I'm new to the forum, and I did a little bit of searching, but I didn't find the answer yet, so I thought I would make a post. Forgive me if this has already been answered, or if it's not the appropriate place for the post.
I have a DSL modem that I operate in bridge mode, that I then connect to my wireless router. This works quite well, but it's very difficult to administer the modem, as once I'm in bridge mode I can't access the modem gui through the router. My current setup is as follows:
Modem: SmartRG SR516AC in bridge mode, 192.168.1.1 ip address
Router: Dlink something(can't remember the exact model) running Openwrt, 192.168.1.2
If I disconnect the router from the modem and connect my laptop with a fixed ip on the same subnet (for instance, 192.168.1.8), I can administer the modem, but i can't access it through the router.
Is there any way I can set this up so that I can administer the modem more easily? I'd be ok SSH'ing into the router and then telneting or SSH'ing into the modem, but this doesn't seem to work either.
Does your service use DHCP or PPPoE for connection to the ISP? If PPPoE, you often need to make an alias interface on the wan to enable upstream connections to the modem itself. However, if it's DHCP is should 'just work', provided that your subnets don't overlap.
Let's take a quick look at your config:
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):
Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:
Thanks for all of the help! A few questions, and comments:
I do indeed use PPPoE, so I’ll have to make an alias interface on the WAN.
I’m not at home at the moment with access to my OpenWRT router, but I’ll send the contents of /etc/config/network when I get a chance
Are there any tutorials that help explain what is happening at the various network layers with what I’m trying to achieve? I think what is happening is that somehow (maybe at a software layer?) the router is bridging the WAN and LAN interfaces, but I don’t fully understand why they can’t be on the same subnet (assuming there are no ip conflicts).
Precisely. You'll create a new network interface with a static IP in the 192.168.1.0/24 network using device @wan. Assign this new interface against the wan firewall zone.
Please do if you'd like assistance in setting up this new network.
Tons of them on the web in general, and lots of discussions on this forum and the OpenWrt Wiki, too. Just use the forum search.
That said, all subnets on a router must be unique and non-overlapping such that there is no ambiguity in the routing tables. If things overlap, routing breaks.
With that in mind, your lan interface's subnet will need to be changed before you add the new network to access the modem since those will conflict.
You may be wondering why you don't have a conflict now, though. The reason is that your wan interface uses PPPoE which encapsulates the packets into PPP frames, rather than just standard raw IP packets flowing through the interface. This is also why you cannot reach the modem itself currently -- the wan on your router is one end of the PPPoE connection, with the other being at the ISP's headend. This behaves like a tunnel, so the things between (i.e. your modem) aren't 'seen' by your router and the network behind it. Creating the new wan-facing (but not PPPoE) interface will allow you to communicate with the modem, but now you'll need to ensure that the lan and new wan facing subnets don't overlap (which currently they will).
Thanks Peter! I appreciate the explanation of why it works with the same IP while using PPPoE. I guess what I still struggle with is the fact that the router can’t deal with two things on the same subnet, one on the WAN, and the other on the LAN. Assuming that there are no ip conflicts, I don’t see what the issue is. Is this because it would mess with the NAT rules, effectively making a NAT loop where it would try to NAT traffic from the WAN side, instead of just from the LAN side?
Rather than actual address conflicts, think of it as ranges of addresses. Now, think of this like a hotel... you get out of the elevator/stairwell and you see a sign that says:
400-450
400-450
(and let's assume it's not a loop that you can keep walking around)
Which way to you go? If both directions (i.e. 2 network interfaces) have the same ranges, even if there weren't overlapping numbers/addresses, you won't know which way to to go. There needs to be zero ambiguity about which interface is to be used for each network range/address.
400-450
