Setting Up openwrt router behind ISP router avoiding NAT


I have a router (HG8546M) from my ISP (service is 100Mbit Fiber). Because the provided router is quite bad (only 2.4 Ghz Wifi with bad performance, can't change DNS server, firmware looks like it's from 2017) I want to set up an openwrt router (I have a GL-AR750S-Ext) as the main router in my house.

However I have some more requirements. I have a nextcloudpi server running at home one a custom domain. The server is accessible, from outside the home LAN, through portfowarding of HTTP and HTTPS protocols. I would like to keep the ability to do this after I setup openwrt. This means that I want to avoid introducing NAT in the setup.

If I have understood things correctly what I need to do is to:

  • Connect openwrt device to ISP router via lan port
  • Enable DMZ at ISP router for openwrt device
  • Set up openwrt device (How? In what way?)
  • Connect raspberrypi, that runs nextcloudpi on a lan port at openwrt device. Enable port forwarding to the rpi at the openwrt device.

Does this sound plausible? Have I made any mistakes in the approach above? Are there any guides appropriate for the steps above?

It is possible to do it as you described, it will work almost with defaults everywhere, however it will be a double nat solution.
Frankly speaking I don't see how you can avoid at least one nat. Having IPv6 could help you with that. But even with one or two nat, I don't see why forwarding the 80 and 443 ports would be an issue.

1 Like

See if the ISP router has a bridge mode such as IP Passthrough or PPPoE Passthrough. This will allow you to have your public IP on the OpenWrt router thus having only one router-- the ISP device will operate as a modem.

That is the cleanest way to do it. If you must route in the ISP router see if there is an option for static routes. Making a static route to your LAN network should let you not NAT in the second router. This is for outgoing connections. Incoming connections will need to have relevant ports forwarded to the OpenWrt router, the server (if static route is installed) or declare a DMZ. The DMZ feature is a shortcut to forward all the ports to one device, which would be your OpenWrt router.

In any case you connect the WAN network of the OpenWrt router to the ISP modem/router.


Unfortunately the router does not support anything like bridge mode. The ISP unlocks it if I pay extra but I 'd rather not because I don't like such behaviors from their part.

I ended up setting the openwrt router as a DMZ target. I then forwarded the relevant ports to my nextcloudpi server and even though I was behind a double nat the set up appears to work. I even got transmission to work from my laptop (again by forwarding the relevant port).

I think I 'll leave things there for now and get myself more comfortable with managing openwrt. :wink:

1 Like

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.