Can you explain in detail what an openwrt firewall is?
I have my home network divided into multiple VLANs, with a main router running OpenWrt forwarding between VLANs, where each VLAN equals a firewall zone. Zone wan hosts the Internet router.
Firewall zone settings in Luci are:
default input=ACCEPT output=ACCEPT forward=REJECT
private->guest,nas,offsite,wan input=ACCEPT output=ACCEPT forward=REJECT
nas->offsite input=ACCEPT output=ACCEPT forward=REJECT
offsite->NIL input=ACCEPT output=ACCEPT forward=REJECT
guest->wan input=ACCEPT output=ACCEPT forward=REJECT
wan->NIL input=REJECT output=ACCEPT forward=REJECT MASQUERADING
Now, I have configured Luci's uhttpd to ONLY listen to the router's external IP address (192.168.2.1) in the private zone
uci delete uhttpd.main.listen_https; uci set uhttpd.main.listen_http=192.168.2.1:80; uci commit; /etc/init.d/uhttpd restartWhy can I still access 192.168.2.1, and thereby Luci, from a computer (e.g. 192.168.5.200) located for instance in the guest zone? I was expecting there to be no forwarding from guest->private, but it seems the input=ACCEPT of the guest zone makes the router accept the package addressed to him even the destination IP address is in the private zone.
Is that really intentional?
The OpenWrt Project is a Linux operating system targeting embedded devices. Instead of trying to create a single, static firmware, OpenWrt provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application.
- I had a old post regarding how to install OpenWRT into VMWare.
- OpenWRT in Vmware as a light weight router and virtual host
- For me, OpenWRT is a perfect solution to run in my virtual environment. It can be ran as a light weight router to connect two different networks simulating two offices.
- It also can act as an Firewall to filter the traffic crossing OpenWRT. It took a little resources fro your CPU, Memory and Hard Drive.
- There are lots of situations when I created my lab, I will need only a small device acting as an router. All traffic has to be passed but two networks are having completely two different network addresses.
Here is an example topology:
192.168.196.0/24 ——– (192.168.196.2/24 OpenWRT 192.168.2.39/24) ——— 192.168.2.0/24 I do not need NAT since both network should see each other’s real IP. Firewall can be disabled, but I am not sure how to do it from OpenWRT. So here are some of my steps I did to allow all traffic passing through OpenWRT. 1 Interfaces configurationLAN interface has an ip : 192.168.196.2/24. WAN interface has an ip: 192.168.2.39/24 with gateway 192.168.2.1 and DNS: 8.8.8.8