ARMada

Replacing Frontier’s Router with OpenWrt and Static IPs (A Wild Ride)

by

Vex
in ,

Alright, let’s talk about Frontier’s router. If you’ve ever tried to replace it with your own OpenWrt setup, you’ve probably screamed into the void like I did. Their documentation? Nonexistent. Their router? Blocking my DNS queries on UDP 53. (Yes, the router. Not Frontier. You’re welcome for that revelation.)

But hey, I survived—and now you can too! Here’s my slightly chaotic journey of getting Frontier’s static IPs working on OpenWrt.

Step 1: Figure Out What You’re Dealing With

Frontier’s setup goes like this:

  1. A WAN IP that might be dynamic or static. (Mine was static, but good luck finding out.)
  2. A static IP block routed through that WAN IP. (Their router conveniently didn’t explain this either.)

Step 2: VLANs, Bridges, and Tears

  1. Go to Network > Switch in OpenWrt and create a new VLAN for your WAN interface.
  2. Bridge it. Why? Because that’s what makes this magic work.

Step 3: WAN IP Setup

Add the WAN IP and gateway under Network > Interfaces:

  • WAN IP: Something like 192.0.2.10/25.
  • Gateway: Probably 192.0.2.1.

Pro tip: If your ISP uses PPPoE, now’s the time to enter your credentials. (And don’t forget to breathe.)

Step 4: Scripts Are Your Friend

Save this script as /etc/firewall.user. It does the heavy lifting with NAT and forwarding rules, dynamically handling high or low gateway setups.

#!/bin/sh
# Define the static IP block
subnet="192.0.2.0/29"
override_gateway="192.0.2.6"

start_ip=$(ipcalc $subnet | grep HostMin | awk '{print $2}')
end_ip=$(ipcalc $subnet | grep HostMax | awk '{print $2}')
gateway=$(ipcalc $subnet | grep Gateway | awk '{print $2}')

if [ -n "$override_gateway" ]; then
    gateway=$override_gateway
fi

base_subnet=$(echo $start_ip | cut -d'.' -f1-3)
start_octet=$(echo $start_ip | cut -d'.' -f4)
end_octet=$(echo $end_ip | cut -d'.' -f4)
gateway_octet=$(echo $gateway | cut -d'.' -f4)

if [ "$gateway_octet" -eq "$start_octet" ]; then
    exclude_gateway=$start_octet
elif [ "$gateway_octet" -eq "$end_octet" ]; then
    exclude_gateway=$end_octet
else
    exclude_gateway=$gateway_octet
fi

for i in $(seq $start_octet $end_octet); do
    if [ "$i" -eq "$exclude_gateway" ]; then
        continue
    fi

    ip="$base_subnet.$i"
    iptables -t nat -I PREROUTING -d $ip -j DNAT --to $ip
    iptables -t nat -I POSTROUTING -s $ip -j SNAT --to $ip
    iptables -I FORWARD -d $ip -j ACCEPT
    iptables -I FORWARD -s $ip -j ACCEPT
done

Step 5: Enabling Proxy ARP

Here’s the cool part. You can configure Proxy ARP in OpenWrt without manually poking around /sys. Just add this to your WAN interface in /etc/config/network:

option ip4table 'main'
option proxy_arp '1'

Restart everything. Pray. (But mostly restart everything.)

Step 6: Make Sure firewall.user Is Running

Add this to /etc/config/firewall so OpenWrt actually runs your script:

config include
option path '/etc/firewall.user'

Then:

/etc/init.d/firewall restart

Conclusion

Congrats! You’re officially smarter than the Frontier router. If this worked for you, let me know. If it didn’t, let’s troubleshoot and cry together.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *