Access between Lan and Wan

Hello there!

Im new here, please help me to config my router using Openwrt

I have an IPS router named A using 10.0.0.1/24.

There are 2 routers connected to A via cables:

Router B (for Wi-Fi) using 10.1.0.1/24 and Router C (OpenWrt router) using 10.2.0.1/24.

I want to bridge between routers A, B, and C so that devices connected to any router can access devices connected to other routers.

For example, currently, a device with IP 10.1.0.2 can connect to a device with IP 10.0.0.2 by default

But a device with IP 10.2.0.2 cannot connect to either 10.1.0.2 or 10.0.0.2 and vice versa

Thank you for reading.

Can you set a static route on the isp router?

It's not possible. IPS routers are very limited, they cannot be configured for anything beyond wireless, DNS, and subnet settings.

Then your best chance is to setup both routers as Dumb AP:
https://openwrt.org/docs/guide-user/network/wifi/dumbap

In theory it is possible to set the static routes on each client, and then allow incoming traffic on router B and C.
For OpenWRT those firewall rules are (both for connecting to the router and for connecting to the LAN clients):

/etc/config/firewall

config rule
	option name 'allow_forward'
	option src 'wan'
	option dest '*'
	option target 'ACCEPT'
	list src_ip '10.0.0.0/8'
	option enabled '1'

config rule
	option name 'allow_input'
	option src 'wan'
	option target 'ACCEPT'
	list src_ip '10.0.0.0/8'
	option enabled '1'
2 Likes

Thank for your help. I will check it

1 Like

Hi mate
I ve check that config and seem its cant apply
I got this messages when restart firewall

  • Rule 'allow_forward'
    ! Skipping due to different family of ip address
    ! Skipping due to different family of ip address
  • Rule 'allow_input'
    ! Skipping due to different family of ip address
    ! Skipping due to different family of ip address

Should i do both Dumb AP and firewall or only firewall setting is enough?

Firewall settings are only if you set a static route and as you cannot do it on your ISP router you have to set it on each individual client probably not what you want.

The alternative is to setup as a Dumb AP, for that you do not need any of the firewall rules I gave.
The Dumb AP is on the same subnet as your main router so you will have seamless access.

2 Likes