editor
471
edits
OpenWRT routers: Difference between revisions
Configuring the local network - devices, interfaces, zones
m (Tidy up, not assuming /64) |
(Configuring the local network - devices, interfaces, zones) |
||
|
OpenWrt fully supports IPv6, as well as IPv4 and dual stacks to enable the mix of both protocols.
You can do some quite advanced configurations of the local network. But first you have to understand OpenWrt's naming convention.
== Devices ==
Devices are the actual network hardware identifiers, like you see in ''ifconfig''. So eth0, eth0.1, phy0-ap0, phy1-ap1, br-lan, and pppoe-wan are all ''devices''
== Interfaces ==
Interfaces are groups of one or more devices, an interface named ''lan'' could contain the device ''br-lan''. Similarly an interface named ''wan'' could contain the device ''pppoe-wan''.
== Firewall zones ==
OpenWrt current versions provide a Zone Based Firewall. A zone is a collection of one or more interfaces. Much of the work of configuring the firewall is defining the rules for traffic between zones.
The OpenWrt documentation likes to confuse new users by defining zones with names like ''lan'' and ''wan'' - which are also usually names of ''interfaces''. But the ''lan'' zone isn't the same as the ''lan'' interface. So let's try to be sensible here - zones will have ''CAPITAL'' names, and interfaces have ''lower case'' names.
So you'll probably start with two zones, a zone named ''WAN'' which covers the ''wan'' interface, and a zone named ''LAN'' which covers the ''lan'' interface.
Then you can define two relationships - how to deal with traffic between the ''LAN'' zone and the ''WAN'' zone, and how to deal with traffic from the ''WAN'' zone to (actually) everywhere else.
== Adding more zones ==
Suppose you want to create a guest WiFi network. You start by creating a new bridge device, then create a new access point (probably on an existing radio) and connect it to that bridge. Then you probably need to add a new interface in order to use different IP addresses from the DHCP server - let's call it ''lan2''. And now you have to decide whether hosts on the guest WiFi network have access to the hosts on your LAN zone.
If you want guests to have access to the LAN zone, then just add the new ''lan2'' interface to the list of interfaces covered by the ''LAN'' zone, job done.
If you want guests to have no access to the LAN zone, then you need to create a new zone (let's go wild and call it ''GUEST'') and define its relationships to the other existing zones. We want to have the same access to the WAN zone, so we configure that relationship like the ''LAN'' zone. But we want the ''LAN'' and ''GUEST'' zones to be separate, so we don't define any relationship between them.
| |||