I have a Linksys router, replacing stock firmware with OpenWRT and am attempting to set up a DMZ for a Linux web server following the method and steps outlined in the
OpenWRT wiki
When I made the changes, I lost my internet connection to server and Windows box. I wasn't even able to ssh into router to undo changes via either. I was only able to ssh through wireless connection via my laptop-- that was a little scary for a minute as it looked like the router had been bricked.
There are two steps that are unclear to me and I could please use help understanding what I'm not getting right.
(1) Changes made to /etc/config/network
Code:
/etc/config/network
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'interface' 'lan'
option 'ifname' 'eth0'
option 'type' 'bridge'
option 'proto' 'static'
option 'netmask' '255.255.255.0'
option 'ipaddr' '10.42.43.1'
option 'gateway' '10.42.43.254'
config 'interface' 'wan'
option 'ifname' 'eth1'
option 'proto' 'dhcp'
config 'switch'
option 'name' 'eth0'
option 'reset' '1'
option 'enable_vlan' '1'
config 'switch_vlan'
# 0 - 3 are ethernet ports 4 - 1 respectively
# 4 is WAN port
# 5 is internal connection (not used)
# old configuration:
option 'device' 'eth0'
option 'vlan' '1'
option 'ports' '1 2 3 4 5'
# new configuration (did not work):
# option 'vlan0' '1 2 3 5*' # The default LAN, but port 0 has been removed
# option 'vlan1' '4 5' # The default WAN
# option 'vlan' '2' '0 5' # The DMZ
# config 'interface' dmz
# option 'ifname' eth0.2 # This corresponds to "vlan2" above
# Thre rest is the same as for a typical LAN interface:
# option 'proto' static
# option 'ipaddr' 192.168.0.1 # This is a separate network
# option 'netmask' 255.255.255.0
(2) Setting up the firewall
I don't understand the last two lines to be entered for the firewall changes, as shown below. I use DDNS as I can't afford a static IP for my web server. How do I modify those last two lines to accommodate my circumstances?
Code:
# Make 192.168.2.2:80 publicly accessible
config 'redirect'
option '_name' 'http'
option 'src' 'wan'
option 'proto' 'tcp'
option 'src_dport' '80'
option 'dest_ip' '192.168.2.2'
# Allow the DMZ to access 192.168.1.4:5432 (%%FIXME:%% UNTESTED)
config 'rule'
option 'src' 'dmz'
option 'proto' 'tcpudp'
option 'dest_ip' '192.168.1.4'
option 'dest_port' '5432'
option 'target' 'ACCEPT'
Please let me know if you need more info. and thanks in advance for any assistance.