpenWrt router on R1's network (i.e. the address of OpenWrt's wan).
  • On router 2, you need to set the port forward to the server itself.

Otherwise, the topology is generally fine.

I think this post should be in "Installing and Using OpenWrt" section?

1 Like

Moved topic to Network and Wireless configuration

In simple matters you need to emply vlan-s to separate traffic in question.
One - does your provider router support VLANs
Two - is your OpenWRT configured swconfig or dsa