As mentioned before, I have flashed LibreCMC on TP-LINK WR1043ND v1.6 with WiFi disabled. It is my backup router. Because my ISP support 2 IPs, and the new cable modem does come with 2 ethernet ports, I have one port connecting to my DIR-882 (using Padavan firmware) serving the main floor and my bedroom in 2nd floor with WiFi enabled. The 2nd port is now connected to TP-Link WR1043 in the study room. Now, I want to create a separate VLAN for miner, so, it is separated from my test equipment. So, I update LibreCMC to 1.5.14. It requires the "Keep Settings" to be unchecked for the upgrade. Please check the link below before proceed. Since it was a backup router, it does not matter for me if the settings are wiped.
Releases - Gogs (librecmc.org)
There is not many guides in the internet for LibreCMC. Since it is based on OpenWrt 19.x, I check the youtube guide below.
How to Create a VLAN - A Beginner's Guide // OpenWrt Router (Up to 19.x) - YouTube
How to configure OpenWrt as Firewall for your home network and Guest Wifi and IPTables explained - YouTube
First step is to go to Network > Switches. You will see VLAN 1 and 2 populated already. Now, add a new switches with VLAN 5. I pick LAN port 3 for VLAN 5 which will be used by the miner. VLAN 1 will be used for test equipment (LAN port 1, 2 4).
Second step is to go to Network > Interfaces. Click "Add new Interface" to add a new interface named VLAN_5. Below are the rest of settings.
Protocol: static addresses
For my setup, "Create a bridge over Multiple Interfaces" is unchecked since WiFi is disable.
Cover the following interfaces: select eth0.5 (automatically created when VLAN 5 is created in previous step)
Then, go to Network > Interfaces again. Click on the VLAN_5 interface and apply the settings below.
Protocol: Static address
Bring up on Boot: checked
IPv4 address: default gateway for subnet VLAN 5
IPv4 subnet mask: select the subnet mask
Then scroll down to DHCP server section.
Select the range for DHCP client IP address and the lease time.
Click on Advance Settings under DHCP section. Make sure Dynamic DHCP is checked.
Now, click on Physical Settings tab. In my case, Bridge Interface is unchecked since WiFi is turned off and the correct Interface eth0.5 is selected for VLAN 5.
Next, go to Firewall Settings Tab. Create a new firewall zone called VLAN5 for VLAN 5.
Lastly is to config firewall. For VLAN_5, I don't want the miner to reach the router other than getting IP and DNS resolution but will have access to internet. Also, it cannot reach to VLAN 1.
So, setup VLAN5 zone to allow VLAN5 forwarding to WAN to get internet access. Input and forward are set to reject and Output is set to accept.
To allow client (miner) in VLAN_5 to reach to router for DHCP and DNS, setup a rule to "Accept Input" from VLAN_5 to router IP at 53, 67 and 68.
There are other exception rules predefined. You can disable them based on your requirement.
