Using router as bridge, clients have internet access but not router

I'm currently running OpenWRT on a TP-Link wireless router ( Model: TP-Link TL-WR1043N/ND v1, Firmware Version: OpenWrt 18.06.1 r7258-5eb055306f / LuCI openwrt-18.06 branch (git-18.228.31946-f64b152)), setup to act as a bridge rather than a router. Specifically, I have a cable run from the main internet gateway to a LAN port on the router, rather than the WAN port, and I have DHCP disabled on the LAN interface, so both wired & wireless clients get their IP from the main gateway instead of from the router. The gateway's IP is 192.168.99.1, so I gave the router the IP 192.168.99.2 so I could still access it, without it being used as the gateway.

It's probably easiest if I describe the issue that causes first (then go into why I have the network setup that way & why the typical/obvious solutions won't work). With that setup, all of the clients have internet access - but not the router itself. In other words, if I SSH into the router & try to "ping google.com," it fails - ditto if I try run a ping or tracert from the network diagnostics in the web interface. And the main issue this causes is that I can't use the package installer (because the router needs to be able to connect to the internet to fetch the packages) - unless I find the .ipkg file, download it, then transfer it to the router via SCP, then install it that way.

As for why I have things setup that way, there are two main reasons. First is that I'm on a "rural high-speed" WiMax-based provider, and the "gateway" they provide is literally just the PPoE injector that runs from/to the antenna (AKA a single ethernet cable, with an AC adapter hanging off it to send power to the antenna). So I can't just plugin to the gateway directly, unless I limit myself to one wired client, and a separate router/AP is needed if I want wifi. And with the router itself, it appears to have a dead WAN port - so I can't just switch the cable over to the WAN port & re-enable DHCP on the router.

I assume that it's just a matter of configuring OpenWRT on the router to use the LAN port for its own internet connection, rather than the WAN port, but I haven't been able to figure out how to do that. I've tried configuring the LAN interface to use the gateway's IP as the IPV4 gateway, and entering the gateway's IP in the "use custom DNS servers" field, but neither seemed to make a difference. Any suggestions?

In that type of network, you need to set the "gateway" and "dns" settings in the LAN configuration so the router OS knows how to find the Internet and look up names respectively. The gateway is the ISP's device (CPE) at 192.168.99.1. That also usually works for DNS, if not use a public DNS (e.g. 8.8.8.8) or look at one of your DHCP'd clients and use what the CPE issued to it.

The CPE is your router now, and you're using the 1043 in a "dumb AP" role. There's nothing wrong with that other than that you are limited in configuration, and you have to trust their firewall.

You can work around dead hardware ports by reconfiguring the VLANs in the switch so that one of the LAN ports can work as an independent WAN port.

Re: " That also usually works for DNS, if not use a public DNS (e.g. 8.8.8.8) or look at one of your DHCP'd clients and use what the CPE issued to it."

Looks like I'm a dumbass and it was the DNS part that did it - shortly after posting (isn't that always the way?), it occurred to me to try using my ISP's DNS server IPs, and that seemed to do the trick.

Re: "You can work around dead hardware ports by reconfiguring the VLANs in the switch so that one of the LAN ports can work as an independent WAN port."

Now THAT is something I'd be interested in doing. One of the limitations of having the dead WAN port is that I can't do things like setup static DHCP leases, etc. Is there documentation on how to do that?

Go into network/switch
Then select the lan port you’d like to reconfigure as wan port and set it to off in vlan 1 line and untagged in vlan 2. Save and apply and you’re done. This is based on a standard openwrt setup. Good luck.

degeulars - excellent, thanks, that worked perfectly! The only quirk I ran into is that, under wireless settings, I needed to select a network (otherwise client connected over wifi weren't getting an IP).

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.