Using Raspberry Pi as a router and forward traffic to public lan port

Hi!

I currently try to use my pi as a Wi-Fi router that bridges traffic to the LAN port but has its own subnet for the Wi-Fi with DHCP turned on. After installing OpenWrt and following some instructions from the wiki, I managed to bridge the LAN to Wi-Fi using this config:

/etc/config/network:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd66:dfac:efcc::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'

config interface 'lan'
	option device 'br-lan'
	option proto 'dhcp'
	option ip6assign '60'

/etc/config/wireless:

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/soc/3f300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'wifi'
	option encryption 'psk2'
	option key 'password'

Everything else from the config should be pretty much unchanged.

So what's the problem?

The LAN port the pi is connected to is provided by the operator of the accommodation, and I do not really know what it is. If I plug my laptop in directly, it assigns a public (yes, public) IP address to me via DHCP and I can use it. When starting a server on the laptop, it is directly reachable from the internet.

So after building my bridging solution with the pi, I now get a public IP for all devices that connect to the Wi-Fi. And I don't seem to have a firewall working (I cannot check as the PI has to use DHCP as the assigned IP really changes, and sometimes it is like 84.... and the next time I get something completely different. This was proofed using direct plugging with the laptop).

What do I have to change to get a private Wi-Fi network, as a stock router would set it up (with private IP range and DHCP server)? I simply want the pi to connect to the LAN as a DHCP Client, and then forward the traffic (though a firewall) to the private Wi-Fi network.

So in other words you need a conventional lan->wan router, and the WAN will be attached by Ethernet.

It would be best to start over with a default configuration, as what you need is very close to the default configuration.

Start by creating a wifi AP attached to the lan network. Disconnect your PC from Ethernet and log back in by wifi. Create a network interface named wan of proto dhcp (client) with its device the ethernet port. Remove the ethernet port from lan-- this means from then on you must use wifi to log into the Pi. The firewall is already set up if you name the network exactly wan. Plug the Ethernet port into the upstream network. The Pi will obtain one IP address and route all of your lan Internet requests out to it. All incoming connections on the wan port will be blocked by the default firewall.

Okay hey.

Eventhough I do not have a lot of experience with this, I think, I managed to set it up. The only thing I do not understand is: How do I

?

The weird thing is. My Phone reconnects (configured to use dhcp) to the new wi-fi and then has internet access. But it also has a public IP still.

However my laptop (also configured to use dhcp, not connected to the pi by cable) wants to connect, gets a local IP by the DHCP Server and has no internet access through the wi-fi.

Something has to be wrong....

(I do not understand, how OpenWRT is support to know that it shoud redirect the traffic from the wi-fi/lan to my wan interface that I created. Dont I need a bridge or other "connection" for that - to say the system it should route all internet traffic from one interface to another?)

Thanks and regards

Jonas

Okay never mind.

You meant to remove the Ethernet device from the bridge. I did that and everything works.

I honestly do not know how this all works. This is black magic to me. So thank you very much for your help.

Jonas

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.