I have a configuration that depends on support Linux network namespaces (netns) in OpenWRT. The namespaces feature is unfortunately something that cannot be loaded as a module. Would this be a reasonable feature to enable in the official builds?
CONFIG_KERNEL_NAMESPACES=y
CONFIG_KERNEL_NET_NS=y
The specific case that netns solves is: I have two routers in master-slave configuration. Both routers are configured with the same IP address. The master (OpenWRT) gets its IP address via DHCP from the ISP, then offers the same IP via DHCP to the slave.
While (to the best of my knowledge) this is not normally possible with Linux, but it can be done with namespaces.
An example manual configuration might look like the following. The slave router in this example would be plugged into a switch port on VLAN 101. Inbound ports can be forwarded to the slave device by redirecting them to 192.168.101.2 in OpenWRT.
GATEWAY=9.8.7.1
PUBLIC_IP=9.8.7.123
# Create a namespace and enable forwarding
ip netns add fakewan
ip netns exec fakewan sysctl -w net.ipv4.ip_forward=1
# Create VLAN device on eth0, and create a VETH pair so we can route
# to and from the "fakewan" namespace
vconfig add eth0 101
ip link add slave0 type veth peer name slave1
# Move the VLAN and one of the VETH devices into the fakewan namespace
ip link set slave1 netns fakewan
ip link set eth0.101 netns fakewan
# Bring the interfaces up
ifconfig slave0 192.168.101.1 netmask 255.255.255.0 up
ip netns exec fakewan ifconfig slave1 192.168.101.2 netmask 255.255.255.0 up
ip netns exec fakewan ifconfig eth0.101 $GATEWAY netmask 255.255.255.0 up
# Set up default route and NAT rules
ip netns exec fakewan ip route add default via 192.168.101.1
ip netns exec fakewan iptables -t nat -A POSTROUTING -o slave1 -j SNAT --to 192.168.101.2
ip netns exec fakewan iptables -t nat -A PREROUTING -d 192.168.101.2 -j DNAT --to-destination $PUBLIC_IP
I have this set up and fully automated with scripts I uploaded to github (https://github.com/Voltara/openwrt-fakewan), but it depends on custom-building OpenWRT with the requisite namespaces support. Although I can take care of myself in that regard, it's a potential barrier for others who might find this useful (i.e. anybody who has followed this guide http://www.dslreports.com/faq/16710 and would love to remove an unnecessary device from their network.)