Help with VLAN Configuration (Internet sharing with Neighbour)

Report wireless and/or network connectivity problems in this forum.

Moderator: Moderators

Post Reply
Swallowtail
Posts: 1
Joined: Thu Aug 10, 2017 6:19 am

Help with VLAN Configuration (Internet sharing with Neighbour)

Post by Swallowtail »

Hi guys,

I’d like to share my Internet Connection with my neighbor. I have made a little schematic on the desired setup but it seems I’m not allowed to share images/links, yet.
The basics are easily setup with the Gargoyle Web UI:
WAN via DHCP
LAN and Wi-Fi on 192.168.1.xxx
Isolated Guest Wi-Fi (for my guests)

What I want to add:
Isolated LAN (DMZ) on one port for my neighbour to use with his router

I’m aware that my neighbour will have a double NAT setup though it shouldn’t be a problem in his case.

I found some examples where people achieved similar setups though I was hoping you could give me some help on what to look out for in my case. It will be my first time manually editing the configuration files on my router.

A nice bonus would be a QoS-Setup with the priority on my network.

thanks!

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Help with VLAN Configuration (Internet sharing with Neighbour)

Post by ispyisail »

yeah, just do it

Make sure both routers are on a different subnet

192.168.x.abc

where x need to be different

If both routers are gargoyle things will be easier. (for us anyway)

Timur
Posts: 4
Joined: Tue Jan 09, 2018 2:07 pm

Re: Help with VLAN Configuration (Internet sharing with Neighbour)

Post by Timur »

Hello,
I just configured a DMZ as an isolated lan, not as an exposed host, following the wiki article 'Setting up a DMZ' from openwrt. (Im not allowed to post the link.)
It worked. My RPi-server is now in the DMZ and has open ports, but it's separated from the lan in case things get ugly.

The problem I am facing now is that gargoyle does not monitor the bandwidth usage from 'DMZ' to WAN. Looking at the connected hosts list i can confirm that there are hosts with an ip from the second network 192.168.x+1.abc. Adding port forwards to ip-adresses in the second lan works as well. But gargoyle wont let me select IPs from the second network to show the bandwidth usage. Only IPs from 192.168.1.abc are selectable.

I couldnt find any documentation how to configure the monitoring system of gargoyle. Please give me an advise.

Best regards and a happy new year.
Timur
WNDR3700V1 - routing the interwebs since more than five years.

Lantis
Moderator
Posts: 6735
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Help with VLAN Configuration (Internet sharing with Neighbour)

Post by Lantis »

This isn’t supported
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

Timur
Posts: 4
Joined: Tue Jan 09, 2018 2:07 pm

Re: Help with VLAN Configuration (Internet sharing with Neighbour)

Post by Timur »

Hey,
does this mean ispyisail is recommending to do something,
that renders the unique selling point of gargoyle, the monitoring abilities, useless?
ispyisail wrote:yeah, just do it
Make sure both routers are on a different subnet
...
If both routers are gargoyle things will be easier. (for us anyway)
With this setup it's possible to share the uplink with the neighbour, but you cant monitor bandwidth usage...
I would expect a rather simple modification to the bmon config to add the second interface to be monitored as well. Is there really no chance?
WNDR3700V1 - routing the interwebs since more than five years.

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Help with VLAN Configuration (Internet sharing with Neighbour)

Post by ispyisail »

Hey,
does this mean ispyisail is recommending to do something,
that renders the unique selling point of gargoyle, the monitoring abilities, useless?
I missed the VLAN in the title

Gargoyle does not support VLAN.

Command line only

Lantis
Moderator
Posts: 6735
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Help with VLAN Configuration (Internet sharing with Neighbour)

Post by Lantis »

Please remember that this is community members helping community members. We don't always have all the answers, and we don't always get it right.

No, there is basically no configuration available for the bandwidth monitor.
You can:
- Turn it on/off
- Enable high definition monitoring (more datapoints per time period)
- Enable a custom interval
That's about it.


If i was doing this, i would not use a VLAN. I'd just use a firewall rule to stop the hosts downstream from routing to the upstream LAN, only to WAN.
No this isn't a firewall rule i can help you write.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

Timur
Posts: 4
Joined: Tue Jan 09, 2018 2:07 pm

Re: Help with VLAN Configuration (Internet sharing with Neighbour)

Post by Timur »

Hey,
thank you for the clarification.
What I can recap is:
The Gargoyle GUI doesnt support VLANs, but you can set them up via command line. This approach works, but monitoring multiple interfaces is again not supported in GUI...

--------------------

Reverting to a singe network and using firewall rules to isolate a client might be a solution.
One question: Does the traffic between to clients in the same (V)LAN go through the firewall in gargoyle?

Code: Select all

client 1  \
           \(VLAN1)
             switch -- firewall
           / 
client 2  /
Best regards,
Timur
WNDR3700V1 - routing the interwebs since more than five years.

Lantis
Moderator
Posts: 6735
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Help with VLAN Configuration (Internet sharing with Neighbour)

Post by Lantis »

In the same LAN no.
As VLANs are also at the switch level, I expect they also don’t go through firewall but I don’t know it for certain
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

Post Reply