You definitely have some of the best videos I have come across on OpenWRT.

I've been needing this video for months. I've found OpenWRT to be so confusing. This is explaining exactly what I wanted to know. Thank you so much.

OMG! Your explanation of the firewall in OpenWRT was the final piece in the puzzle for me - it all clicked with this video, thank you

This is such an awsome video! I am just getting started with OpenWRT and LUCI and I have been looking for this kind of video for weeks. Love the level of detail and the screen captures.

Just the video I needed - can't wait for the VLAN to 2nd access point episode! I've just set up a two OpenWRT router system because of your fast roaming video.

Best set up video for beginner to achieve a perfect network settings with full understanding of how the os does this.

Simple and effective explanation by covering the audience from beginners to advanced.

This is such an incredibly helpful video for newcomers to OpenWRT. Very high quality an informative. The way you explain things is so clear. Thank you!

Hey man, are you a teacher?! This video is the one that I was looking for and Your explanations are GREAT! OpenWrt is not that simple (and the wiki is confusing IMO) but you make things easier. Keep it up, please !

Wow.. just incredible the clear, simple, and well detailed explainations you give to whip a segmented home network that probably will apply to the 99% of us out here... big fan and love what your doing!

Darn, your videos are so clear and well-presented.

To be honest, brilliant! It's not only that you explain it simple and brilliant, in addition you really lern!

You are doing exactly what I am trying to do. Thank you for the clear explanation!

Kudos. Very informative video and without substantive errors on the topic, and showing the proper understanding of underlying mechanisms This is the proper way in which OpenWrt configuration should be explained.

After many hours of struggling with OpenWRT in the past months, finally came back to it and re-watched your series on OpenWRT, I think I have a handle on it now (which probably means I don't understand it 🙂 ), and now have Guest Access points and its all working well..... its a steep learning curve with Openwrt, didn't get the fundamental building blocks of "interfaces" and how they relate to the router, to physicall ports and other network dark arts, but its now making much more sense. Many thanks Marc....

Thank you for that great explanation of firewall rules! I really needed this. Great work!

Thanks, this was really helpful. Your explanations gave me enough info to be able to tailor everything to my own needs without being completely lost. The screens shown are a little out of date for the latest version of OpenWrt but are still quite usable.

This is the best channel on Openwrt and some more, please continue !

Definetly one of the best videos on OpenWrt Firewall settings. Thanks a lot! brillant.

Thanks so much for all those great video Marc.. It's really helping me to go everyday a step further on my home network. It takes time, but I will get there...

That was excellent - thank you for demystifying openwrt firewall settings

Thanks so much for being so clarified, Mr.!☺

This channel is a treasure! Thanks you!

Thank you for this superb video. I finally could understand the firewall in OpenWRT easily!. Subscribed and waiting for more OpenWRT master classes 😉

Hi Marc. I would like to see another video in this series and I believe it is a must. Setup of IGMP snooping and mDNS so devices and services can be discovered across the network. This would provide a seamless experience for the users.

Thank you so much for the effort you put to create this video.

great video, clear and amazingly helpful. in openwrt 22.03.5, the "bridge interfaces" checkbox in the "add new interface" menu is no longer there, is there something i need to do in this version to acheive the same thing?

So good. Thank you for clear explanation!

Very helpful, Thank you!

Please visit my channel page: kzfaq.info Want to talk to me? Join my Discord Server: discord.com/invite/DXnfBUG

So good! Congratulations.

Great video, clear. Thank you.

I am *completely* in agreement with you about the need to block IOT devices from phoning home.

The best video for openwrt. Thanks you so so much for this.

This is so good. Thank you very much for sharing.

I think I should follow all the instructions in the video, even liking and subscribing hahaha

Thank you very much 😊 Great explanation

Great openwrt videos,same case in my home,i want to trunk two openwrt routers with diferent vlans,thanks!!

Awesome content! Thank you… I see many new projects in my future. New sub!!! 👍🏾❤️

This is am outstanding video. I hope your channel is successful. You deserve it. I am subscribing.

Another great video. I've been reading documentation for days to find out what and how I have to configure a OpenWrt router. Just like Franceso Pocci, I find the OpenWrt documentary very confusing. Only when you understand how it works can you understand it :( And like Colin Nicholson, I'm excited about the expansion to include VLANs. You have a talent for explaining complicated things simply. Great. And that with the proverbial "German thoroughness" Last night I managed to flash my Archer C7 on OpenWrt. Had the latest TP-Link firmware and unfortunately only worked with TFTP. It took me a long time to find out that media sensing was the problem to get TFTP to work. :( I'm going to do the configuration right now. I will try myself to get VLAN working too... Many greetings from Braunschweig to Berlin

thank you for such amazing videos.😍

i'm from indonesia, i didnt speak english well, need more focus to understand what the meaning of so i've watch this video again and again great job, thank for your explaining video

Great tutorial

Thank you so much 👍👍👍

great video once again

Thank you Sir

Wonderful.

very nice, thank you sir...

