Created
November 30, 2021 16:15
-
-
Save nemesifier/808bd25a707d85c646a46a40e1317727 to your computer and use it in GitHub Desktop.
OpenWrt: route/NAT all traffic coming from the LAN to a WiFI station
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # this conf allows to connect an OpenWrt device to any WiFi WPA2/3 network which has internet connection | |
| # then allows to connect other routers / devices to the LAN switch of the OpenWrt router or to its WiFi AP. | |
| # The traffic is NATted. | |
| # /etc/config/network | |
| config interface 'lan' | |
| option type 'bridge' | |
| option ifname '<INTERFACES OF BR-LAN HERE>' | |
| option ip6assign '60' | |
| option proto 'static' | |
| # the ip network of the LAN must be different | |
| # than wireless AP we connect to | |
| option ipaddr '192.168.10.1' | |
| option netmask '255.255.255.0' | |
| config interface 'wwan' | |
| option ifname 'wwan' | |
| option proto 'dhcp' | |
| # /etc/config/wireless | |
| # the radio must be on the same channel of AP | |
| config wifi-iface 'wwan' | |
| option device 'radio0' | |
| option mode 'sta' | |
| option encryption 'psk2' | |
| option network 'wwan' | |
| option ifname 'wwan' | |
| option ssid '<SSID>' | |
| option key '<WPA2_KEY>' | |
| option bssid '<MAC_OF_AP>' | |
| # /etc/config/dhcp | |
| config dnsmasq 'dnsmasq1' | |
| option authoritative '1' | |
| option boguspriv '1' | |
| option domain 'lan' | |
| option domainneeded '1' | |
| option ednspacket_max '1232' | |
| option expandhosts '1' | |
| option filterwin2k '0' | |
| option leasefile '/tmp/dhcp.leases' | |
| option local '/lan/' | |
| option localise_queries '1' | |
| option localservice '1' | |
| option nonegcache '0' | |
| option nonwildcard '1' | |
| option readethers '1' | |
| option rebind_localhost '1' | |
| option rebind_protection '1' | |
| option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto' | |
| config dhcp 'lan' | |
| option interface 'lan' | |
| option start '100' | |
| option limit '150' | |
| option leasetime '12h' | |
| option ra_slaac '1' | |
| list ra_flags 'managed-config' | |
| list ra_flags 'other-config' | |
| option ra 'disabled' | |
| option dhcpv6 'disabled' | |
| config dhcp 'wan' | |
| option interface 'wan' | |
| option ignore '1' | |
| config odhcpd 'odhcpd' | |
| option maindhcp '0' | |
| option leasefile '/tmp/hosts/odhcpd' | |
| option leasetrigger '/usr/sbin/odhcpd-update' | |
| option loglevel '4' | |
| # /etc/rc.local | |
| # it should be doable also with the OpenWrt firewall configuration | |
| # but plain iptables is easier. | |
| /etc/init.d/firewall stop | |
| /etc/init.d/firewall disable | |
| iptables -A FORWARD -i lan -o wwan -j ACCEPT | |
| iptables -A FORWARD -i wwan -o lan -j ACCEPT | |
| iptables -t nat -A POSTROUTING -o wwan -j MASQUERADE |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment