Allow one single WAN device to connect to LAN

xifi-kif · October 1, 2018, 7:36am

Hello everybody,

I have this configuration:

Internet
| 
L routerA (LAN 192.168.10.1) 
    |   |
    |   L PC1  192.168.10.198)
    |
    L routerB (OpenWRT-Wan:192.168.10.2-Lan:192.168.137.100)
         |
         L PC2 (192.168.137.9)

To provide more info: routerB's wifi is connected as a client to routerA's wifi, providing the bridge-lan internet connection. (routerB also as a guest-vlan on wan port, but this should not be important for this topic).

Basically what I want to do is to allow (only) PC1 to connect and use services provided by PC2, such as ping, mount network drives, connect to specific port...

I'm far from an expert, but playing with iptables (adviced by a more expert user) I managed to arrive at this point:

iptables -I INPUT -p icmp --icmp-type 8 -s 192.168.10.198 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -I OUTPUT -p icmp --icmp-type 0 -d 192.168.10.198 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p all -s 192.168.10.198 -j ACCEPT
iptables -I FORWARD -i wlan0 -o br-lan  -j ACCEPT

But this doesn't work

I hope I provided all info.

Thanks for any help

mbo2o · October 1, 2018, 7:45am

have you added a static route on each router to reach the other subnet ?

https://openwrt.org/docs/guide-user/network/routes_configuration

xifi-kif · October 1, 2018, 7:52am

From routerB (and its subnet) I can by default reach routerA (and its subnet), so I guess a route for routerA is not needed (correct me if I'm wrong).

I'll read the doc provided to make a route for routerB and let you know, thankyou.

mbo2o · October 1, 2018, 7:55am

You are correct, my mistake

xifi-kif · October 1, 2018, 8:02am

Ok, so I did what is in the link (I did from Luci, result should be the same)

config route
        option interface 'wwan'
        option target '192.168.10.198'
        option netmask '255.255.255.0'
        option gateway '192.168.10.1'

But this doesn't seem to work

mbo2o · October 1, 2018, 8:21am

You said it is working from routerB, you need to add static route to routerA like this, please double check it, I haven't tested example.

#network
config route
            option interface 'lan'
            option target '192.168.137.0'
            option netmask '255.255.255.0'   
            option gateway '192.168.10.2'

OR

#host
config route
            option interface 'lan'
            option target '192.168.137.9'   
            option gateway '192.168.10.2'

xifi-kif · October 1, 2018, 8:32am

Oh, right. The problem is routerA has not openwrt, since it's my isp's HG8245. I guess I'm stuck then... Any plan B?

mbo2o · October 1, 2018, 8:33am

Add a static route to PC1

OR

Double check RouterA doesn't have option for static route

xifi-kif · October 1, 2018, 8:50am

Thanks for you patient.

RouterA does have it...

but when I try to apply the route it fails:

so as you adviced I tryied on PC1 sudo route add -net 192.168.137.0/24 gw 192.168.10.2 dev wlp2s0 and it does work.

Thankyou very very much!

system · October 11, 2018, 8:50am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.