Awesome Thank you!

First of all, I would like to thank you. And I would like to ad just one small thing. I forgot the rule for the IOT-DHCP part in the firewall configuration section. Without it the IOT devices will never get the IP addresses 😀

Thank you.

I took inspiration from my video... 😀

Well explained and sumarized the firewall concept of openwrt, not available in utube though it is in openwrt forum scattered in bits and pieces. Looking for videos on : 1. parent contro traffic rules, esp this pandemic season it all the more imperative. Kids are smart with their whack a mole device outwits the tagged IP or MAC in traffic rules. 2. Access openwrt router from internet (we have one of the wifi tagged to OpenVPN). No videos on this in you tube. Hope there would be enough requests for these and would be helpful to mmany openwrt users. Thanks in advance.

Thank you for the great content! I would like to know a bit more, how do you configure the provider's router LAN output and the first OpenWRT WAN input area? Do you allow the provider's router to make the NAT? Or will it be done also in the OperWRT?

Excellent

Great video, i'm often refering to it whenever my memory fail me :) I do have a question: On my iot zone, how would you enable smtp only to go through wan so my wireless cameras can send me emails on events. Your instructions on iot zone restrict access globally under zone forwarding proving no wan access. Would you go the by the trafics rules instead to permit only smtp protocol. Thank again for your great tutorial.

Thanks for the explanation, it was very clear. I have been fooled by that double "forward" setting! If I can ask, what hardware did you use to install OpenWRT on?

Really well organized and informative! Thanks so much! Just wanted to clarify around the 8:52 mark: If I want to separate these rules, wouldn’t DNS be using UDP and DHCP using TCP? I think you might have flipped them.

Hey Marc, first of all thanks for this very good tutorial, which helped me very much! Also I got a question: I would like to specify a firewall zone for a specific port on my router. Is that possible? How? Thanks a lot in advance!

This is a great video, and I used it to setup my home network with just a few customizations, but I just tried this again using OpenWRT 22.x and the changes are just too important, especially the missing "Bridge Interfaces" option which also breaks the wireless network setup. Can you please consider updating this video with a 22.x version? Thank you.

Very enlightening! What if i have an NVR and connected it the IOT wifi, will it be able to notify me incase I turned on the Detect Motion and Notify me. Thanks and More Power!

Hi, thank you for sharing this info, question, is there a way for Block access using MAC Filtering , I just want to allow wireless connection for those devices with MAC address in my list. Regards !

Hello, excellent your lessons! :) any lesson to configure "Nat 1:1 in openwrt " or netmap - Dnetmap "??

Great video helped out a lot as openwrt does things differently than other custom firmwares. One thing though my tv won’t connect to the IOT wifi I created is it due to way the forwarding because the tv needs an wan connection? Or am I understanding this wrong.

@10:30 what does the enabling "Bridge interfaces" here actually do? How did it help in the "next episode" and what would have happened if we didn't enable it? BTW: GREAT OpenWRT explanation. Firewall Zones on OpenWRT is a hard topic for me, but now I more or less get it.

Thank you for this tutorial good Sir! This is verify helpful to me. Just want to add 1 question Sir. Is there a way to separate browsing (wanA) and gaming (wanB) on different wan interfaces with a failover option?

Marc - great content really enjoyed it. Just one observation in relation to the OpenWrt firewall gui screen and your comments around 6:30. Earlier in the video you explained nicely about the different tables and chains involved but your comment about ignoring the forward chain setting on the right hand side of the screen threw me at first. You are basically saying ignore it (in fact I could just set the forward action to reject) as it has no effect at all as you should actually control forwarding through the edit menu function and by how you configure the two drop down menus at the bottom of the screen i.e. "allow forward to destination zones" and "allow forward from source zones". Just thought I would check my understanding is correct? thanks again

Marc, great video, convinced me to move to OpenWRT with all my thought to restrict the local devices I have as much as possible. One question though - why not restricting IoT devices to access my router? I'm not an expert, but doesn't those smart plugs represent a trojan horse for someone who knows what to do with them once they can ssh to my router? What if we "reject their input" and create the same rules as for Guest Network with DHCP rule only?

