My Dad is running OpenWrt on a Netgear Nighthawek R7800 and the main subnet is 192.168.0.1.
I want to connect a Proxmox server that will run a few things, including Frigate NVR, using the subnet 10.10.55.1. The server will be connected to the router via LAN and the cameras may be connected via LAN or WiFi.
I've created an additional SSID for "Server" with a DHCP server on 10.10.55.1, so the cameras can connect to that and be able to communicate with the server, but not to the Internet or devices on the other subnet.
I've set a static IP of 10.10.55.198 on the server, and the containers and VMs will all use addresses on that subnet, but will that work OK when it is connected to one of the LAN ports, despite the DHCP server that is associated with those ports being on 192.168.0.1, or will I need to separate that port from the others and assign it to the 10.10.55.1 subnet?
You should assign that same network to one of the Ethernet ports. This is usually pretty easy to do.
Which physical port will you use for this?
And let's see the config:
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
Thanks, I'm going over there today so I'll post the config later.
He has one of the ports connected to the living room where the server will go, so I'll check which port it is.
I was hoping to also connect a Raspberry Pi upstairs on this subnet, but I'll put it downstairs with the server for now. It's an old RPi B rev 2 so it doesn't have WiFi, but I might have a spare RPi 3 I can replace it with sometime and then I can put it upstairs and connect it via WiFi to the Server SSID.
Here's the config files. Port 4 is the one connected to the living room.
ubus
{
"kernel": "5.15.120",
"hostname": "OpenWrt",
"system": "ARMv7 Processor rev 0 (v7l)",
"model": "Netgear Nighthawk X4S R7800",
"board_name": "netgear,r7800",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "SNAPSHOT",
"revision": "r23580+21-b993a00b82",
"target": "ipq806x/generic",
"description": "OpenWrt SNAPSHOT r23580+21-b993a00b82"
}
}
Network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'x'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
option broadcast '1'
option type 'bridge'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 6t'
option vid '1'
option description 'LAN'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t 5'
option vid '2'
option description 'WAN'
config interface 'IoT_WAN'
option proto 'static'
option ipaddr '10.10.60.1'
option netmask '255.255.255.0'
option device 'br-iot'
config device
option type 'bridge'
option name 'br-iot'
option bridge_empty '1'
config interface 'SRVLAN'
option proto 'static'
option device 'br-srv'
option ipaddr '10.10.55.0'
option netmask '255.255.255.0'
config device
option type 'bridge'
option name 'br-srv'
option bridge_empty '1'
config interface 'guest'
option proto 'static'
option device 'br-guest'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
list dns '1.1.1.1'
config device
option type 'bridge'
option name 'br-guest'
option bridge_empty '1'
Wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
option channel '161'
option band '5g'
option htmode 'VHT80'
option cell_density '0'
option txpower '27'
option country 'GB'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'Visuals'
option encryption 'sae-mixed'
option key 'x'
config wifi-device 'radio1'
option type 'mac80211'
option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
option channel '8'
option band '2g'
option cell_density '0'
option country 'GB'
option htmode 'HT40'
config wifi-iface 'default_radio1'
option device 'radio1'
option mode 'ap'
option ssid 'Visuals-IoT-LAN'
option encryption 'psk2'
option key 'x'
option disabled '1'
config wifi-iface 'wifinet2'
option device 'radio1'
option mode 'ap'
option ssid 'Visuals-Guest'
option encryption 'psk2'
option isolate '1'
option key 'x'
option network 'guest'
config wifi-iface 'wifinet3'
option device 'radio1'
option mode 'ap'
option ssid 'Visuals-24G'
option encryption 'psk2'
option key 'x'
option network 'lan'
config wifi-iface 'wifinet4'
