OpenWrt Forum Archive

Hello all,

I recently bought an ASUS WL500. Replacing the original firmware with OpenWRT was no problem. Thanks to all developers that work on this project.

For the time being, I just installed it behind my other router that is doing PPPOE, so the WAN is just using DHCP.

My next goal is to setup some sort of DMZ. I want to isolate one port so that a machine on that port cannot access the machines on the other ports, but still can access the WAN. It's not necessary that this isolated port can be reached from the internet, so it's no real DMZ setup.

I have gone through great parts of the documentation that deal with VLAN, tagging and so on. I found the following two tutorials, that deal more or less with the subject:
http://wiki.openwrt.org/DemilitarizedZoneHowto
http://wiki.openwrt.org/OpenWrtDocs/NetworkInterfaces

The latter deals with an ASUS WL500, so I thought it should be easy to setup. But up to now I failed.

I wanted to make the setup step by step and verify each step to see if it really works. I installed tcpdump and iptraf to have an overview what is going on on the network interfaces. Between each configuration step, I save the config to NVRAM and reset the router.

My problem is that after a bootup, I never see any traffic on the vlan2 interface.

Is that intentional? I thought that when I have setup the vlan2 interface and connected a machine to the port I specified, I could see that the packets will flow through vlan2. But they don't, they keep getting through eth0.

Even if I ping the address that is assigned to the vlan2 interface, the packets are accounted for eth0, not for the vlan2.

From my understanding setting up any iptables rules will not work if the packets don't traverse the right interface.

My current setup looks like this and is not changed that much from the original settings:

vlan0hwname=et0
vlan0ports=2 3 4 5*
vlan1hwname=et0
vlan1ports=0 5
vlan2hwname=et0
vlan2ports=1 5

wan_device=vlan1
wan_dhcp_lease=
wan_dhcp_num=
wan_dhcp_start=
wan_hostname=OpenWrt
wan_ifname=eth1
wan_proto=dhcp

lan_ifname=br0
lan_ifnames=eth0 eth2
lan_ipaddr=192.168.1.1
lan_netmask=255.255.255.0
lan_proto=static

dmz_ifname=vlan2
dmz_ifnames=vlan2
dmz_ipaddr=192.168.3.1
dmz_netmask=255.255.255.0
dmz_proto=static

One thing that irritates my as a newbie is, that the second tutorial says that I should set "wan_ifname=vlan1". Now I'm wondering what the difference between a ifname and a device is. If I set it as suggested, my WAN stops working.

I'm lost now.