This topic is now deleted

This post is now deleted.

I'm having trouble following your topology... why is your WAN connected to the switch?

Could you draw a digram of your network? A simple photo of a sketch on paper is sufficient.

For what it's worth, the screenshots you've posted are effectively the default configuration -- and this is good for many situations.

This doesn't match your diagram (or at least it wouldn't make sense)... the WAN is the untrusted interface. The LAN is the trusted interface. Your devices should be connected to the LAN.


Can you remove the ISP combo router device? If not, just make sure that the subnet that is used on the LAN of that device is not the same as what you have on your OpenWrt router... if it is the same, routing will not work. You can easily change the OpenWrt subnet to something that doesn't overlap.

If it is using, you can use on your OpenWrt router. Or you can use basically any RFC1918 address that doesn't conflict with the upstream router.

The address for the OpenWrt WAN will necessarily be in the same subnet as the upstream router's LAN. Therefore, if the upstream uses, it must have an address in that range. Then, on your OpenWrt LAN you'll want another non-overlapping address. is fine ( for the router address -- this is the default configuration).

In the link I sent earlier, you will find the solution:

That is fine -- you are assigning the wan interface to the wan firewall zone. Currently it shows empty, but once you save the changes, it will be associated properly.

Now I'm even more confused... I don't understand what you are trying to do. Why are you changing zones around? You should leave the network and zone associations alone, and simply change the address method for your networks.

the lan network should be associated with the lan firewall zone. It should have a protocol of "static IP" and then an address like (net mask

Your wan network should be associated with the wan firewall zone. It should probably have a protocol of "DHCP'.

That's it.

Quick definitions:
LAN = Local Area Network (i.e. your network), trusted
WAN = Wide Area Network (i.e. the internet), untrusted.

When I said your setup was backwards, I meant that you were tying to connect your devices to the wan side of your router... this won't work. Your devices must be connected to the lan side of the router (via the switch), while the WAN connects upstream.

The simple solution would be to leave your configuration as it is in the picture you've posted in #15 and switch the connections you've made on your router (i.e. take the cable that is currently plugged into the normal ethernet port and connect it instead to the USB-ethernet adapter and vice versa.

If you really want to keep the physical connections the same, you need to change the ethernet assignments into br-lan (currently, I'd guess, it's eth0) and wan (currently eth1).

The firewall zone picture shows that traffic is allowed to be forwarded from the lan to the wan and that traffic from the wan is rejected (not forwarded anywhere). In practical terms, this means a host on the lan can initiate a connection (for example, to these forums). Return connections (responses) are therefore allowed. But the hosts on the wan cannot initiate a connection to hosts on your lan. This is how it should be for security reasons.

For the error you are encountering, you may need to use the command line interface if it won’t apply correctly when using LuCI (due to the auto rollback). But that link describes how to deal with this issue.

Aside from swapping the Ethernet cables, you don’t need any changes from the default configuration of OpenWrt. I don’t know if you have made any other changes (accidentally or intentionally in an effort to set things up), so I will say that your best option is to reset to defaults/start fresh.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.