Would you mind sharing what router models you use/suggest for the Router/Firewall and Access Point Devices? Thanks for these videos, I've been struggling in vain to do a similar setup using dd-wrt.

Hi, you are a great trainer. Your explanations are clear and calm. I do have a problem.. I followed your steps but I run into some issues: 1) any cable I plug in the router LAN ports seem to be routed to guest lan. 2) also the normal wifi is routed to Guest lan. I checked and rechecked your video and I dont seem to do anything different. I use Luci 21.02. Do you think that has different settings? I must say that the GUI is just a bit different an so some of the options. Any chance you can review this tutorial with the latest Luci? or give me some suggestions? Thank you

Thanks for the great content. I followed the procedure and put iot devices as well as my printer into a different subnet. Now my computer can't find the printer. Could you please tell me how to make my printer accessible by my computer and mobile phones?

Just to double check two things at 5:32 when you say that the output is set by default so the router may access all other zones, can you think of a scenario where you wouldn't wat that to happen? Also at 5:40 you mention that everything is kept its in own zone, do you mean that everything its kept in its own network within the zone that the forward policy is applied to? Want to make sure my understanding is correct, thanks again for the wonderful vids!

i want to open the iot network for mqtt at port 1883 for the lan network, so that my iot devices can send packages to a mqtt broker which is in lan. I dont know how to handle it.

Thank you for the video! I have set up a guest wifi on my Openwrt 19.07 router. Everything works as it should, and the guest clients connected to the guest SSID cannot ping LuCi or any other IPs in the LAN zone. BUT I want the guests to be able to communicate with one IP in the LAN zone, a brother network printer. I checked what common ports are used for network printers and I have set up a traffic rule allowing use use of those ports only to the IP of the printer in the LAN zone. But I cannot access it from the guest clients. Only if I allow "Forward to destination zone LAN" in the firewall zone settings in the guest zone, the devices in the guest zone is allowed to reach the printer, but then they can access the rest of the IPs in the LAN zone as well. How can I make the traffic rule somehow override the Firewall zone settings?

Great video again Marc :-) I have a question, is it possible to put one or more of the ethernet ports in a zone that way putting it on a seperate real network like you did with the firewall zones as opposed to a vlan?

You are genous

This video only made me realize I do not have the basic skills. This is gonna take a while. But hey, that's the fun of it!

Hi! Actions ACCEPT, REJECT ... etc. are used when we talk about rules in the chain (with appropriate criteria for a packet in these rules) but not to the chain itself. How it can be understood? Does it mean that chosen action is applied for all rules in the chain? Thank you!

Hi, great videos. One question though, why does your IoT network have access to the router interface/login page? I had a rogue IoT device previously attempting user/Pw combinations, I really want to avoid this. How would I block them from seeing my router? You also said you don't want devices on your IoT network to phone home. How would they continue to work if blocked from WAN? E.g blink cameras, nest doorbells etc as they need Internet?

@OneMarcFifty at the 10:39 mark you ticked the bridge interface box, in 22.03 that box no longer appears and we have to manually create a device to configure. What physical devices are you bridging by ticking that box?

Running 22.03, and setting up a zone to reject input, let's say from a guest network, is yielding all devices on the interface, in that zone, with the inability to get a IP from the DHCP server. In order for the devices to connect to the internet, they need to be configured on the device end to have a static IP within the range... I think openWRT in a update changed the way these firewall zone rules work?

Nice explanation. I just flashed openwrt to my router. I have a raspberry Pi running multiple applications on docker connected via ethernet. They all have unique IP's on my LAN ( by creating a macvlan network). Is it possible to isolate one application (using one unique lan ip) so that it cannot access other LAN devices?

Great channel, Great instruction too but for the life of me just could not get this tutorial to work on a Linksys EA3500 running OpenWRT 21.02.3. That said, OpenWRT's Guest WiFi Basics CLI command list also would not work which may mean the issue is with the router (or the seat to kybd interface).

Thank you very much for the video. It's a pitty, it is outdated. I cannot follow with the video, because in the new openwrt version things are different, starting with creating interfaces. Is it possible to update the instructions?

Thank you very much for your videos, they were really helpful for setting up OpenWRT :) Quick question: How can we isolate devices from each other in the guest network? I have created a bridge device br-guest bridging br-lan.3 and bat0.3 (I use batman-adv) and added it to the guest network. Communication between lan and guest is blocked, however the devices in guest can see and access each other. Checking AP isolation on the radios and bat0 seems to change nothing. On DD-WRT i had to manually setup ebtables. Is there any way to set this up with luci? Thanks a lot!

Hi Marc, quick question for you. @10:30 you mention to Bridge Interfaces, but now on latest 22.03 version that isn't there anymore. Do we need to do something different now? The only thing I could see in regards to bridging was to select the device to "Bridge: "br-lan" (lan)" but that seems to do something different...Thank you.

Marc, do I need to add a new interface for each Vlan ID I want my router to recognize or is adding it on the "Switch" page enough? And also do i add firewall zone settings for each? I may be thinking too complicated for this and it's much simpler than I thought

Hi thanks for the tutorial. Very well done. I have a question: since I follow the tutoria and created the 2interfaces for IOT and guest, all my physical ports seems to fall under the IOT DHCP server. What am I doing wrong?

Is there to still block devices on the iot firewall from the internet, but also certain ones. For example a smart TV, Google home, or HA server

I had an IOT WiFI access point, with its own SSID and password but associated with LAN (so not network separation). I followed most of the setup here to use a separate zone: ping works but my Kasa switches are no longer acessible. This is because broadcast is used to retrieve the switches, but local broadcast does not reach the IOT (different address space). I found the udp-broadcast-relay-redux package, which does exactly what I need. If I launch it by hand to forward LAN broadcat requests to the IOT zone, then everything works. I checked and found that this was installed as a service, with a UCI-style configuration in /etc/config. However, no matter how I configure it, it does not start any instance of udp-broadcast-relay-redux. No error shown in the log either. After looking at the init script, I found that I needed to fill the "Service" attribute of the IOT interface: now "uci get network.IOT.device" returns the proper value, but the service instance still does not start. My contribution to call to action: a tutorial on how to make udp-broadcast-relay-redux work would be really nice. PS: I followed the demonstrated setup, and it worked fine (beside the broadcast issue, which I should have anticipated), even while the "Bridge Interface" option was not visible in Lucy. I understand this option was only enabled for future setups, and I guess that this is no longer needed.

Thank you so much for this wonderful video! At 10:25, I'm not seeing a "Bridge Interfaces" option in the current version of Luci. Proceeding to create an interface without that option shows "Device: Not Present" under status. Any idea what could be wrong?

Hi Marc. First of all your videos are very helpful and I'm great full for you putting in the time in teaching. However, I'm having an issue that didn't work on my end (7:08 mark). I followed everything on the guest zone, then I tried on that zone with my laptop to see if it works but, it let me ssh. I must've missed a step. I watched the video over a bunch of times. And I can't seem to get out of this loop.

Hi Mark! In openwrt version 22.0.3, when creating a network interface, you need to select a device. Apparently for the guest and IOT you need to create a new device?

how do we do this in the new 22.x.x version of open wrt, the "physical settings" disappeared and now we have the "devices" tab

Hi - I'd like to add a comment that took me hours of frustration. The 'interface' names need to be created in lowercase - otherwise there will be no IP assigned even if it's setup properly. I didn't try all capital - but a mix of lower/upper case resulted in a connection to the guest network, but no internet/obtained IP. One thing I can't get working, is connecting over wifi to the "IOT" wifi network. Was that not the intention based on these instructions? Basically, I wanted a separate "guest" network for IOT devices that can't see my LAN. I can connect to the "GUEST" network fine, but not the "IOT" one.

I only have 2 radios, so I created my primary and Guest network as described in the video. I'd like an IOT network, so how can I create a second network on one of the radios?

Hi Marc, thanks for the video, it really helped me a lot! I have one question about my specific setup. I have one device which needs to be able to talk to all iot devices, the iot devices need to be able to talk to that one device and this but only this one device needs to be able to access the wan zone. Right now I located that one device in the iot zone but don't know how to setup a rule so that this one device can access the wan. Can you help me with this one? Thank you!

Nice video, already learned a lot. "IT" is complex but so interesting. The only thing that does not works for me, is my IOT wifi channel. My Smart lamps are on a cloud depended service. Perhaps somebody has a solution for this?

Thanks for the videos! I am trying to follow you to achieve the dumb AP vlan over one cable, but when I try to create the new interface I do not see the "Bridge Interfaces" checkbox (video @ 10:44) and then when adding Interface my status shows "Device: Not Present" while you show "br-GUEST" (video @ 10:54). I am on the Belkin RT3200 snapshot r21517-d7876daf65. Anyhow, it seems maybe I missed where the device br-GUEST was created. Any ideas?