I still think you will need a second MAC otherwise the dhcp server will just hand out your current lease for that mac.the way to get a second mac on your router is to use a macvlan device, you will need the associated packages.
I will try.
After adding a new interface named vl2, bridge to eth0.2 , using DHCP, it got the same public IP as
This is why you need a macvlan. Point the new wan to the macvlan device
My current WAN port config:
config interface 'wan' option ifname 'eth0.2' option proto 'dhcp' config device 'wan_eth0_2_dev' option name 'eth0.2' option macaddr 'xx:xx:xx:xx:xx:xx' config interface 'wan6' option ifname 'eth0.2' option proto 'dhcpv6'
How can I add a macvlan interface?
After installation of the macvlan kernel module, is a /etc/network restart enough or must reboot router?
you need to configure / create a macvlan device... I'm not sure the uci syntax:
suggests that you should do:
config device 'wan2' option name 'wan2' option type 'macvlan' option ifname 'eth0.2'
and then you can config a wan2 interface
config interface 'wan2' option ifname 'wan2' option proto 'dhcp'
I created two new macvlan device by
config device 'wanm2' option name 'wanm2' option type 'macvlan' option ifname 'eth0.2' config device 'wanm' option name 'wanm' option type 'macvlan' option ifname 'eth0.2'
I can get two different IPs from ISP using the new macvlan devices.
But NAT is not working for VLAN1 clients. I switched back to use eth0.2 directly while learning how to proceed from there.
There is no need to have 2 macvlans you can use eth0.2 directly for one IP, and the macvlan associated with it for the other.
Have you checked in LuCI to see if wanm2/wanm are allocated to WAN zone?
How about iptables-save dump especially the
*nat section does it properly setup nat between LAN/WAN?
I am setting up an old 4/32 device running 17.01.5 to serve WIFI access for my family member.
After that, my main router can free up more time slot for this testing.
Yes, one original and one macvlan is OK to get two DHCP IPs.
When I put the macvlan interface into the default WAN firewall zone, it still works for default VLAN1.
I created another VLAN3, with 192.168.2.0/24 subnet, into default firewall zone LAN, VLAN3 clients also can access internet.
Next step I want, is to make 192.168.2.0/24 clients to use macvlan public IP to go out. While 192.168.1.0/24 clients will use eth0.2 public IP.
I tried to create a pair of new zones WAN2 and LAN2 and put macvlan and vlan3 into them. Then neither of vlan1 nor vlan3 clients can reach internet.
Status update: Outgoing Traffics working
eth0.2 <> ISP uplink
eth0.1 <> LAN & Wifi2.4GHz + Wifi5GHz
Firewall Zones -
wan: WAN, WAN6,, WANv, WANv6
So I will keep using this configuration as a base and keep going from there.
My Next Target:
- Having two isolated groups, like:
Internet <> eth0.2 (wan zone) <> vlan1 (lan zone) <> wifi1
Internet <> veth2 (wanv zone) <> vlan3 (lanv zone) <> wifi3
- vlan1 and vlan3 can only access via Internet
- vlan1 only use public ip of eth0.2
- vlan3 only use public ip of veth2
Why veth? vrf/netns next?
I don't have special meaning in the inteface names.
I see one example use vethX for macvlan device, so I just use that.
What is the better name for macvlan devices I should use?
Yeah check this out. veth happens to be special.
that is a good read, thx a lot for the pointer.
How can I use virtual routers?
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.