Getting crazy while trying to create 2nd subnet

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
MaxKraft
DD-WRT Novice


Joined: 12 Feb 2018
Posts: 3
Location: Germany

PostPosted: Tue Feb 13, 2018 21:49    Post subject: Getting crazy while trying to create 2nd subnet Reply with quote
Hi all,
I am getting crazy while trying to reach my goal. My setting is:

I've got a main router with stock firmare, which serves DHCP, DNS and everything else in my Home-LAN (192.168.1.x). Now i want to install a second router running DD-WRT which shall be connected to my Home-LAN on LAN-Port 1 and it shall make a second LAN (192.168.2.x) on LAN-Port 3+4. At the end the second LAN shall not be able to access my Home-LAN but shall be accessible from the Home-LAN.

I am creating vlans and bridges as hell but i don't get it working. So back to factory defaults and doing it step by step. In my opinion I have to do this:

Preparation:
- Change operating mode from gateway to router
- Disable DHCP-server
- Disable wlan

1. Create a new VLAN3 beside the existing VLAN1:
Code:
nvram set vlan3hwname=et0

Result:
Code:
nvram show | grep vlan.hwname
vlan1hwname=et0
vlan3hwname=et0


2. Move port 3+4 to vlan3:
Code:
nvram set port3vlans="3 18 19"
nvram set port4vlans="3 18 19"


Result:
Code:
nvram show | grep port.vlans | sort
port0vlans=1
port1vlans="1 18 19"
port2vlans="1 18 19"
port3vlans="3 18 19"
port4vlans="3 18 19"
port5vlans=0 1 16


3. Create a new bridge br1 using web-gui and assign ip-address 192.168.2.1/24. Done.
Result:
Code:
nvram show | grep br1_ | grep -v wl
br1_netmask=255.255.255.0
br1_mtu=1500
br1_label=
br1_dns_ipaddr=0.0.0.0
br1_multicast=0
br1_ipaddr=192.168.2.1
br1_mcast=0
br1_isolation=1
br1_dns_redirect=0


But now? How do i assign my new vlan3 to that bridge? If i press "Add" at "Assign to bridge" i can only assign interface eth0+1+2 to that bridge. But eth0+1+2 aren't my physical lan ports, right?
Furthermore my laptop on lan port 4 is still getting a dhcp-ip-address (192.168.1.x) from my main router which should not work, because lan port 3+4 are configured as vlan3.
What to do now?
Sponsor
slice1900
DD-WRT User


Joined: 18 Feb 2013
Posts: 99

PostPosted: Tue Feb 13, 2018 22:16    Post subject: Reply with quote
If all you want is a second LAN you don't need to mess with bridging or VLANs. Connect the second router's WAN port to one of the first router's LAN ports, configured to get its WAN IP via DHCP, set its LAN port to 192.168.2.1.

The second router itself (i.e. from the shell) would be able to access the 192.168.1.x subnet but devices connected to the second router would have no access to 192.168.1.x. Devices on 192.168.1.x would likewise not have access to 192.168.2.x. If you need that you can set up an iptables rule for that.

You only need to mess with bridging and VLANs if you want to set up the second subnet on the same router. That is doable but a little more complicated, and since you already have the second router...
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1407

PostPosted: Tue Feb 13, 2018 23:02    Post subject: Reply with quote
Just wanted to add: The simpler solution is the better and least error prone. Try not to over-complicate things or you will be unhappy.
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6856
Location: Romerike, Norway

PostPosted: Tue Feb 13, 2018 23:55    Post subject: Reply with quote
You are missing the nvram commands that configures the switch.

nvram set vlan3ports="3 4 5"
nvram set vlam1ports="2 3 5"
MaxKraft
DD-WRT Novice


Joined: 12 Feb 2018
Posts: 3
Location: Germany

PostPosted: Wed Feb 14, 2018 9:24    Post subject: Reply with quote
@Wildlion: Yes, you are right: Keep it simple and stupid.

I will implement the solution from slice1900 and post my results for the next guy having this problem.
MaxKraft
DD-WRT Novice


Joined: 12 Feb 2018
Posts: 3
Location: Germany

PostPosted: Thu Feb 15, 2018 13:31    Post subject: Reply with quote
To complete Ok, now it's working as I want:

I used the wan-port to open a second lan (192.168.2.0/24). With iptables I made some fw-rules to deny and accept all i want and now it's working fine.

I tried that proposed solution 4 weeks ago but I didn't get it worked because once I installed some iptables-rules the router got so busy that it still couldn't answer to ping requests (Netgear WNDR3300). Then I bricked my router, unbricked it, tried another version, bricked it, tried lede and bricked it again. After installing the latest build (DD-WRT v3.0-r34876 mini (02/08/1Cool) the router is now working as I wanted.

To create iptables-rules I used fwbuilder and set the router to use jffs. Otherwise (with nvram) - the router won't start - I think because of less memory.
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1407

PostPosted: Fri Feb 16, 2018 0:03    Post subject: Reply with quote
Great!! If you ever need help with rules do not be afraid to ask.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum