I'm living in a shared flat in Germany. My roommate uses a Fritz!Box 7690 and I'm using some AliExpress MiniPC with opnSense. Before moving together these routers were the first and only routers in our respective LANs. Unfortunately both of us have only rudamentary understandings of networking.
We want to somehow "share" the VDSL2 (175/40) connection between the two of us as seemless and as fair as possible, while keeping our routers and individual LANs. How would one go about this? Is it really as easy as connecting the modem and the two routers to OpenWrt, maybe add a few static routes so the two LANs can see each other, enable some AQM and that's it?
We'd also like to be able to only need to open ports on our routers. But wouldn't this mean we'd have to (practically) disable the firewall on OpenWrt altogether? Or could we somehow utilize UPnP instead?
Thanks in advance!
PS: I forgot to ask... is there any way to prevent double NAT in a scenario like this?
I disabled NAT on both downstream routers and added static routes for the two subnets on the OpenWrt machine. Almost everything works fine now, almost.
Unfortunately I still don't know how to make it so that the downstream routers handle all the firewalling stuff. As far as I understand it, all I could do is to set up port forwarding for all ports to one of the two downstream routers, but not both. This seems somewhat logical, since we only have one public IPv4 address (but not really, because of carrier-grade NAT?).
But the worst of it all, Call of Duty stopped working. It'll let us join lobbies just fine, but joining the actual match just times out after a while:
After searching online for a solution to this problem, I've come across multiple threads that said it's a NAT issue, but again, I have no clue how to set it correctly.
So when I add a NAT rule, which source address do I need to specify? The IPv4 addresses of the downstream routers? Or the downstream routers' subnets? Also what outgoing interface should I select? The physical port, eth1? With the VLAN tag, eth1.7? The PPPoE interface, pppoe-wan? Or one of the DS-lite interfaces, ds-wan4 or ds-wan6_4?
