Accesing device in another subnet through router OpenWrt

Installing and Using OpenWrt Network and Wireless Configuration
1

I'm facing a problem with setup of router #1, network configured as in the picture:
[network_simplified] https://i.stack.imgur.com/Epu3F.jpg

Both Tp-Link routers run OpenWRT 18.06.4 r7808-ef686b7292.
There's a Device1, which is not configurable at all, has fixed IP address of 192.168.47.1 and runs DHCP server, connects over WiFi. In the same package there's a Tp-Link router (#2) which is configured in WiFi Sta mode with static IP 192.168.47.2. This whole package is a removable device that connects to the main router (#1) via ethernet.
What I need to do is to allow access to Device1 from Other devices in 192.168.50.XXX subnet.

I've tried configuring it using that tutorial: https://openwrt.org/docs/guide-user/network/routedclient.

From router (#2) SSH console I'm able to ping Device1, but from PC connected to #1 or directly to #2 (PC is 192.168.50.111 in that case) via ETH there's no ping.

/etc/config/network:

config interface 'wan'
        option proto 'static'
        option ipaddr '192.168.47.2'
        option netmask '255.255.255.0'
        option gateway '192.168.47.1'
        option dns '8.8.8.8 8.8.4.4'

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd93:58a6:6436::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.50.110'

config device 'lan_dev'
        option name 'eth0.1'
        option macaddr '68:ff:7b:06:65:81'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '4 6t'

config route 'route1'
        option target '192.168.47.1'
        option netmask '255.255.255.0'
        option gateway '192.168.50.110'
        option interface 'wan'

config route
        option interface 'lan'
        option target '192.168.50.1'
        option netmask '255.255.255.0'
        option gateway '192.168.47.2'

/etc/config/wireless:

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'platform/10300000.wmac'
        option htmode 'HT20'
        option disabled '0'
        option country '00'
        option legacy_rates '1'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option ssid 'OpenWrt'
        option encryption 'none'
        option mode 'sta'

config wifi-iface
        option ssid 'TestSSID'
        option encryption 'none'
        option device 'radio0'
        option mode 'sta'
        option network 'wan'
        option bssid '94:E3:6D:7B:69:5B'

/etc/config/firewall:

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option mtu_fix '1'
        option network 'wan wan6 wwan'
        option forward 'ACCEPT'

config forwarding
        option src 'lan'
        option dest 'wan'

config forwarding
        option src 'wan'
        option dest 'lan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

What I need is access from "other devices" in 192.168.50.xxx subent to Device1 (192.168.47.1). It could be either by it's own IP adress (typing 192.168.47.1 in web browser) or if it's possible translating IP 192.168.47.1 to IP in 192.168.50.xxx subnet by router (#1).

How should I configure that?

Thank you in advance!

2

Let's see:

config route 'route1'
        option target '192.168.47.1'
        option netmask '255.255.255.0'
        option gateway '192.168.50.110'
        option interface 'wan'

This is wrong: '192.168.47.0/24' is already reachable on WAN, you do not need a new route, and the route cannot have the router's IP address as a gateway. This rule seems superfluos and wrong to me, I would just delete it.

And the same goes for this route:

config route
        option interface 'lan'
        option target '192.168.50.1'
        option netmask '255.255.255.0'
        option gateway '192.168.47.2'

Delete both routers, and see what happens.

3

These configs are for router#1 or #2?
Device#1 doesn't know about 192.168.50.0/24 and if I understand properly you cannot add a static route there.
So the only solution for you is to NAT (or Masquerade) on WAN firewall zone of Router#1.

Edit: You would also need to add a static route for 192.168.47.0/24 on Router#2 via 192.168.50.110 (Router#1) if you don't want to re-assign the default gateway for all the devices to 192.168.50.110.

2 Likes
4

These configs are for Router #1.
I'll try to add static route to Router #2/

EDIT:
Unfortunatelly, adding static route to router #2 didn't help.
I made new schematic, should be easier to explain now:

Network%20Simplified(1)
Network Simplified(1).jpg601×530 35.1 KB

What I need is an acces to Device1 from PC in network configured as shown above.
I can do everything with configuration in Router #1 and #2, can't do anything with Device 1 settings.

I've tried setting up NAT in Router #2, adding static route to #1 and #2 but nothing worked.
What's working:

  1. Connection #2 <->Device1 - ping is working
  2. Connection #1<->#2 - ping is working, I can access the setup page of router #2.

How should I setup both routers for being able to communicate Device1 with PC?