Hello @brada4.
Thank you for your interest and assistance.
I forgot to mention but I've already tried to use the ISP STB on the ARCH ROUTER, and couldn't actually make it. So I was directing all my efforts to that front, actually.
The OpenWrt on which I intend to connect the aforementioned STB has this information required by yourself. (I think) I have redacted the sensitive information. Please warn me if otherwise:
ubus call system board
{
"kernel": "5.15.162",
"hostname": "asusrouter",
"system": "ARMv8 Processor rev 4",
"model": "ASUS TUF-AX4200",
"board_name": "asus,tuf-ax4200",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.4",
"revision": "r24012-d8dd03c46f",
"target": "mediatek/filogic",
"description": "OpenWrt 23.05.4 r24012-d8dd03c46f"
}
}
cat /etc/config/network
:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd77:81ad:7161::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
option bridge_empty '1'
option igmp_snooping '1'
option igmpversion '3'
config device
option name 'lan1'
option macaddr 'redacted'
config device
option name 'lan2'
option macaddr 'redacted'
config device
option name 'lan3'
option macaddr 'redacted'
config device
option name 'lan4'
option macaddr 'redacted'
option igmpversion '3'
config interface 'lan'
option device 'br-lan.1'
option proto 'static'
option ipaddr '10.0.1.40'
option netmask '255.255.255.0'
option ip6assign '60'
option gateway '10.0.1.16'
list dns '10.0.1.16'
list dns '1.1.1.1'
config device
option name 'eth1'
option macaddr 'redacted'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'eth1'
list ports 'lan1'
list ports 'lan2'
config bridge-vlan
option device 'br-lan'
option vlan '20'
list ports 'eth1:t'
list ports 'lan3'
config bridge-vlan
option device 'br-lan'
option vlan '30'
list ports 'eth1:t'
config interface 'iot'
option proto 'static'
option device 'br-lan.20'
option ipaddr '10.0.20.40'
option netmask '255.255.255.0'
option gateway '10.0.20.16'
list dns '10.0.20.16'
list dns '1.1.1.1'
option ip6assign '64'
config interface 'guest'
option proto 'static'
option device 'br-lan.30'
option ipaddr '10.0.30.40'
option netmask '255.255.255.0'
option gateway '10.0.30.16'
list dns '10.0.30.16'
list dns '1.1.1.1'
option ip6assign '64'
config device
option name 'br-lan.20'
option type '8021q'
option ifname 'br-lan'
option vid '20'
option multicast '1'
config bridge-vlan
option device 'br-lan'
option vlan '40'
list ports 'eth1:t'
list ports 'lan4'
config interface 'iptv'
option proto 'static'
option device 'br-lan.40'
option ipaddr '10.0.40.40'
option netmask '255.255.255.0'
option gateway '10.0.40.16'
list dns '10.0.40.16'
list dns '1.1.1.1'
option ip6assign '64'
config device
option name 'br-lan.40'
option type '8021q'
option ifname 'br-lan'
option vid '40'
option igmpversion '3'
cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/18000000.wifi'
option channel 'auto'
option band '2g'
option htmode 'HT20'
option cell_density '0'
option disabled '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'redacted'
option encryption 'psk2+tkip+ccmp'
option key 'redacted'
option disabled '1'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc/18000000.wifi+1'
option channel '36'
option band '5g'
option htmode 'VHT80'
option cell_density '0'
option country 'PT'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'redacted'
option encryption 'psk2+ccmp'
option key 'redacted'
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'redacted'
option encryption 'psk2+tkip+ccmp'
option key 'redacted'
option network 'iot'
option disabled '1'
config wifi-iface 'wifinet3'
option device 'radio1'
option mode 'ap'
option ssid 'redacted'
option encryption 'psk2+tkip+ccmp'
option key 'redacted'
option network 'iot'
config wifi-iface 'wifinet5'
option device 'radio0'
option mode 'ap'
option ssid 'redacted'
option encryption 'psk2+tkip+ccmp'
option key 'redacted'
option network 'guest'
option disabled '1'
config wifi-iface 'wifinet6'
option device 'radio1'
option mode 'ap'
option ssid 'redacted'
option encryption 'psk2+tkip+ccmp'
option key 'redacted'
option network 'guest'
cat /etc/config/dhcp
:
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'iot'
option interface 'iot'
option start '100'
option limit '150'
option leasetime '12h'
option ignore '1'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '12h'
option ignore '1'
config dhcp 'iptv'
option interface 'iptv'
option start '100'
option limit '150'
option leasetime '12h'
option ignore '1'
cat /etc/config/firewall
:
config defaults
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'iot'
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
list network 'iot'
config zone
option name 'guest'
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
list network 'guest'
config forwarding
option src 'lan'
option dest 'guest'
config forwarding
option src 'lan'
option dest 'iot'
config forwarding
option src 'guest'
option dest 'wan'
config forwarding
option src 'iot'
option dest 'wan'
config rule
option name 'iot dns'
option src 'iot'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'guest dns'
option src 'guest'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'iot dhcp'
list proto 'udp'
option src 'iot'
option dest_port '67 68'
option target 'ACCEPT'
config rule
option name 'guest dhcp'
option src 'guest'
option dest_port '67 68'
option target 'ACCEPT'
list proto 'udp'
config zone
option name 'iptv'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'iptv'
option masq '1'
config rule
option name 'iptv dns'
option src 'iptv'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'iptv dhcp'
option src 'iptv'
option dest_port '67 68'
option target 'ACCEPT'
list proto 'udp'
config forwarding
option src 'iptv'
option dest 'wan'
config forwarding
option src 'wan'
option dest 'iptv'
Thank you.