Almost there! Need a little help

[bob]

I followed this tutorial Deploy WFilter with a virtual openwrt gateway



I think I have everything setup right. It was a little confusing because my network used 10.x.x.x not 192.168.x.x. Anyhow I fired up Wfilter and for the first time I got a 90% pass! The only thing that did not pass was account monitoring I did not set that up.



But I can still only monitor the local laptop that had Wfilter on it. I can see the other PC's but their web visits are not being logged. I think I'm confused about step 3. Disable DHCP in current gateway.



I have one of those new Comcast Routers. How do I disable DHCP? Here are the only setting it has







Thank for any help, I hope its possible with these new routers...

[bob]

So my modem is an Arris tg862g. I've been reading that to disable DHCP I actually need to call Comcast and have them put the modem in bridge mode. Ugh. Doesn't that disable wireless?



Looks like I'm back at square one again. What is the solution? Port mirroring switch I guess?

[imfirewall]

The theory of "virtual gateway" is to make this virtual gateway acting as the default gateway of your network.



Though default ip range is "192.168.151.0", you can modify it to "10.x.x.x" in "lan interface" settings in openwrt web UI.



Actually, there are two subnets in your network:



1). subnet between the "virtual gateway" and real gateway. (subnet1)



2). another subnet served by the virtual gateway. (subnet2)



So, for client devices to obtain correct ip addresses of subnet2, you need to disable dhcp service of subnet1 which is provided by your current router.



If you're using static ip addresses, you can forget about the dhcp settings.



To disable dhcp in your Comcast router, I would suggest you to check Comcast manual or contact their support.

[imfirewall]

Steps to check whether your virtual gateway are working:



1. Assign a static ip address in a client computer to check.(ie: 192.168.151.101, gateway: 192.168.151.1, dns: 8.8.8.8), if the network topology is correct, this client computer shall be able to access internet.



2. Use dhcp to obtain ip address in a client computer to check whether it can obtain ip address of 192.168.151.x. Otherwise, existing dhcp service is not stopped yet.

[bob]

For clarification can you help me out with a simple network setup?



Say I have this:



Main router Router: 192.168.1.1



WFilter computer: 192.168.1.17



So now in open wrt I have BR and LAN



What do I make all these settings?



I'm confused at so many IPs and then add in this VM box



Should BR be what? WAN same as Wfilter computer IP?



Then Wfiler has another IP 192.168.151.100?????



Can someone write a simple step-by-step for such a simple network?



Instructions like "The default Wan ip address is "1.1.1.1", you need to modify it according to your network settings." To what? 192.168.1.1???

[imfirewall]

The Wan ip address of openwrt shall not be 192.168.1.1, just pick up a 192.168.1.x ip address, for example: 192.168.1.18(gateway shall be 192.168.1.1)



We have listed major steps in the blog article. Let me know which step confuses you.

[bob]

This is what my setup is right now. I would like to get everything working on my "Test" network before I try and deploy this on the "Main" network. Do you think that will be possible?

[imfirewall]

Certainly you can test it before deploying in the main network. However, your diagram is too small to be recognized. Can you post a better diagram with larger size?

[imfirewall]

Actually, adding the virtual gateway brings no physical change to your current network topology. It replaces current gateway only by changing ip settings.

[bob]

imfirewall wrote: Actually, adding the virtual gateway brings no physical change to your current network topology. It replaces current gateway only by changing ip settings.

Ok, I'll give it a shot. Thanks for the help. One question, am I suppose to enable DHCP on BR or LAN? They both have the option.