Raspberry Pi 4B as a main Gateway/Router/Firewall

I am looking to use a Raspberry Pi 4B (4 GB) as the main device to connect to my ISP, with the eth0 as the WAN in DHCP client mode, and radio0 as the LAN with static IP, assigning IP addresses to connected devices. I may in the future add a USB-A to ethernet adapter as LAN, but want to ensure I have the basics right first. My new potential ISP provides FTTB, and an in-wall female 10 Gbps capable 8P8C RJ45 Ethernet connector, so no modem is needed.

I am aware that the antenna on the Pi isn't best suited for this, and that the Ethernet port on the Pi can only do up to 1 Gbps; I live in a small apartment, am using a 40 Gbps capable Cat8 cable, have tested it in AP mode, and it's fine for my needs. I am not asking for advice related to the hardware choice, I'm doing this to learn, and I also want to wait for next gen routers with 6 GHz radios to come out to install OpenWRT on (or build my own hardware). My shell experience is enough to get by, but I try to avoid it when possible.

I've looked through this forum, and on other sites, and haven't been able to find someone who has laid out their steps in a way that I can follow. The closest I've found is this one.

Here are the steps that I've taken:

  1. Used Etcher to install the correct snapshot version for my device with ext4 fs on a 32 GB microSD.
  2. SSH'd in directly to set a passwd for root, and uci set network.lan.proto=dhcp && uci commit so my old ISP modem/router/gateway assigns a correct IP under it's subnet (192.168.0.x).
  3. Unplug and plug back into my old ISP modem/router/gateway (which currently still has internet service to it too), check the assigned IP, and SSH into it.
  4. Installed luci & nano (because it doesn't come with snapshot images) via opkg update && opkg install luci && opkg install nano.
  5. Add new device br-wan, using eth0.
  6. Add new interface, wan, using br-wan (this automatically configures the Firewall to correctly zone everything because OpenWRT does this automatically for interfaces named "wan")
  7. Enable radio0 in Access Point mode, connecting to br-lan.
  8. Set static IP to the one currently assigned by the router, with default values for everything else
  9. Connected computer to OpenWRT Wi-Fi signal
  10. Removed eth0 from br-lan, which then moves it to br-wan according to the GUI.

This is where I've reached thus far. I'm clearly starting to do something wrong, as when I make backups of this configuration, apply it to a fresh install, connect to the AP, then try to access the web client, it doesn't work. The MAC addresses of the WAN & LAN should be different. Perhaps as well the subnet in the LAN should start with something different, like 192.168.1.x?

I would appreciate pointers to help me get to where I can use this as a standalone router. Current config shown below:

1 Like

For very minimal usage this could work but the onboard wifi is very weak and sketchy for more serious usage

Also there is no need for a bridge on wan. You can just make the eth0 your wan.

Finally yes make your ip on LAN a different subnet. for example