Hi there,
I am attempting to set up an OpenWRT device to do two jobs simultaneously.
I have started with a fresh install at factory settings and based further setup from there.
Ultimately I would like to achieve the following:
- 2 separate networks on one device
- 1 shared WAN port, 2 LAN ports per network, 1 WiFi SSID per network
- Network 1 should be a dumb AP + switch. The network coming in on the WAN port should be bridged directly to 2 of the 4 LAN ports on the device, and 1 WiFi SSID
- Network 2 should be a NATted network, where the 2 remaining LAN ports and the 1 remaining WiFi SSID should be assigned IP addresses by the device's DHCP server and NATted to the network coming in on the WAN port. This would end up being a double NAT, because the network coming in on the WAN port is a 192.168.0.0/24
For additional clarity, the resulting setup would be as such:
- WiFi network 1 + LAN 1 and 2 - directly bridged to the WAN network 192.168.0.0/24 so connecting devices will be assigned DHCP addresses from the router the WAN port is connected to
- WiFi network 2 + LAN 3 and 4 - NATted to the WAN, assigning DHCP addresses in the 192.168.1.0/24 range
I have attempted this setup myself by expanding on the stock LAN setup by:
- Creating a LAN2 firewall rule which is all accept and no forward
- Creating a bridge device called br-wan which includes the WAN port and LAN ports 3 and 4 (which have been removed from the original br-lan)
- Creating an Unmanaged interface called LAN2 connected to this br-wan bridge device
- Added a WiFi network which has been attached to the LAN2 interface/br-wan bridge
This setup only half works unfortunately. The new LAN2 network works actually perfectly fine, I am getting IP addresses in the 192.168.0.0/24 range fine and I can access the internet. The NATted LAN (network 1) which is the unmodified LAN from the stock config however does not work for internet access, only for accessing the router interface. As you can see, the WAN interface no longer has an IP address assigned to it either, so I suspect thats the reason why I am not getting a connection to the downstream network, however I don't know why it does not.
Cherry on top is I tried to reproduce this exact setup on a second device and neither networks worked. Is this just an unsupported configuration or am I messing it up somewhere?
Thanks!