option device 'radio1'
option mode 'ap'
option ssid 'Visuals-IoT'
option encryption 'psk2'
option network 'lan'
option key 'x'
config wifi-iface 'wifinet5'
option device 'radio0'
option mode 'ap'
option ssid 'Visuals-IoT-5G'
option encryption 'sae-mixed'
option key 'x'
option disabled '1'
option isolate '1'
config wifi-iface 'wifinet6'
option device 'radio1'
option mode 'ap'
option ssid 'Visuals-X'
option encryption 'psk2'
option key 'x'
option network 'lan'
config wifi-iface 'wifinet7'
option device 'radio1'
option mode 'ap'
option ssid 'Visuals-SRV'
option encryption 'psk2'
option network 'SRVLAN'
option key 'x'
DHCP
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
option confdir '/tmp/dnsmasq.d'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option start '100'
option limit '150'
option leasetime '12h'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'IoT_WAN'
option interface 'IoT_WAN'
option start '100'
option limit '50'
option leasetime '12h'
option dhcpv4 'server'
config host
option name 'Mums-i5'
option dns '1'
option mac 'x'
option ip '192.168.1.101'
config host
option name 'Dads-PC'
option dns '1'
option mac 'x'
option ip '192.168.1.100'
config host
option name 'Wiser-Hub'
option dns '1'
option mac 'x'
option ip '192.168.1.136'
config host
option name 'Wyze-1'
option dns '1'
option mac 'x'
option ip '192.168.1.195'
config host
option name 'Wyze-2'
option dns '1'
option mac 'x'
option ip '192.168.1.118'
config host
option name 'Wyze-3'
option dns '1'
option mac 'x'
option ip '192.168.1.158'
config host
option name 'KASA-KP303-PlugStrip'
option dns '1'
option mac 'x
option ip '192.168.1.198'
config host
option name 'Tapo-P110-Plug'
option dns '1'
option mac 'x'
option ip '192.168.1.160'
config host
option name 'Tapo-L900-Lightstrip'
option dns '1'
option mac 'x'
option ip '192.168.1.191'
config host
option name 'TPLink-HS100-Plug'
option dns '1'
option mac 'x'
option ip '192.168.1.147'
config host
option name 'TP-Link-HS100-Plug-2'
option dns '1'
option mac 'x'
option ip '192.168.1.140'
config dhcp 'SRVLAN'
option interface 'SRVLAN'
option start '250'
option limit '3'
option leasetime '12h'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '12h'
Firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'nss_ecm'
option type 'script'
option path '/etc/firewall.d/qca-nss-ecm'
option family 'any'
option reload '1'
config zone
option name 'Guest'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'guest'
config zone
option name 'IoT_WAN'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'IoT_WAN'
config forwarding
option src 'IoT_WAN'
option dest 'wan'
config forwarding
option src 'lan'
option dest 'IoT_WAN'
config zone
option name 'IoT'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config rule
option name 'Guest DNS'
option src 'Guest'
option dest_port '53'
option target 'ACCEPT'
config forwarding
option src 'lan'
option dest 'IoT'
config rule
option name 'IoT DNS'
option src 'IoT'
option target 'ACCEPT'
option dest_port '53'
config rule
option name 'IoT-WAN DNS'
option src 'IoT_WAN'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'allow_forward'
option src 'wan'
list src_ip '192.168.0.0/16'
list src_ip '10.0.0.0/8'
option dest '*'
option target 'ACCEPT'
config rule
option name 'Allow-Admin'
list proto 'tcp'
option src 'wan'
option dest_port '20 80 443'
option target 'ACCEPT'
config zone
option name 'SRVLAN'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'SRVLAN'
config forwarding
option src 'SRVLAN'
option dest 'wan'
config forwarding
option src 'IoT'
option dest 'SRVLAN'
config forwarding
option src 'lan'
option dest 'SRVLAN'
config forwarding
option src 'Guest'
option dest 'wan'
config rule
option name 'Guest DHCP'
list proto 'udp'
option src 'Guest'
option dest_port '67'
option target 'ACCEPT'
config rule
option name 'IoT DHCP'
list proto 'udp'
option src 'IoT'
option dest_port '67'
option target 'ACCEPT'
config rule
option name 'IoT-WIN DHCP'
list proto 'udp'
option src 'IoT_WAN'
option dest_port '67'
option target 'ACCEPT'
Where did this come from?
