USING THE GOOGLE TRANSLATOR without reading them produces these effects. Sorry for the mistakes.
1 Like
Please, assess whether the following settings, saved in the document, are sufficient to complete the task?
Questions:
Are the entries for the DOVLAN10 INTERFACE correct (the IP address is the port address on the router in this subnet, the gateway is the gateway address for this subnet)?
Is bridging to eth1.1 (standard lan) enabled required for Physical settings?
What with firewall settings? Not configure or assign to lan?
What to do with LAN Interface? Remove? leave? change?
result of config is below:
<```
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd7c:4684:3dcc::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth1.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option ifname 'eth0'
option proto 'dhcp'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '0t 1t 2 3 4'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t 1t'
option vid '20'
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '0t 1t'
option vid '10'
config interface 'dovlan10'
option proto 'static'
option ifname 'eth1.10'
option ipaddr '192.168.10.1'
option netmask '255.255.255.0'
option gateway '192.168.10.1'
option broadcast '192.168.10.255'
config interface 'DOVLAN20'
option proto 'static'
option ifname 'eth1.20'
option ipaddr '192.168.20.1'
option netmask '255.255.255.0'
option gateway '192.168.20.1'
option broadcast '192.168.20.255'
Switch configuration part is correct.
In the interfaces part the gateway is wrong (gateway is the next hop router for the default route) and broadcast is not needed (it is automatically calculated from the mask). The gateway will be on wan interface, as this is the uplink to the internet. Well done!
Thanks
Ok - as for the gateway, I understand it as below:
Gateway for R is: for Wan int - next hop to ISP router. Gateway is in the same net as R WAN int.
It is OK
But.. if gateway must be in the same net - i can't write here WAN address.
And what about questions about bridging, firewall and LAN interface?
Gateway is a system wide setting, it is what the router will do with requests for IP addresses that are not in its routing table. In general this is the next router on your path to the Internet, or to other networks that your router does not know about. Creating a new network makes an entry for it in the routing table (e.g. 192.168.10.0/24 via eth1.10) so it is not necessary to manually make any routes. It also configures the DHCP server to advertise itself as the gateway for that network.
TLDR: Leave the gateway box blank.
When someone on the VLAN10 network wants to reach the Internet, their machine has been configured by DHCP (or manually, if you want to make it complicated) to use 192.168.10.1 as the gateway. So your router gets the request and uses its system wide gateway to forward it to the Internet. Again this is one entry in the routing table for the whole router, and it is configured by setting up the WAN, not each lan interface.
1 Like
Thanks. I understand, of course, the gateway. For hosts in LAN is usually ruter's LANport, for WANport R is interface of the next device on the route. The question is rather about LuCI form fields (general setup). What are the gateway and broadcast fields for? Is it general forms. for LAN and WAN?
For every interface you can fill the broadcast and gateway, if it is necessary. In this scenario it is not needed to fill in the broadcast in general, or the gateway for the lans.
1 Like
As I wrote in the thread - I created lan interfaces and subinterfaces for switch port.
Question is: do I have to configure anything else to route packets from vlan x to vlan y? Someone says traffic may be blocked by a firewall ..
Assign them all to lan firewall zone.
1 Like
And what about Masquerading function if on subinterfaces I have 2 diferents lans ?
Masquerade doesn't have to do with the amount of lans you have on the subinterfaces.
2 Likes
When building a main router for a home network, start with two networks named "lan" and "wan". The firewall is already configured for that use case.
The physical devices for the two networks are the VLANs on the eth port. You don't need to create more networks only because there is a VLAN involved.
Once you have the basic lan->wan routing working you could consider adding a guest network etc.
No, you have added the lan interface in lanvlan zone. This is not what I told you:
OK OK - but this topic is about routing vlan subinterfaces.
Is thema like router on the stick.
Done. Thanks