Access client device

Hello ,
I have 5 openwrt devices
Everyone`s subnet is
192.168.1.1/24 Main device
192.168.2.1/24 client
192.168.3.1/24 client
192.168.4.1/24 client
192.168.5.1/24 client
All clients are connected to main device through wifi.
How can i access these client subnet from Main Device?
Thanks.

Make a hole in the fw, on each device.

1 Like
  • Turn off masquerade on client devices
  • In the main device, set Static Routes to each client subnet via it's WAN IP at 192.168.1.xxx/24
1 Like

What's the reason for you having 5 devices as routers? Are those separate buildings/houses/flats with individual WAN uplinks (and you want to keep it that way), or was using 5 routers just the way you imagined setting this up?

I have 6 different subnets as well, but I only have one OpenWRT configured as router and 6 other OpenWRT devices configured as dumb APs. Every subnet has its own vlan and spans its own Wi-Fi SSID, of course.

That way, I can make every vlan to firewall zone "LAN" on the one routr I have and create an easy traffic rule that allows traffic "from lan to lan".

If you have 5 different networks where 4 use the main one as "WAN", then you need to have not-NAT-ed routing (as in "how traffic is allowed") configured properly and all of them and especially introduce proper routes (as in "every device needs to know which router is responsible for which IP range").

Having only one actual router and 4 "dumb AP" devices makes this easier.

4 Likes

I agree with everything that @golialive has said... In addition, you can setup a management network for the network infrastructure devices (i.e. APs and the router, managed switches if you have any) so that you can administer those all on a single network. And by setting up a single router with all the subnets, administration becomes much easier overall and you can make firewall rules that provide access and/or isolation with whatever level of granularity you want.

1 Like

Thanks,
I followed your instruction, now i can access the client device from its IP address (like 192.168.1.173)
but when making static routes it doesn't work and can't access 192.168.2.1 .Is there any missing point i can do?

I have these devices in college and I made everyone to have mjpeg server and the simplest configuration came to my head is this because i'm newbie at this field.
So can i make them to work in repeater mode and access each one's server?
Thank you.

I'm confused at what you mean, as both steps were required to make it work.

Did you make the 4 static routes the main router?

Yes I made them but didn't work .
What i mean is that i can access luci from the IP address that the main device gave them (like 192.168.1.XXX)
but when i need to access subnet (like 192.168.2.1/24) after adding static routes it didn`t work.

No clue what you mean.

Let's take a look, please provide the four config route statements in /etc/config/network

If you have 4 additional routers in addition to the main router and each "client" subnet is routed at each "client device" (router) then the main router needs a static route to each "client subnet" ip address range.

If this is your setup, I'd probably set up static IP addresses for each client router on the 192.168.1.0/24 network since I don't know how to make routes track a dynamic IP address.

Did you turn off masquerading on the downstream routers and allow wan > lan forwarding?

1 Like

(This is what the OP was instructed to do.)

1 Like

The routers are in college right now and it's closed ,So i will provide it ASAP.
Thank you.

It was my mistake .I added route like 192.168.2.0/24 instead of 192.168.2.1/24 and worked .
Thank you.

This is the route/subnet, but if .1 works, OK!

:+1:

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.