Hi!
i am currently running two routers (an ISP provided Fritzbox 7590), which receives a public IP from my ISP via DHCP, and is used by other people in the house.
As i like tinkering with network settings, i'd like to run my own network using my Archer C7 running the latest OpenWrt firmware.
The ISP router serves the network 10.1.1.0/24, which my Archer is connected to via the WAN port, and a static IP (10.1.1.253) and disabled DHCP on WAN. In order to avoid double NAT, i have disabled masquerading on the Archer:
config zone
option name wan
list network 'wan'
list network 'wan6'
option input ACCEPT
option output ACCEPT
option forward REJECT
option masq 0
option mtu_fix 1
and instead set up a forwarding rule in the ISP router:
ip route add 10.1.2.0/24 (the network that is routed by the Archer) via 10.1.1.253
Additionally, i have added a forwarding rule to allow traffic from WAN to pass into LAN:
config forwarding
option src wan
option dest lan
This works, i can access addresses on both networks, and connect to the internet as well.
There is one problem however.
The ISP router still serves DHCP to the clients that are only connected to the Archer directly (they receive addresses from 10.1.1.0/24), although they should receive 10.1.2.0/24 addresses, which is the archer's network.
The config for the lan interface looks as follows:
cat /etc/config/network
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ip6assign '60'
list ipaddr '10.1.2.1/24'
list dns_search 'lan'
cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option start '101'
option force '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
option start '100'
option limit '150'
option leasetime '12h'
Does anyone know how to prevent this from happening? I want the clients connected to the Archer to only receive IP addresses from 10.1.2.0/24, instead of 10.1.1.0/24.
Additionally, they show up in the DHCP lease list of the ISP router, which should not happen IMO.
EDIT:
I have now observed that the devices connected to the Archer can only access the internet, if they actually use the IP assigned by the ISP router's DHCP server in the 10.1.1.0/24 network. If i remove that IP, and set an IP in the Archers 10.1.2/0/24 range manually, the internet access no longer works.
In addition, i can not reach the Internet on the Archer itself (pinging 8.8.8.8) for example.
I'd like the two networks to be independent, and for the Archer to run it's own DHCP, DNS etc.
The setup should "work" similarly to just plugging in the Archer (with default settings) into the ISP router (the double NAT setup), just without the double NAT.
