I'm currently using the router from my ISP and it's very basic and has awful Wifi.
I'd like to use an OpenWrt router (I don't have it yet, I think I'll go with the BPI-R4 when it's released) but unfortunately my ISP router doesn't have a bridge mode.
I think the only way to use the OpenWrt router as the "main" router is through a DMZ: my ISP router will be configured to DMZ to the OpenWRT router, and I'll have an AP connected to the OpenWrt router for Wifi.
I have a self-hosted website so I need NAT, but I'd like to avoid double NAT.
Here are diagrams to show what I currently have and what I'd like to do.
Unfortunately the link between the ONT and the ISP router is not RJ45 but an optical cable.
So I need to use the ISP router anyway.
I want to make the OpenWrt router the main router with all the firewall rules including NAT, so in case I have to create a new rule I only need to add this rule to OpenWrt.
To sum it up, the ideal would be I don't have to touch the ISP router anymore once DHCP is disabled and DMZ enabled to 192.168.2.1
If that's possible then I'm totally fine with it.
since you want to solve that on top anyway, I would start small and look for a dedicated OpenWRT access point device first.
Get one that has more than 1 LAN port, then you can testrun your whole router scenario as well.
If your single NAT / DMZ scenario turns out unusable in that testrun, just add the OpenWRT access point to your regular ISP router and be happy about the better Wifi.
If the DMZ plan turns out well on top of that, consider to either continue using OpenWRT as a combined router/AP or get an additional more powerful dedicated OpenWRT router device as a sidekick for the OpenWRT AP.
Yes I want to get rid of the awful WiFi but that's not the only benefit I want from OpenWrt.
Basically I'd like to be able to use OpenWrt features for all devices connected to my LAN, both WiFi and RJ45.
From what I see it's not as trivial as I thought.
I have a spare Raspberry Pi 3 somewhere so maybe I can add a LAN port, try it acting as an OpenWrt router and see if it works as expected.
Hi.
A tiny suggestion would be to set the ISP router to 192.168.2.1, and keep 192.168.1.x/24 for the OpenWrt network. Just because OpenWrt uses this subnet as default.
We don't know the Make/Model of your ISP Router so searching for either IP Passthrough or Bridge Mode would be what you are looking for to allow your OpenWRT Router to acquire your public ip. Once that is accomplished, disable all WiFi for both 2.4 & 5Ghz in the ISP Router.
Hi,
It doesn't really matter for my proposed solution ( actually what you were looking for). Please look at the links to the wiki pages which I provided.
Kind regards
K.
You need to look at you public IP address. Here is a discussion and more info: https://www.reddit.com/r/HomeNetworking/comments/vrznf2/how_to_check_if_im_under_cgnat_and_more/.
It is not that bad if you do not want to open ports, however you mentioned self-hosted websites and this will cause issues. You will achive DMZ with the OpenWrt router, but if you are behind CGNAT you may struggle with your websites.
Kr
K
I also have a Livebox 5 with an ont connected via fibre, no possibility for bridge mode or ip pass through that I know off so DMZ it is for me
I do have a Public IPv4 and IPv6 but YMMV
hi wiltrhil i'm french too you will be only static on orange your router et then place to dmz the router static
i'm use openwrt for my gaming home
disable upnp and reboot yoru box
translate french
salut wil pour effectuer cela desactive juste upnp active statique ip dans dhcp de ton routeur orange comme moi en 192.168.1.1 et place dmz sur ton routeur, chez moi orange est different en france car je suis client pro
Yes I'm French, I'll add the translation after this
I had no trouble so far for my website so for CG-NAT I think I'm covered, that's good but thank you for raising this potential issue in case I change my ISP.
I don't know if an optical module on the BPi will work, my optical cable is different than SFP+ but keeping the Livebox is not a big deal.
Anyway now I know what to do and it's what I expected (I'm not an expert in networking) so that's good, now what I need is the actual hardware.
@Dopam-IT_1987
Merci pour l'info.
Donc je ne suis pas derrière un CG-NAT, mais je m'en rappellerai si je change de FAI.
Pour le câble optique ça n'a pas l'air d'être du SFP+ du coup je ne sais pas si je vais pouvoir le brancher directement sur le BPi, mais ça c'est pas dramatique.
Je vais faire ce que tu conseilles et c'est ce que je pensais faire dès le départ, maintenant il ne me manque plus qu'à acheter le matos.
