Our first x86 OpenWRT Firewall setup part 2 Multiple Public ips MacVlans VLans the smart easy way скачать в хорошем качестве

Our first x86 OpenWRT Firewall setup part 2 Multiple Public ips MacVlans VLans the smart easy way

#OpenWrt #x86 #Marvell #AQC113C #10gb #PCIe #Upstream #Downstream #VLan #PublicIpAddresses ******Validate after re-upload************* Update 1 June 2025 - Wi-Fi only works with interfaces that are using Bridge devices, you cannot use a Vlan device directly like so many tutorials have shown anymore. At least since using 24.10 the Wi-Fi now REQUIRES a bridge device to be used on the interface you attach it to in the wireless settings for a particular SSID. It will not work with an Interface using ANY other device that is NOT a regular bridge. ALSO, you now need to specify a rule (OpenWRT -- Network -- Firewall -- Traffic Rule) allowing the firewall zone you assign to the vlan interface to PING the router. If you don't do this, the Wi-Fi device will fail to get an ip address, this is something new and could be fixed later on, so test without it first and if the Wi-Fi device still can't get an ip address, try adding a ping rule for the zone the interface is tied to. so: Name: - whatever you want Protocol: ICMP Source zone: Firewall zone you assigned to the interface source address: Not needed Destination zone: Device (Input) everything else not needed to be changed Side note: Don't worry about anything I don't mention like the MTUs I set to 9000, that's for jumbo frames which I'm doing some testing on regarding ipv6 specifically 0:00 Let's pick it back up from where we were 0:40 Flashing the routers and showing the new recovery state in OpenWrt *Rebooting sometimes puts it out of it, otherwise you have to reflash it WITH the sysupgrade file versions. 4:20 Continuing with the snapshots since we live life on the edge ssh root@192.168.1.1 apk update && apl add luci 11:08 Now let's setup the upstream router Packages to install: kmod-macvlan luci-app-mwan3 14:30 Now setting up the devices and interfaces -- 1. When using MacVlans the main device CANNOT be used by anything (Example: Macvlan from port 1, port 1 SHOULD NOT be used anywhere, only the MAcVlan Device made off of it). -- 2. For the love of god, don't push your luck getting more than 2 public ip addresses and blowing our methods up so nobody can do this. Of course it's only a matter of time, but lets enjoy this while we can until they start giving out ipv6 public ip addresses. 18:30 Setting up multiple internet interfaces -- 3. Mwan3 specific: Requires DNS and Gateway metrics to be used on each internet bound interface, please pay attention to that and adjust how you want. I set a weight of 1 on the main wan interfaces, and then a weight of 2 on the backup interfaces, 24:00 Important, bridging the two VLan devices to ensure pathway -- 4. Vlan Devices don't always communicate with each other on the same router, so I recommend putting a downstream VLan device (Lan ports) on the same bridge as the upstream VLan port (wan port). There's probably more ways to do this, but this is what I did. 30:10 Now setting up the Firewall Zone for the VLan and GUI Access 33:00 Recap of what we did for the Upstream router 35:03 Now touching the MultiWan3 stuff -- 5. mwan3 Interface names MUST match the name of the interface on OpenWrt -- 6. Helpful public DNS addresses you can set: -- -- -- -- OpenDNS: 208.67.222.222 || 208.67.220.220 -- -- -- -- Cloudflare: 1.1.1.1 || 1.0.0.1 -- -- -- -- Google: 8.8.8.8 || 8.8.4.4 **IPv6 DNS Addresses: -- -- -- -- Cloudflare: 2606:4700:4700::64 || 2606:4700:4700::6400 -- -- -- -- Google: 2001:4860:4860::8888 || 2001:4860:4860::8844 48:38 *Note: change ALL rules you need, I forgot the https rule 52:20 Now testing that the multiple internet interfaces work. **Skippable -- 54:20 Future me showing the public ips being obtained and used I don't live in the area or have public ip addresses even closely related, so I deemed it fine to still show this, also why it took me a minute to release the vid as it was the last ones I made just before moving and didn't have time to edit and release before having to move. Also, if you wait long enough, the router does get a second ip address, it just takes longer then you'd expect. The delay could of been firmware related also, as since a firmware, the router gets the ip addresses much faster now, remember I'm using snapshots so your experience may differ. 1:03:48 I know, I can't help myself to not try and figure it out live -- Skippable** 1:12:14 Now back to setting up the downstream router 1:16:00 The best part yet, VLan'd Wi-Fi Devices -- 7. in the SSID settings, if you go to Interface Configuration - Advance Setting, there's a "interface name" section where you can actual name it do it's not the default phy0-ap0 type of names for the Wi-Fi devices. 1:24:10 Verify everything works and setting some last setting changes 1:27:45 Tired, but going to show I can connect to my firewall still 1:31:50 This is why it's SOOOO important to reboot to verify *Remember x86 devices sometime need to be powered off and back on as rebooting doesn't always bring everything up 1:38:20 Final Recap