You might want to consider first upgrading to the latest:
When I go to upgrade it says:
"Image check failed:
Sun Jun 15 19:15:35 BST 2025 upgrade: The device is supported, but the config is incompatible to the new image (1.0->1.1). Please upgrade without keeping config (sysupgrade -n). Sun Jun 15 19:15:35 BST 2025 upgrade: Config cannot be migrated from swconfig to DSA Image check failed."
Does that mean it will reset to the default config if I upgrade? I'm just a bit nervous that I'll lose all connectivity and be unable to get the LAN and WiFi all working again before I have to go home.
Yes, it will reset everything to defaults. Wifi will be disabled so you'll need to connect via ethernet.
Recreating the config should take ~10 minutes. And you can actually make a backup and restore the dhcp and firewall files (do this manually, don't restore the whole thing -- just extract those two files from the backup archive).
OK, that was relatively straightforward. With the new firmware, it was a bit easier to understand how to assign the ports, and you'll see in the network config I've assigned lan1-3 to br-lan and lan4 to br-srv. I also added a firewall rule to allow DNS traffic on port 53 from SRVLAN.
ubus
{
"kernel": "6.6.86",
"hostname": "OpenWrt",
"system": "ARMv7 Processor rev 0 (v7l)",
"model": "Netgear Nighthawk X4S R7800",
"board_name": "netgear,r7800",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "24.10.1",
"revision": "r28597-0425664679",
"target": "ipq806x/generic",
"description": "OpenWrt 24.10.1 r28597-0425664679",
"builddate": "1744562312"
}
}
Network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'x'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
config device
option type 'bridge'
option name 'br-guest'
config device
option type 'bridge'
option name 'br-iot'
config device
option type 'bridge'
option name 'br-srv'
list ports 'lan4'
config interface 'srv_lan'
option proto 'static'
option device 'br-srv'
option ipaddr '10.10.55.1'
option netmask '255.255.255.0'
config interface 'guest'
option proto 'static'
option device 'br-guest'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
Wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
option band '2g'
option channel '1'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'Visuals-X'
option encryption 'psk2'
option key 'x'
config wifi-device 'radio1'
option type 'mac80211'
option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
option band '5g'
option channel '36'
option htmode 'VHT80'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'Visuals'
option encryption 'sae-mixed'
option key 'x'
option ocv '0'
config wifi-iface 'wifinet2'
option device 'radio1'
option mode 'ap'
option ssid 'Visuals-SRV'
option encryption 'sae-mixed'
option key 'x'
option ocv '0'
option network 'srv_lan'
config wifi-iface 'wifinet3'
option device 'radio0'
option mode 'ap'
option ssid 'Visuals-Guest'
option encryption 'sae-mixed'
option key 'x'
option ocv '0'
option network 'guest'
config wifi-iface 'wifinet4'
option device 'radio0'
option mode 'ap'
option ssid 'Visuals-24G'
option encryption 'sae-mixed'
option key 'x'
option ocv '0'
option network 'lan'
config wifi-iface 'wifinet5'
option device 'radio0'
option mode 'ap'
option ssid 'Visuals-IoT'
option encryption 'sae-mixed'
option key 'x'
option ocv '0'
option network 'lan'
DHCP
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
option confdir '/tmp/dnsmasq.d'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option start '100'
option limit '150'
option leasetime '12h'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'IoT_WAN'
option interface 'IoT_WAN'
option start '100'
option limit '50'
option leasetime '12h'
option dhcpv4 'server'
config host
option name 'Mums-i5'
option dns '1'
option mac 'x'
option ip '192.168.1.101'
config host
option name 'Dads-PC'
option dns '1'
option mac 'x'
option ip '192.168.1.100'
config host
option name 'Wiser-Hub'
option dns '1'
option mac 'x'
option ip '192.168.1.136'
config host
option name 'Wyze-1'
option dns '1'
option mac 'x'
option ip '192.168.1.195'
config host
option name 'Wyze-2'
option dns '1'
option mac 'x'
option ip '192.168.1.118'
config host
option name 'Wyze-3'
option dns '1'
option mac 'x'
option ip '192.168.1.158'
config host
option name 'KASA-KP303-PlugStrip'
option dns '1'
option mac 'x'
option ip '192.168.1.198'
config host
option name 'Tapo-P110-Plug'
option dns '1'
option mac 'x'
option ip '192.168.1.160'
config host
option name 'Tapo-L900-Lightstrip'
option dns '1'
option mac 'x'
option ip '192.168.1.191'
config host
option name 'TPLink-HS100-Plug'
option dns '1'
option mac 'x'
option ip '192.168.1.147'
config host
option name 'TP-Link-HS100-Plug-2'
option dns '1'
option mac 'x'
option ip '192.168.1.140'
config dhcp 'SRVLAN'
option interface 'SRVLAN'
option start '250'
option limit '3'
option leasetime '12h'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'srv_lan'
option interface 'srv_lan'
option start '200'
option limit '10'
option leasetime '12h'
Firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'nss_ecm'
option type 'script'
option path '/etc/firewall.d/qca-nss-ecm'
option family 'any'
option reload '1'
config zone
option name 'Guest'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'guest'
config zone
option name 'IoT_WAN'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'IoT_WAN'
config forwarding
option src 'IoT_WAN'
option dest 'wan'
config forwarding
option src 'lan'
option dest 'IoT_WAN'
config zone
option name 'IoT'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config rule
option name 'Guest DNS'
option src 'Guest'
option dest_port '53'
option target 'ACCEPT'
config forwarding
option src 'lan'
option dest 'IoT'
config rule
option name 'IoT DNS'
option src 'IoT'
option target 'ACCEPT'
option dest_port '53'
config rule
option name 'IoT-WAN DNS'
option src 'IoT_WAN'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'allow_forward'
option src 'wan'
list src_ip '192.168.0.0/16'
list src_ip '10.0.0.0/8'
option dest '*'
option target 'ACCEPT'
config rule
option name 'Allow-Admin'
list proto 'tcp'
option src 'wan'
option dest_port '20 80 443'
option target 'ACCEPT'
config zone
option name 'SRVLAN'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'SRVLAN'
list network 'srv_lan'
config forwarding
option src 'SRVLAN'
option dest 'wan'
config forwarding
option src 'IoT'
option dest 'SRVLAN'
config forwarding
option src 'lan'
option dest 'SRVLAN'
config forwarding
option src 'Guest'
option dest 'wan'
config rule
option name 'Guest DHCP'
list proto 'udp'
option src 'Guest'
option dest_port '67'
option target 'ACCEPT'
config rule
option name 'IoT DHCP'
list proto 'udp'
option src 'IoT'
option dest_port '67'
option target 'ACCEPT'
config rule
option name 'IoT-WIN DHCP'
list proto 'udp'
option src 'IoT_WAN'
option dest_port '67'
option target 'ACCEPT'
config rule
option src 'SRVLAN'
option dest_port '53'
option target 'ACCEPT'
option name 'SRV DNS'
I'm having a problem with my Wiser Hub after doing this upgrade.
EDIT: Never mind, it seems to have fixed itself now.
Does my config look correct now to allow port 4 to be used for the 10.10.55.1 subnet and to provide DHCP on that subnet for the LAN and the WiFi SSID associated with it?
Just to add, I will need to allow traffic between the 192.160.0.1 and 10.10.55.1 subnets, because my Dad needs to access the server from his PC and laptop, and it will need to send and receive data to IoT devices like the Echo Show, and power usage monitoring devices for Home Assistant, so please let me know if my current config needs to be changed to allow that.