Hi, I've tried to find an answer to this but I'm not a network expert, and some of the answers I just cant understand.
I have a device on my network (raspberry pi pico with micropython) that answers DHCP requests on its wifi connection to my OpenWrt router.
Basically what I see is sometimes devices will end up with 192.168.4.* addresses, which is the range the device should give out on its other interface.
Can I configure OpenWrt to simply not route anything with an IP address in that range?
I know it's maybe not the right solution, I should stop micropython answering DHCP, but for my development environment, I'd rather use this sledgehammer approach
DHCP does not route across networks - it's local/responding to a LAN DHCP broadcast request, so you're not describing something correctly here (or you misunderstand your issue). You need to disable the rogue DHCP server on your Pi that's connected to the same network.
If this range/scope issued by the Pi is supposed to exist on another network/interface, then you have something incorrectly connected or configured on the Pi. I would hazard a guess that you have DHCP listening on the wrong Pi interface.
Hi, thanks for the reply - yes, it's entirely possible I'm describing something incorrectly!
I'm using a standard micropython, and I have two interfaces configured, one which connects to my regular wifi, and the other which serves as an access point. The AP one has DHCP, the regular wifi one has a static IP address. I suspect the micropython is answering requests on both interfaces, which it shouldnt.
And this is only from observation. My OpenWrt router is set to 192.168.2.* addresses, but some of the devices on that wifi network end up with 192.168.4 addresses.
I think it's a bug in the micropython, but as I use these boards a lot for development, I'd prefer to stop all 192.168.4 traffic on my network.
And now that I type all that, I'm not sure this'll work, because the DHCP on the device will still respond to DHCP requests, right?
The firewall can't prevent traffic between two devices that are on the same L2 network.
You could sequester the buggy device into its own IoT like network which has no other members. It would be its own IP subnet on the router, for example 192.168.5.0/24. Then route to that network from your lan 192.168.2 network.