Transparent bridge between ISP router and ISP fiber modem

Our church wants to check how our internet access is working - basically they want to monitor the internet traffic and build a usage report. Nothing fancy, just record bandwidth usage. Main thought is overall bandwidth usage while being able to see peak usage times. History would have to be kept for about a month to see when peak usage is and compare with our current ISP plan.

Current setup:

| local | --> | router/AP | ---> | fiber modem | ---> Internet

What I would like to do is:

| local | --> | router/AP | --> | openWRT bridge | --> | fiber modem | --> Internet

The router/ap and the fiber modem are supplied by the ISP.

I have an old Dell Optiplex SFF desktop with 2 nics (built-in and PCIE expansion card).

It's been about 15 years since I worked with DD-WRT on a geode board (side job ended about 15 years ago) and have recently found OpenWRT as a replacement.

The main problem I can see is it would probably need to be a drop-in layer 2 bridge with no third network card to attach to the local network for monitoring, so I would have to save the data on the bridge and copy over to a thumbdrive for review.

Any thoughts about this?

Buy a cheap managed switch put it in where you imagine an OpenWrt bridge and use port mirroring to mirror all the traffic to something lower power consumption than a Dell optiplex... You might do ok with an RPi4 or a Celeron mini PC. Run ntop-ng on that box. Voila.

Forgot to mention - I cannot spend any money at this time, so the Dell with openwrt is what came to mind.

Ok, so you can definitely do the bridging in OpenWrt on your dell. The package nlbwmon might be a good choice to collect the data.

It'll be a little tricky because in this scenario the dell won't have an IP address or a means to access the internet. You'll want to install all the packages needed before reconfiguring it to do its job.

Does nlbwmon also show peak traffic (i.e. - of 75M available, what was the peak usage during what time)?

Looking at the interface, it seems to only show distribution of who used the most traffic.

For what I'm looking for, all I really need at this time is just bandwidth usage as a percentage of total bandwidth available.

there are a number of bandwidth monitoring systems for OpenWrt. @jow made the nlbwmon so he'd know more about what it can do, there's also bwmon, yamon, collectd, and luci_app_statistics for example

what's the underlying reason you want bandwidth stats? Is it to deal with billing on a metered line? or to see why things "seems slow" or to control latency, or to identify if there are illicit processes using bandwidth? or what?

Others believe that the internet is the cause of our network issues. I'm looking at consumer-grade extenders being the main culprit, but also there's some talk about Frontier FIOS not being the greatest (we have a 75M up/down SLA, but take with a grain of salt).

Some good days, some bad days - but it's annoying during class and trying to watch a training video some days just means "use your phone" rather than the network.

Now I'm finding another issue, though - Realtek RTL8169sb PCI card appears to load and setup, but it won't get an IP address from dhcp. Using OWRT 19 - going to try the latest 21rc and see if that helps.

The built-in Intel chip works great, though.

never mind - I forgot I had my home router set to whitelist and didn't add the second nic to the list :frowning:

For now, looks like collectd will work. Since it looks like I'll have to reset the router at church anyway (nobody can remember the password), I should be able to just switch services over to the OWRT box and put the router in bridge mode.

what are the symptoms of these "network issues"?

if it's stuttery laggy buggy interactive stuff (video conferences etc) then I strongly recommend you install SQM on this box and see how that helps.

And yes, wifi repeaters are terrible for interactive stuff and will bork most video or audio conferencing type services. the latency and packet loss can get really high with those.

Not completely sure - non-tech users are notorious for describing problems (remember, most users think something like Internet Explorer IS the Internet!). The main thing I keep getting is "The Internet isn't working!". And until I can show pretty pictures graphing the actual bandwidth usage, it's a matter of putting out bush fires until I can get the LAN updated.

And since I have $DAYJOB during the week and other responsibilities at the church, it's slow going.

With that said, right now it's just a matter of showing what usage our actual internet stream utilization is. Since I have to factory reset the Alcatel router anyway, just going to see about putting that one in bridge mode and use the OWRT router for actual routing and recording bandwidth.

Next step is to finish planning the LAN upgrade and trying to get it approved. So far, it's priced out between $500-$1,000 of new equipment (depending on what I'm allowed to get). Mostly Cisco gear for the mesh networking and VLAN support. Speaking of which, starting another thread about some question on the new setup I'm planning.

You can get pretty far with a TP-Link business class switch and their Omada access points for a lot less than $1000

It's not just for the AP's, but a full network upgrade that I'm working on.

Yeah, sure, just saying that Cisco isn't necessarily the cheapest way to go, and competitors are not necessarily worse quality. For a church or small business, I'd definitely be looking at a linux industrial mini-pc for router, 1-3 24-port switches, and 3 to 5 APs. If you're providing WiFi for the congregation I'd look at 5-10 APs all with power turned down and channels carefully planned. Again, TP-Link's stuff would work for this so give them a look. They are kind of a competitor to Ubiquiti that doesn't go in for the monopolistic BS.

Priority would be to install some sort of wired AP near areas of heavy / critical use.

Run SQM on the main router for sure. 75 Mb is not that fast these days.

Trying to completely cover a large facility with an inadequate budget will result in a lousy user experience everywhere. Concentrate on places where Internet access is actually needed.

Our use-case at this point is satisfied by 2-4 AP's spread between 4 buildings arranged in a square. For now, a 16-port switch with up to 4 AP's should be good. The upgrade plan (if approved) will consist of a 24-port switch and maximum of 4 AP's (1 for each building), plus a patch panel for the current wired needs (with some extra ports for later use) to clean up our jumble of cables; currently we only have about 8 cables, but may add some later.

VLAN and subnet throttling questions will be in another thread.

OK - (somewhat) new setup.

Dell box will have 3 NIC's - eth0 (builtin), and dual-NIC PCIe card (eth1/2)

The idea is:
eth0 - Access to Dell to monitor the traffic
eth1/2 - transparent bridge with no IP assigned - strictly as a monitor (with minor firewall rules to keep out bad packets)


config interface 'lan'
    # This connects to one of the router ports for access to OWRT
    option ifname 'eth0'
    option auto '1'
    option proto 'dhcp'

config interface 'wan'
    # eth1 connects to router WAN port.
    #        WAN port of router should get DHCP address from modem - eth1/2 does not get IP address
    # eth2 connects to modem
    option type 'bridge'
    option auto '1'
    option ifname 'eth1' 'eth2'
    option proto 'none'

Would this be sufficient to create a transparent bridge between the model and the router?

May ask about firewall rules later, but for now just wanting to make sure I can get the internet connection going.

EDIT: clarify DHCP should not be on OWRT interface but should be on router WAN port

My first thought is to not use wan for this create a new interface called mon and make it unmanaged, a bridge between eth1 and eth2

If you use WAN you'll be fighting the default config of dhcp client and firewall rules etc. The interface you want doesn't act like a WAN on a router. So don't set it up as one.

Final setup:


config interface 'lan'
-# Used to monitor graphs
option ifname 'eth0'
option proto 'static'

config interface 'mon'
option ifname 'eth1 eth2'
-# Used to connect router WAN port to ISP modem
option proto 'none'
option type 'bridge'


config statistics 'collectd_rrdtool'
-# keep data in a non-volatile storage area
option DataDir '/data/rrd'

Took all of 15 minutes to setup (with 10 minutes being trying to find a screwdriver to change PCIe card holder to the short one).

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.