Topic: Separating vlan0 and eth1 doesn't work ...

The content of this topic has been archived on 19 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Page 1 of 1

Post #1

coolbeansdude51

28 Jan 2008, 22:13

Hello wondering people,

Quick question for you.

I have installed on my WRT54GL Kamakize 7.09. Everything is working freakin awesome.

I just have a quick issue.

I am trying to separate my vlan0 from my eth1. Basically separate my lan from my wifi. But yet still have both of them connect to my wan. My lan and my wifi both need to still have DHCP on each ... I don't know if this is possible.

I am looking to see if someone connects to the wifi and then tries to access a computer on the lan it won't work. That is all I want.

I have read a ton on the forums but with no concrete answers. I saw the examples in the Documentation but I don't know if that will work for what I am looking for.

This is what I think will work ...

lan_ifname=vlan0
lan_proto=static
lan_ipaddr=192.168.1.25
lan_netmask=255.255.255.0
wifi_ifname=eth1
wifi_proto=static
wifi_ipaddr=192.168.2.25
wifi_netmask=255.255.255.0
wan_ifname=vlan1
wan_proto=dhcp
lan_ifnames=vlan0

Can some one please verify that this is correct.

Thank you.

Post #2

lucindrea

29 Jan 2008, 04:41

just poking around i found this http://wiki.openwrt.org/OpenWrtDocs/Kam … ultipleWan .. it's not 100% what you want , but it's allong the same basic idea and should be a good place to starts
i'm thinking your best bet is just to use the firewall to block the 2 vlans from talking to each other.

Post #3

coolbeansdude51

29 Jan 2008, 05:04

Hummm. Interesting. The thing is for this to work I am guessing I need two wan connections ... I don't have that.

Or am I mistaken?

Post #4

Wodin

29 Jan 2008, 07:54

coolbeansdude51 wrote:

lan_ifname=vlan0
lan_proto=static
lan_ipaddr=192.168.1.25
lan_netmask=255.255.255.0
wifi_ifname=eth1
wifi_proto=static
wifi_ipaddr=192.168.2.25
wifi_netmask=255.255.255.0
wan_ifname=vlan1
wan_proto=dhcp
lan_ifnames=vlan0

Can some one please verify that this is correct.

Thank you.

Kamikaze does not use nvram! It stores the network settings in /etc/config/network. You can either edit the files in /etc/config directly or run the uci command which is used similarly to the nvram command on White Russian.

See this for details:
http://downloads.openwrt.org/kamikaze/d … x1-70001.2

All you need to do is make sure your wifi is not bridged to your lan and then set up the firewall to not allow traffic between the two.

Post the contents of /etc/config/network and /etc/config/wireless.

Post #5

lucindrea

29 Jan 2008, 10:11

err .. i thought that stuff he put above WAS what he was planning on putting in /etc/config/network and wireless

Post #6

Wodin

29 Jan 2008, 16:06

lucindrea wrote:

err .. i thought that stuff he put above WAS what he was planning on putting in /etc/config/network and wireless

Well maybe, but it looks like he ran "nvram show" and then extracted those lines from it. It looks very different from "uci show" or "cat /etc/config/{network,wireless}"

Even if he meant what you thought he meant, it would have been better to write it in the format that was actually going to be used in /etc/config/network and /etc/config/wireless.

Post #7

coolbeansdude51

5 Feb 2008, 22:48

lol.

I like how you all are trying to figure out what I meant.

I stole the bit from the openwrt wiki for whiterussian.

SO ...

That code will work ...? Just use the kamikaze interface not the old whiterussian one right?

ALSO here is my uci show for ya:

dhcp.cfg1=dhcp
dhcp.cfg1.interface=lan
dhcp.cfg1.start=100
dhcp.cfg1.limit=150
dhcp.cfg1.leasetime=12h
dhcp.cfg2=dhcp
dhcp.cfg2.interface=wan
dhcp.cfg2.ignore=1
dropbear.cfg1=dropbear
dropbear.cfg1.TYPE=dropbear
dropbear.cfg1.PasswordAuth=on
dropbear.cfg1.Port=22
network.eth0=switch
network.eth0.vlan0=0 1 2 3 5*
network.eth0.vlan1=4 5
network.loopback=interface
network.loopback.ifname=lo
network.loopback.proto=static
network.loopback.ipaddr=127.0.0.1
network.loopback.netmask=255.0.0.0
network.lan=interface
network.lan.type=bridge
network.lan.ifname=eth0.0
network.lan.proto=static
network.lan.ipaddr=192.168.1.1
network.lan.netmask=255.255.255.0
network.wan=interface
network.wan.ifname=eth0.1
network.wan.proto=dhcp
qos.wan=interface
qos.wan.TYPE=interface
qos.wan.classgroup=Default
qos.wan.enabled=1
qos.wan.overhead=1
qos.wan.upload=266
qos.wan.download=7500
qos.cfg2=classify
qos.cfg2.TYPE=classify
qos.cfg2.target=Bulk
qos.cfg2.ipp2p=all
qos.cfg3=classify
qos.cfg3.target=Bulk
qos.cfg3.layer7=edonkey
qos.cfg4=classify
qos.cfg4.target=Bulk
qos.cfg4.layer7=bittorrent
qos.cfg5=classify
qos.cfg5.target=Priority
qos.cfg5.ports=22,53
qos.cfg6=classify
qos.cfg6.target=Normal
qos.cfg6.proto=tcp
qos.cfg6.ports=20,21,25,80,110,443,993,995
qos.cfg7=classify
qos.cfg7.target=Express
qos.cfg7.ports=5190
qos.cfg8=default
qos.cfg8.target=Express
qos.cfg8.proto=udp
qos.cfg8.pktsize=-500
qos.cfg9=reclassify
qos.cfg9.target=Priority
qos.cfg9.proto=icmp
qos.cfg10=default
qos.cfg10.target=Bulk
qos.cfg10.portrange=1024-65535
qos.cfg11=reclassify
qos.cfg11.target=Priority
qos.cfg11.proto=tcp
qos.cfg11.pktsize=-128
qos.cfg11.mark=!Bulk
qos.cfg11.tcpflags=SYN
qos.cfg12=reclassify
qos.cfg12.target=Priority
qos.cfg12.proto=tcp
qos.cfg12.pktsize=-128
qos.cfg12.mark=!Bulk
qos.cfg12.tcpflags=ACK
qos.Default=classgroup
qos.Default.classes=Priority Express Normal Bulk
qos.Default.default=Normal
qos.Priority=class
qos.Priority.packetsize=400
qos.Priority.maxsize=400
qos.Priority.avgrate=10
qos.Priority.priority=20
qos.Priority_down=class
qos.Priority_down.packetsize=1000
qos.Priority_down.avgrate=10
qos.Express=class
qos.Express.packetsize=1000
qos.Express.maxsize=800
qos.Express.avgrate=50
qos.Express.priority=10
qos.Normal=class
qos.Normal.packetsize=1500
qos.Normal.packetdelay=100
qos.Normal.avgrate=10
qos.Normal.priority=5
qos.Normal_down=class
qos.Normal_down.avgrate=20
qos.Bulk=class
qos.Bulk.avgrate=1
qos.Bulk.packetdelay=200
system.cfg1=system
system.cfg1.TYPE=system
system.cfg1.hostname=OpenWrt
wireless.wl0=wifi-device
wireless.wl0.type=broadcom
wireless.wl0.channel=11
wireless.cfg2=wifi-iface
wireless.cfg2.TYPE=wifi-iface
wireless.cfg2.device=wl0
wireless.cfg2.network=lan
wireless.cfg2.mode=ap
wireless.cfg2.ssid=TEST -- DO NOT CONNECT
wireless.cfg2.encryption=none

Thanks for the help!

PS. Like my ssid?? :-D

Post #8

Wodin

6 Feb 2008, 07:26

The general idea is that you do the following:

1.) Unbridge the LAN and Wifi. (Each will have its own IP address.)
2.) Tell dnsmasq to provide DNS/DHCP services on both the LAN and the Wifi interfaces.
3.) Prevent machines the LAN and the Wifi interfaces from talking to each other.

I see there's a page on the wiki with the details:

http://wiki.openwrt.org/OpenWrtDocs/Kam … idgedWiFi/

EDIT: No, the lan_ifname etc. nvram variables have no effect on Kamikaze.

(Last edited by Wodin on 6 Feb 2008, 07:29)

The discussion might have continued from here.

Page 1 of 1