Installing what I have was quite an adventure and I don't know that I want to upgrade unless there is a good reason.
Yes, I agree. I am currently trying to create a firmware image of 18.06.4 but with a few patches to the mt76 driver, as snapshots contain support for 5 GHz on my Asus RT-AC51U, but 18.06.4 from June does not. I think.
Would you recommend it? And if so, why? Will it add capabilities? I am afraid to find out something was made worse.
It will be supported up to version 19.07, but not later versions, because it has only 4MB of Flash.
Let's see, by looking at what others who have the same board have said, at the
OpenWrt forum. No, I don't see any issues speaking against using 18.06.
18.06 was released after the OpenWrt-LEDE merge, and includes a much newer kernel and many security-related fixes. So yes, I do recommend updating to 18.06.
I did not even know there was a command line I could use. How do I get to it?
When
you configure the router, enable SSH. Then, you can
connect using SSH to a command line shell on the device.
Yes, I tried putting a line redirecting packets with a specific destination IP address to 127.0.0.1 but it made no difference. I am beginning to realize this is more complex than I thought. i am somewhat familiar with the Windows routing table which is simpler.
Unfortunately, I'm not at all familiar with LuCI, barely having ever used it..
Please remember that the complexity is not just asininity on behalf of the developers, but is a direct result of the wildly varying hardware. The same system works across several completely different architectures, and supports who knows many different chipsets; complexity is to be expected. LuCI itself is even a separate project just shared under the OpenWrt umbrella..
(As an example, in newer upstream Linux kernels, switches (like the LAN1-LAN4 ports on your TP-Link) are exposed as individual ethernet devices, instead of as a switch device -- this is called DSA, distributed switch architecture. However, OpenWrt is based on older kernels where most switches are exposed as a
switch device (controlled by different utilities compared to normal ethernet ports;
swconfig instead of
ifconfig on the command line). OpenWrt firmware images cannot jump from one type of driver to the other as it would break existing configurations (all the custom rules users have set), so typically the older switch device is used.)
(For me, the current hurdle is getting to know the OpenWrt build system better, because I don't just want to recompile an existing firmware image, but modify part of the kernel it uses, while keeping the rest of it compatible with updates. I could use a snapshot instead, but I cannot decide which one to use, as I really would prefer just 18.06 but with slightly newer mt76 driver; and all monolithic, not modular. Yes, I am being difficult...
)
This is way over my head. Rather than trying to do anything useful my objective is to learn so let's do something simple.
Have you read the OpenWrt
quick start or
user guides?
How can I have it drop packets addressed to a certain, external IP address?
Note that a
route describes how a packet is transmitted, but a
filter or
rule determines what is done with a packet. You want rules/filters, not routes.
The LuCI Firewall > Traffic rules interface only defines rules between zones (LAN or WAN) by default, AFAIK. It is an user interface choice, I believe, by the LuCI developers. I'm not sure if it supports adding rules to bridges.
If we look at how current (18.06.4) OpenWrt/LuCI
works on an TP-Link TL-WR841N, it seems quite different; perhaps it would be better if you first moved to 18.06.4 firmware?
In particular, if you want to filter traffic within a zone, you'll need
kmod-br-netfilter and
kmod-ipt-physdev packages, as each multi-port zone is a bridge, I think.
Or, you could configure a different zone for each physical port on the device, so you can use the web interface to define the rules, as the standard interface limits rules to those that apply packets between zones, not within a zone. (If you have a switch downstream from the TP-Link, and two machines are connected to that switch, they can always see each other, as the packages no longer go through the TP-Link; so, the zone configuration reflects real world pretty well then.)
I suppose this zone-per-port is the simplest, most straightforward way to get to exploring how the filtering works, however.
I am afraid that this is one of those cases where previous Windows knowledge may be a hindrance, and not very helpful. The fact that you know about IP addresses and TCP and UDP ports helps; but the structure and operation of the filtering and tables themselves... Be prepared to be annoyed at things working differently than what would feel intuitive to you!