[Solved] Private network

HellScream · February 2, 2018, 4:55pm

The schematics is simple. Ethernet IN on the build port of my pi. i add a usb card to extend ports. All nice. But how i make the setup so I obtain the following?
eth0 (wan) take internet from any given network.
Apply some firewalls roules and send the traffic over the rest of the ports.
Acces to ssh and LUCI only from insde the network.
I need an internal ip addres range also.
How I do this setup? Thanks in advance.

hnyman · February 2, 2018, 5:05pm

You just define the correct firewall/routing/dhcp rules for those descriptions. Just as vague advice as the request

Don't expect reasonable advice if you do not provide the necessary details about the requested config.

eth0/wan? build port? usb card with ports? rest of the ports?

HellScream · February 2, 2018, 6:03pm

I Will like to say a big THANK YOU to theperson who will give me a basic coniguration for the fallowing build.
Pi3 +lede image.
Build in a ethernet card (eth0)
Build in a wifi antena (wlan0)
Added with kmod +modeswitch a secondary ethernet port (usb-ethernet adapter, eth1)
On this eth1 i plug a switch.
I need the following:
WAN port (eth0) to be in dhcp mode, taking internet from any given cord(with correct configuration on the other end).
Regardless the WAN ip address, LAN (eth1+wlan0) to have a private ip rage.
Regardless the WAN ip address, the router to have a static router accessible only from lan. SSH and Luci, as well, accessible only from lan.
Can somebody help me with this? A huge thanks.

lleachii · February 2, 2018, 7:22pm

This is a quite basic configuration.

See: https://lede-project.org/docs/user-guide/network_configuration

Hope this helps.

mk24 · February 2, 2018, 10:25pm

You want basically a default configuration which a standard 4+1 port router would have. Except that a device with one Ethernet port starts out configured only with a lan network. This network has a DHCP server serving private addresses, and the Ethernet port is attached to it. There is a wan firewall zone set up but no wan network.

First create a wifi AP on the LAN. Disconnect the Ethernet cable and log back into the router by wifi. Now create a 'wan' network interface (very important: name it lowercase 'wan' not 'WAN') with protocol DHCP Client and attach eth0 to it; remove eth0 from the lan physical settings. Plug the ethernet port into your Internet linked network. It should now pick up an IP address from the other network and route your computer on the wifi out to the Internet. Important: If this address is in the 192.168.1.x range like the LAN, it will not work. Change the LAN address in that case.

With the router connected to the Internet you can use opkg to install the kmod(s) needed by your second Ethernet card. Once this card is active you can switch the ports around if you want.

HellScream · February 3, 2018, 7:59am

In the end I have the fallowing configuration:
>>WAN port=DHCP network covering eth0 only
>>LAN network covering eth1 with a static ip address
WAN have a 192.168.1.x range.
I change the LAN network settings to static IP address, with a class B range. Now, How do I setup the two networks to work together?

lleachii · February 3, 2018, 10:31am

They should "work together..."

Have you permitted forwarding from LAN to WAN?

mk24 · February 3, 2018, 2:10pm

I'm not sure what you did exactly but the LAN static IP must be outside the WAN. For example WAN is 192.168.1.x and LAN is 192.168.2.x You will then need to disconnect your PC and reconnect to log back in at the new address.

HellScream · February 3, 2018, 2:31pm

This is my output from network configuration
root@lede:/# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd27:70fa:5c1d::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth1'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.2.1'

config interface 'wan'
        option ifname 'eth0'
        option proto 'dhcp'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 5 6 7t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0 7t'

With this config, wan get ip but no internet on the rest of the ports
with "option ifname 'eth1 eth0 '" modified in lan network, i got the 192.168.1.x ip addresses (wan ip class)
Where Is my mistake?
.

HellScream · February 7, 2018, 11:14am

SOLVED.
For those who encounter the same problem, just insert this config.

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fddc:e334:e60f::/48'

config interface 'lan'
	option type 'bridge'
	option _orig_ifname 'eth0 wlan0'
	option _orig_bridge 'true'
	option proto 'static'
	option ifname 'eth1'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'

config interface 'wan'
	option proto 'dhcp'
	option ifname 'eth0'