[Solved] How do i make a router with gateway

i have a raspberry pi 3b+ that i want to convert in a 5ghz AP that also host a samba server and works as a router, the problem is that i can't get the router and gateway working, the idea is that i connect a switch to eth1(part of Lan network with the AP) and the eth0(which is gigabit full duplex, good for streaming to my main pc) is the wan port, i should not be able to connect to the interface or ssh from, for example, my friends router network, but when connected to the AP or the switch i must be able to connect the raspberry pi(the one running openwrt) over ssh and Luci, i want the subnet of the Lan to be something like 169.42.0.255 and the gateway be 169.42.0.1. the main idea is that i carry this with me and when i want a samba server i can just plug power into the pi, and the pi assign ips to the clients in the eth1 and AP networks,(yes i want this to work even without internet) and when, for example, i am at a friends' house with 5ghz connection i can wipe my raspberry pi, connect it to the router and have a 5ghz network isolated from my friends' network, i provided 2 files that might me of help to resolve this issue. i tried many different configuration without success, sorry that i am a bit of a Newey but i couldn't find tutorial that help me do this.

config defaults
        option syn_flood '1'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'
        list network 'Wan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdb3:b6c0:6803::/48'

config device
        option type 'bridge'
        option name 'Br1'
        option macaddr 'redacted'
        option mtu '1500'
        option txqueuelen '1000'
        list ports 'eth1'

config interface 'lan'
        option proto 'dhcp'
        option device 'Br1'
        option ipaddr '192.168.3.33'
        option netmask '255.255.255.0'
        option device 'br-lan'

config interface 'wan'
        option proto 'dhcp'
        option device 'eth0'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'
        list ports 'wlan0'

There are several things to discuss here:

The Raspberry Pi 3b+ can technically operate a 5GHz AP, but the performance of all of the Pi devices' built-in Wifi is terrible because the chip is very low end. It will have very poor signal strength and range compared to any proper AP, and it will be significantly bandwidth limited, especially when there are multiple clients attached, due to its 1x1 radio configuration.

Yes, this is a gigabit ethernet port at a phy level, but it is limited to just 300Mbps maximum throughput due to the USB 2.0 connection to the SoC.

You should stick to RFC1918 addresses -- it is not wise to use other IP address ranges for a number of reasons. Further, alhtough the APIPA address scheme is 169.254.0.0/16, when people see a 169 address, they will assume something is wrong. It is best to use something in the 192.168.0.0/16, 172,16.0.0.12, or 10.0.0.0/8 ranges.

As for the subnet and gateway -- if you're talking about a /24 (common and really easy for human readability), the .0 address (4th octet) is the subnet ID and .255 is the broadcast address. Commonly the router will be placed at the .1 address, but there is no rule that states this is required.

Meanwhile, you have eth0 defined on the wan as well as br-lan.

Delete this:

Edit 'br-lan1` so that it looks like this (use eth1, remove wlan0):

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1'

And then edit your lan to proto static and use br-lan, like this:

config interface 'lan'
        option proto 'static'
        option device 'br-lan'
        option ipaddr '192.168.3.33'
        option netmask '255.255.255.0'
        option device 'br-lan'

Currently, the lan address of your Pi will be 192.168.3.33 -- you can reach that by plugging a device into eth1 or connecting via wifi.

I see this a lot here and it is not the wifi chip, it is the antenna etched on the board.

Some people just scratch the trace and break the connection to the antenna, move the resistor and solder bare wire to the board with a SMC connector.
Some very brave and skilled people.

A better antenna may help a bit, but it is still a very limited 1x1 radio design... so it won't improve much.

What you describe is basic lan-wan routing, which is the overall plan of the default configuration. Since the Pi only has one Ethernet port, it doesn't automatically create a wan interface, however after adding a second port, just create a network named exactly wan and add the second port to it. Or switch the eth numbers so the built in port is wan and the new one is in br-lan.

You should have only two interfaces, lan and wan, and one bridge named br-lan. Two of these three elements are already in the default configuration you just need to add wan.

By setting option network 'lan' in the wifi configuration, an AP can be started up and added to the existing bridge. Do not reference wifi interfaces in /etc/config/network. Also make sure to set your country code option country XY in the wifi-device block which defines the wifi radio for optimal wifi performance (which as noted, is not very good on this hardware).

okey, i seem to have totally wrecked the installation the first time i used because i got as ip (i made a clean install) 192.168.1.1 which did not make my router happy, now, i seem to get it most of it working, by now i have internet, dhcp, and it works as i intended, i can access from the Lan but not the wan, the thing is that the config that got it working was:
not sure why but it only worked when bridging eth0(built in gigabit port) and eth1(dongle)

in regards to the capability of the onboard antenna, i know it is kinda bad but i only need it because of the lower latency of 5ghz, i intend to only plug my phone to it, at most I'll be using 30mbits down
what i want to know is: is this setting fine and safe?

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fddc:1578:c927::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'
        list ports 'eth1'


config interface 'lan'
        option proto 'static'
        option device 'br-lan'
        option ipaddr '192.168.3.33'
        option netmask '255.255.255.0'
        option device 'br-lan'
config interface 'wan'
        option proto 'dhcp'
        option device 'eth0'

Did you get the image from the Firmware selector and let it Customize installed packages and/or first boot script?

Because... ... I mean it works but it is not right.

yeah, everything work for like, 20 minutes then stoped working, i mean, i can connect to that ip, but ping 8.8.8.8 doesnt work...

Remove eth0 from below.

remove the last line (you've got a duplicate device line):

yeah, it worked, at first when it was:

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0

i couldn't connect but now i can, weird.

So, your firstboot had your radio and eth0 bridged in the lan.

After that add your eth1 (dongle) system/interfaces/devices. then back out to system interfaces and add an interface, name it wan and choose eth1 in the device pull down.

It should have bridged the radio too. Did you use " Customize installed packages and/or first boot script "? It is easy to miss.

Yes, that is strange.

No, it should not.

The radio should only be specified in the wireless config file. within that file, the network is specified that then links the SSID to the desired network.

nope... not strange at all. The two ethernet ports were bridged together when they shouldn't have been -- one is linked with the lan and the other with the wan, so they should not be in a bridge together.

i mean, i already got it working, wireless wasn't bridged because i seem to need to set up a psw and all that stuff to get that working.
in regards to the network working when it shouldn't have it was probably because i didn't reboot and just made /etc/init.d/network restart. or maybe i forgot to even do that. anyways guy, thank you very much for your help, do i need to proceed to make something in regard to the forum? do i set something in particular as the answer?

Not with the Pi with the customized install. It bridges everything in the lan.

I saw that.
eth0 is put on the lan along with the radio. When you are done setting up the wifi you can move it to the wan. Otherwise you have to use a monitor to config it.

i don't recall anything about a customize installed packages, i just install this image(https://downloads.openwrt.org/releases/23.05.0/targets/bcm27xx/bcm2710/openwrt-23.05.0-bcm27xx-bcm2710-rpi-3-ext4-factory.img.gz) with balena etcher, then started the pi, configured as you told me (with the issue about bridging lan and wan) the fix it, and then updated with opkg command

A basic wireless config looks essentially like this:

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'

note the option network 'lan' line -- that is how the SSID is linked with the network. The radio should not be referenced at all in /etc/config/network, but the bridge (within the network config file) is what makes it possible to connect both ethernet and wifi.

Try it, you'll see.

This is where the terminology 'bridge' gets confusing: a bridge puts more than one device under the same interface e.g. the radio and the ethernet.

Does not bridge wan to lan.