What i'm trying to do is let the digicorder use the WAN port for direct communication (no natting - basicly as a switch) with the modem in order to recieve the correct WAN IP adress. but also let the digicorder receive an LAN IP from the dhcp of the router.
How can i achieve this ?
Currently running Lede but thinking of switching to Libremesh so the devices can roam seamless between the 2 routers.
If they receive the WAN mac-adress of the digicorder > you get an 10.x.x.x range IP-adress. (this is needed for their subscription-service ( CAS-Latens Encryption , VOD, etc)
If they receive any other kind of mac-adress > you'll get either dhcp-adress from the modem or in my case direct Wan IP-adress since i dont have a router+modem combo.
The digicorder also has a different LAN mac-adress so it's reachable for the LAN network (DLNA client).
It now "works" by adding a 5port belkin switch between the Router & the modem and plug the digicorder in that switch. (minus the LAN DLNA client function.)
I just want to "mimick" this with the WAN port of my router so that:
i do not need the belink 5P switch
I only use 1 port on my router to connect to the modem.
I can use the other device that is also on my "powerline network" so i can reach it via Lan.
Does the ISP recommend connecting the Digicorder directly to WAN?
This is massively insecure, as this will bypass the firewall of a router, making your Digicorder fully accessible to anyone on the internet.
The 10.0.0.0/8 subnet is not a WAN subnet... it's a Private Address Space set aside by RFC1918, same as 192.168.0.0/16 and 172.16.0.0/12.
Wouldn't it be easier to simply change your DHCP server to use a subnet from the IP block 10.0.0.0/8, or create a vlan for the LAN port the Digicorder is connected to?
/etc/config/network:
This will make LAN port 4 (sw.port 3) apart of a separate vlan
Firstly , yes it could be insecure to connect it directly but the digicorder gets terminated on their internal lan-network, the Router/modem combo does the same, so it's always "insecure".
I do follow you on the set 2 ports to the same vlan or create a seperate vlan and add it to the WAN Zone BUT
I would like to keep my 4 ports for clients , and also want to be able to reach my lan from this port since:
the digicorder act as a dlna client on the LAN mac-adress.
another device is on the same "powerline network" that needs to be able to reach the lan.
I've found someone who managed todo it like this:
They setup a managed switch between the modem and the router, and Setup 3 ports:
1 for the WAN port of the router
1 for the Digicorder but applied ACL's so that only the WAN Mac-adress may pass and connected a port to the lan zone of the router. essentially creating a bridge over the WAN-LAN Zone but only allowing the WAN MAC adress, and also denied dhcp-leases for the WAN-mac adress so the ISP dhcp would answer.
I'm trying to achieve the same but with the internal switch of the router itself, thus i want to allow traffic of either my WAN Zone and the digicorder's WAN Mac-adress from the WAN-port and still let the LAN Mac adress receive a ip-adress from my dhcp.
I'm thinking , i would need to virtually "bridge" the WAN-LAN Zone by creating a New Zone just for the digicorder and only allow that mac-adress.
The only thing i don't know is will it directly communicate to the Modem or always via the router's IP (NAT) ?
If i just bridge this port with my Wan port i will lose the ablility to reach my lan zone.
Any idea's how to bridge these interfaces in such a way that the digicorder essentialy uses the WAN port as a "switch" and just send it's data directly to the router, but deflects any traffic for the LAN mac-adress to the LAN-Zone or does this need to be done with a seperate switch ?
Also i cannot create this 10.x.x.x range for the digicorder as it will call home and check if this IP-adress was leased by their dhcp-server (anti-piracy).
Belgium / Telenet? See my question on a similar topic (VLAN assignment based on mac address). No response so far that's given me the info I need to accomplish the same thing.