Hi,
I have the following situation: A network consisting of several computers (connected together using a simple Ethernet switch) is connected to a WRT54GL v1.1 unit running Kamikaze, which is in turn connected via a cross-linked cable to a DSL modem for Internet access. The WAN link is a PPPoE connection over the DSL line.
The link to the LAN is via eth0.0, the link to the DSL modem is via eth0.1 and the PPPoE connection is ppp0.

Now here's the problem - The DSL modem has a configuration interface which I'd like to be able to access from the network without rewiring. Unfortunately when OpenWRT is configured for Internet access, all traffic is automatically sent to ppp0 (the PPPoE connection) and I cannot access the DSL modem's IP address.
I attempted connecting the DSL modem to a LAN port and initiating the PPPoE connection over eth0.0. The PPPoE connection is indeed launched but then the LAN connection is dropped.

Can anyone devise a configuration / modification which will allow access to the DSL modem's IP address?

Thanks!

/etc/config/network

config 'switch' 'eth0'
    option 'enable' '1'
    option 'reset' '1'
    option 'enable_vlan' '1'

config 'switch_vlan'
    option 'device' 'eth0'
    option 'vlan' '0'
    option 'ports' '0 1 2 3 4 5*'

config 'switch_vlan'
    option 'device' 'eth0'
    option 'vlan' '1'
    option 'ports' '4 5t'

config 'interface' 'lan'
    option 'type' 'bridge'
    option 'ifname' 'eth0.0'
    option 'proto' 'static'
    option 'ipaddr' '192.168.1.2'    # Do not conflic with DSL modem's management ip
    option 'netmask' '255.255.255.0'

config 'interface' 'wan'
    option 'ifname' 'eth0.1'
    option 'proto' 'pppoe'
    option 'username' 'USERNAME@YOURDOMAIN.COM'
    option 'password' 'PASSWORD'
    option 'keepalive' '3'
    option 'defaultroute' '1'
    option 'ppp_redial' 'persist'
    option 'persist'

Or try the following method which doesn't create vlans.
OpenWrt / lan and wan on one ethernet port with vlan

(Last edited by fyi on 6 Sep 2010, 03:27)

You most likely need an alias IP on your WAN configured to the subnet used by your modem admin iface (usually 10.10.10.10 or something similar).

Create an alias for wan in /etc/config/network:

config alias modem
  option proto static
  option ipaddr 10.10.10.20
  option netmask 255.255.255.0
  option layer 1

This should spawn a new interface eth0.1:1 with 10.10.10.20/255.255.255.0 .

Finally you need to masquerade traffic leaving that iface, in /etc/firewall.user add:

iptables -t nat -I POSTROUTING -o eth0.1 -d 10.10.10.10 -j MASQUERADE

Obviously you need to change 10.10.10.10/10.10.10.20 to wahtever your modem uses for its management interface.

Doing routing is much easier. Please ignore what I had mentioned.

Eventually I combined several of your suggestions together to get to the needed result:
- Moved the DSL modem from the Internet port to a LAN port on the WRT.
- Changed the ifname of the wan interface to 'br-lan'
- Added these lines to /etc/rc.local

ifup wan
ifconfig br-lan 192.168.1.1 netmask 255.255.255.0

Seems to be working now.

I wouldn't want the modem on the internal network, where everybody can reach it ...
What I did was:

/sbin/route add -host 192.168.1.1 eth1
/usr/sbin/iptables -t nat -I POSTROUTING 1 -o eth1 -j MASQUERADE

The modem being 192.168.1.1 and the wan port on eth1. The lan is 192.168.1.0/24, on br-lan = eth0 + wlan.

Since the router is difficult to get at I haven't tried to mess with the interfaces via uci, but that shouldn't be too difficult.

Through it works, it's not the correct solution, nor is it the best solution.

To be honest, I'm still a newbie to Linux and vlan is the only way I know. You should listen to others and learn the correct solutions.

jow is right
The easiest way to do this using SNAT

should be added to the file /etc/firewall.user

ifconfig eth0.1 10.10.10.20
iptables -t nat -I postrouting_rule -s 192.168.1.0/24 -d 10.10.10.10 -j SNAT --to 10.10.10.20
iptables -I zone_lan_forward -s 192.168.1.0/24 -d 10.10.10.10 -j ACCEPT

and enough is enough

@jow:
I questioned as to the configuration alias

config 'alias'
option 'interface' 'lan'
option 'proto' 'static'
option 'ipaddr' '192.168.100.1'
option 'netmask' '255.255.255.0'
option 'layer'    '1'

We will create an alias eth0.0:1
Where are the lan bridge interfaces: eth0.0+wlan0
How to make an alias just for the interface wlan0? I want to create an alias wlan0:1
I do not want to create an alias for eth0.0

(Last edited by rpc on 13 Sep 2010, 23:30)

i got nearly the same setup than NiQ - my cable modem hands out and official ip via dhcp, but got an admin interface on 192.168.100.1 - so i tried jow's solution (backfire 10.03.1-rc3 atheros)

first of all, the "config alias modem" has no effect. adding this to /etc/config/network brings up no further interface for me. i ask myself, how the network script should know what to add: eth0.1:1 or eth0.2:1 - so i removed it again

even without the alias interface, i can ping 192.168.100.1 from the router. i wonder if this is some kind of dhcp-magic that is done, when the router requests the external ip from the cable modem. "route -n" and "ifconfig -a" dont mention anything about a 192.168 subnet. traceroute finds its way directly to 192.168.100.1 - not routed via the external ip

anyways, the firewall rule works, and i can access the web interface from a lan-client.

stupid question: why must it be "-o eth0.1" instead of "-o eth0.2" - the cable modem is connected to eth0.2

jow missed one line:

config alias modem
  option interface wan
  option proto static
  option ipaddr 10.10.10.20
  option netmask 255.255.255.0
  option layer 1