Access OpenWrt router via LAN

This may have been answered previously, but I just can't figure it out.

Internet -> TP-Link Archer A20 -> Linksys WRT3200ACM (WAN port connected to TP-Link LAN port)

The TP-Link is my main router and distributes 192.168.1.x to my network. After figuring out the same subnet cannot be set on the WAN and LAN side of OpenWRT (took longer for me than it should have to figure that out), the TP-Link gives the Linksys a valid address, (I set it to static). The LAN side of the Linksys is set up to distribute 192.168.0.x.

I can ping the Linksys from the 192.168.1.x network but without a direct connection from the LAN side of the Linksys (192.168.0.x), I cannot access LuCI or ssh.

I just want to be able to configure the Linksys from my main network without needing the wired connection to the LAN of the Linksys. I don't need access to it from the Internet, only my LAN. I'm pretty sure I need to set up port forwarding or something on the TP-Link, but that seems to set up traffic coming in from the internet to forward, not traffic from a local machine.

Eventually I will be setting up IPSec with this router, but that's a whole separate can of worms right now.

The way you have set it up now you have a double NAT config with a firewall in both routers.

You don’t say if you really want a double NAT or not. But you talk like you really don’t want a double NAT solution?

The ugly solution is to open the ports in the firewall on the wrt3200.

The technical right way is to reconfigure and control everything (multi interfaces with different gateways and DHCP server) with your primary router. And then use the wrt3200 only as a managed switch (and AP?).

1 Like

It doesn't really matter to me if I have double NAT for now. Once I configure the router, it will be used elsewhere. I just want to be able to access it remotely in my house until it's configured and tested with the setup I'm working on.

If you set Wan Input in firewall to accept. Can you log in to the wrt3200 from wan then?

if you cannot solve somehow to connect to linksys lan port from you management client and really only during for configuration you can even switch off firewall (service firewall stop) ...

i think this better than altering default firewall settings which you will forget to fix before putting in production.

1 Like

So very easy solution. As suggested, I just set the firewall zone for the wan to accept input. Now Luci and ssh work fine for my configuration. Thanks for the tip!

Yes it does solve your direct wish, but I hope you also understand the security implication of this setting if you forget it in Accept.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.