Learning to use OpenWRT Vol1
This post contains my learning notes for OpenWRT configuration. If you requires the full documentation about OpenWRT, please check here.
OpenWRT box = VLAN-configurable switch + a wireless port + a Linux host
Internal wire holds the switch and the host together.
VLAN tagged packets are exchanged within the wire.
All of the physical ethernet ports on the box are just ports on a single internal switch.
Use VLANs to separate the physical ports into logical groups.
Two examples of OpenWRT architecture:
By default, the switch has to VLANs.
Port 0 is configured as VLAN1, and this is labelled on the case as WAN.
Ports 1-4 are configured as VLAN0, labelled on the case as LAN1-4.
If you wanted, you could actually configure the WAN port as a LAN port, and a LAN port as the WAN port – the label on the chassis simply shows the WAN port in the default config. (Please do not do this, it makes things complicate.)
Note: The native vlan is not tagged. Only the second VLAN needs to be tagged to separate the two data streams.
Internal port, Port 5, which has a VLAN-tagged connection into the Linux internals. This port is linked to ‘eth0′ on the Asus WL-500gP. ‘eth0′ is not configured with an IP address – the kernel takes the raw packets from eth0 and using the VLAN tags, it sorts the packets from VLAN0 and VLAN1. Packets to/from VLAN1 are then mapped to a logical interface called ‘vlan1′, and packets to/from VLAN0 are mapped to a logical interface called ‘vlan0′.
There is another channel that’s not shown here, which is used to configure the switch itself. The link used to send this configuration is not shown, and is a separate logical device under Linux.
Under OpenWRT, the vlan1 interface is then usually configured with the WAN ip address, and all configuration that applies to the WAN interface (eg iptables rules and routes) are applied to the vlan1 interface.
The vlan0 interface is done a bit differently. By default, the wifi interface (eth2) is bridged to the LAN ports, ie any host associated on the wireless port is automatically in the same VLAN/subnet as hosts on the LAN ports. This is done with bridging (see above). When a bridge is created, a new logical interface is created, called br0, and also as above, this br0 interface is the one that needs to have any IP address configured. So, by default, vlan0 does not have an IP address configured, instead, the LAN interface address is configured on the br0 interface.
There’s also another interface visible from the shell – “eth1″. This doesn’t appear to be linked to anything, and is probably an unused wire on the ethernet controller, so it’s ignored in all configuration. Pretend it doesn’t exist. 
This is the case on the Asus WL-500gP, it may differ on other models
Interface configuration
vlan0hwname=et0
vlan0ports="1 2 3 4 5*"
vlan1hwname=et0
vlan1ports="0 5*"
The “hwname” part is always “et0″. The device “et0″ is the switch itself and tells the system which switch to configure with VLANS. As there’s only one switch, this must always be set to “et0″. If you do not include port 5 in the VLAN then the traffic will remain on the switch and will never be seen by the cpu.
The ports then are configured. The vlan0 (LAN) is configured with four ports, plus the internal tagged port, port 5. The vlan1 (WAN) is configured with only the one port, plus also the tagged port.
This configuration then gives us “vlan1″, tied to the WAN port, and “vlan0″ tied to the other ports. As mentioned earlier, you can change any other port to be the WAN port – just set the vlan1 port to be something else, not that you really need to!
The WAN port is then configured with an IP address and mapped to the logical ‘wan’ interface name:
wan_ifname=vlan1
wan_ipaddr=a.b.c.d
wan_netmask=255.255.255.0
wan_proto=static
Next the LAN side is configured. Because of the bridging, there’s an extra step, but overall it’s similar:
lan_ifname=br0
lan_ifnames=”vlan0 eth2″
lan_proto=static
lan_ipaddr=w.x.y.z
lan_netmask=255.255.255.0
The variable “lan_ifname”, which sets the actual interface to configure the IP parameters with, should of course be br0 for a bridged interface. Then the variable “lan_ifnames” actually sets the interfaces which are to be bound to the bridge interface, in this case the vlan0 interface and the wireless interface. The vlan0 ports were defined earlier as wired ports 1-4, so these plus the wireless interface are now one single logical LAN.
That’s basically how the entire network device architecture is on this box. Below is an example of adding another VLAN.
