i want to configure the following:
Internet -> Fritzbox (ISP Router) -> Openwrt -> LAN and multiple VLAN
The Openwrt ist not connected via the WAN port to the ISP Router.
It is connected via an LAN port on which an untagged VLAN is configured. The Interface gets its IP via DHCP from the ISP router. Thats working fine.
The Openwrt Router has Internetaccess and can download packets. Its also possible to ping and wget with ssh on the wrt.
What is not working is the Internetaccess from LAN and the other VLANS.
It works, if i turn on masquerading, but i dont want to use that.
Connected to LAN the clients get IP Address (10.10.10.x) and Gateway (10.10.10.1) from the OpenwrtDHCP.
What do i have to do to achive that i can access the internet from the openwrtlan.
It schould route LAN -> openwrt -> LAN (ISP Router) -> ISP Router -> Internet.
By different VLANs I assume that you mean you want to set up guest or IoT networks that are strictly firewalled. You have to route such networks, not bridge them, for the firewall to work.
If you don't masquerade, you have to install return routes in the main router. It would be a good idea to also make a DHCP reservation in the main router so the OpenWrt router has a known constant IP address to use as the gateway in the return routes.
Yes, some iot stuff which is not allowed to access anything outside its subnet. The main LAN should be able to access all inside the blocked Subnets.
But thats the second step.
Firstly i want to habe access to the internet without masquerading. The openwrt has internetaccess. But it does not work in its LAN.
Simple said:
the WAN is connected to a LAN port.
The real LAN is connected to another LAN port.
Openwrt has Internet Access. But the the devices in LAN only can access the internet when the WAN(LAN) is configured as masquerade.
Dont know how to configure the wrt to route to the Internet.
Does your upstream router have support for user defined static routes? If so, you can add appropriate routes and you can use openwrt without masquerading. Otherwise you will need to have masquerading enabled.