Raspberry PI OpenWrt WAN set up

HI Experts,

Need your help..I have setup Raspberry PI 4 as my new Home firewall, it is next to my ISP router/modem. I am able to setup Raspberry PI as router and able to access/ping internet thru' Raspberry PI4 OpenWRT. My ISP router/modem in 192.168.1.1 and my Raspi OpenWRT is 192.168.1.5....both connected via eth0 LAN cable.
I have enabled eth1 as well on Raspi OpenWRT. I want to add new AP (TP Link A6) to my Raspi thru eth1, inturn the AP will be my primary wireless router for home network. Now the real issue, I am not able to get AP connected to internet.....I tried WAN interface on Raspi (Thru LuCI) no luck....whenever I create WAN interface, I am loosing internet connection on Raspi...
Can you please me guide me thru?? Am I missing something?? Please help

This is pretty much pointless as long as your ISP router/modem isn't bridged.

HI Diizzy
Thank you very much for your quick reply. I am novice in networking...I am trying to simplify your reply. "I need to change my ISP router to BRIDGE mode to get internet on my new AP?? Is my understanding correct??

these devices are not really ideal for novices in networking...

suggest you watch several (10+) youtube videos on openwrt rpi/x64 before proceeding further

You're not "enhanching" anything by placing another router infront of your current one (Google double nat). Your AP will work just fine without the RPi.

I disagree, you can put SQM on the OpenWrt router, and you will block ISP from accessing your LAN. Furthermore you gain customization of firewall rules, and control of your ipv6 deployment.

That said, bridge mode of the ISP device is the best option if it's available.

@amolvijay normally with RPi4 you add a UE300 usb ethernet which runs cool, and low interrupt overhead. It then provides the WAN port for your router as eth1.

1 Like

Of course you do as always....
What IPv6 deployment? Are you trying to make up arguments to prove you're not wrong just for the sake of it? What evidence do you have to back up your claims that an ISP would randomly access your LAN (in this case, random stories are irrelevant)? Did you forget to tell the user what implications double nat entails? If anything transparent bridge of the RPi4 would be the only reasonable solution but that's kinda your non standard openwrt setup.

The point is, there are advantages to owning your own router, even if you have to use double NAT for ipv4. The end user should decide which are the important features in their network.

As for the ISP randomly accessing your LAN, this is a feature that some ISPs actually promote! (that is, for example, they'll access your LAN and monkey with your TiVO automatically for you, or debug it over the phone with you). Here's a guy on reddit actually deciding to pay $15/mo for that feature because it's his elderly parents and he doesn't want to be the tech support.

https://www.reddit.com/r/HomeNetworking/comments/o7oa1j/ventrant_practically_locked_into_extra_fees/

" Response: Yes, sir, you can do that, but we will no longer be able to access your TiVo devices for troubleshooting since they will not be connected to our equipment."

So yeah, ISPs have access to the LAN on the back side of their router. and even if they don't actually access it, it's a security risk particularly since it's potentially exploitable by automated malware etc.

Or by disgruntled or deranged employees: https://www.nzherald.co.nz/world/home-security-employee-jailed-after-hacking-cameras-to-watch-customers-have-sex/TTQCFBHRSDEPC2E7DVPBKTKNB4/

So to answer my question, you don't. Got it, thanks.

This is the key here