I have OpenWrt installed on a NanoPI 2 Fire SBC (http://wiki.friendlyarm.com/wiki/index.php/NanoPi_2_Fire) that I'm currently using as a DNS server and adblocker. I would like to also use it for traffic shaping with SQM scripts since it has a lot of spare CPU power. This is my current LAN topology:
192.168.1.1: wr1043nd, LAN gateway connected to my ISP modem
192.168.1.2: NanoPI SBC running Unbound/adblock
192.168.1.3: A second wr1043nd which is running a DHCP server
This board has one gigabit ethernet port and one usb 2.0 port, so one option I have is to buy an USB ethernet adapter and use it as the LAN gateway, replacing the WR1043 which is currently connected to the ISP modem.
What I would rather do is change the LAN gateway (provided by the DHCP server) to be 192.168.1.2 and somehow "split" the SBC ethernet port into a LAN/WAN virtual devices, where any packets coming from the LAN is sent to the WAN virtual device and then forwarded to 192.168.1.1 (traffic from/to the ISP gateway would go through the SBC). Which would allow me to enable SQM on the virtual WAN device.
I imagine this would be possible by creating a custom TUN device, but it is not clear what is the best way to accomplish this with OpenWrt. Any suggestions are welcome.
Usually, the hardest part is setting up WR1043nd as a managed switch. Setting up your SBC running openwrt as router on a stick should be easy.
Another option (note that this involves double NAT) is to set up your SBC as 'router/gateway' in your HDCP server. With this, your LAN devices should sent packets to SBC and then SBC can NAT and send them to your actual router/firewall. All packets coming from the internet will go to SBC due NAT. I did this to run ntopng on my Rpi4 to do traffic analysis, but I imagine, you should be able to use this for QOS purpose as well. Note that NAT happens at SBC and at your internet-facing router as well. This is definitely lot easier to set up!
Note that the original wr1043nd config had this defining the WAN device:
config device 'wan_eth0_2_dev'
option name 'eth0.2'
option macaddr '84:16:f9:e8:d1:d1'
It used a random macaddr on the virtual WAN device since the same card was shared by all ports. All I did was copy the macaddr when defining the WAN device in the NanoPI. Also changed the WAN VLAN id to 10 from 2, following the same pattern used in the reference tutorial for Raspberry PI.