Allowing 2 interface to connect

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi

I have a bare openwrt router, with 2 ethernet port

One port is set to 192.168.1.3/16
The other, to 192.168.1.5/16

If I connect a cable one port, I can access Luci, but can not ping the other interface

(Ping 192.168.1.5 -> no route to host)

How to make the 2 interfaces exchange data ?

Thank you very much

2

can't route between those two, same subnet.

or it's not a router.

4 Likes
3

You cannot have two interfaces with the same subnet. It breaks routing.

What exactly are you trying to achieve, though. If this is a single device with 2 ports, those ports can simply be bridged together if desired. But I am a bit confused as to why you want to transfer data between two ports on the same device - it doesn’t seem to have a practical function.

3 Likes
4

The complete setup is
(A) a Wifi AP (no control over it)
(B) this device with 2 ethernet and one Wlan

Wlan connects properly on the AP (gets a 192.168.1.21 IP)

Can get acess to it from 192.168.1.3

I tried to reduce the complexity by avoiding the wifi amd replicate with 2 ethernet

5

you're still not routing, I agree with @psherman why this set up ?
are you using the computer as a switch ?

6

I changed the IPs

image

Still, connecting from 10.0.0.x does not give access to 192.168.1.201

any clue ?

7

that's because both interfaces are in the lan firewall zone.

1 Like
8

why would the firewall interefe here ? I do not have limitation set in firewall

9

image

I changed the zones. same result

10

This is the firewall now

image
image1030×271 18.1 KB

11

You've been asked before, what are you trying to achieve?

1 Like
12

the AP is my internet access (can't configure nothing), and the box in on my lan (home, with about 20 devices around)

13

Why is it so un-obvious to let 2 interface communicate ? (whatever they are, and for whatever reason)

1 Like
15

What does that mean ?

16

THe target is
image

17

You have the following options:

Both Ethernet ports can be bridged.

2 Likes
18

@vgaetera is spot on. You have the two options listed in the above response.

Based on your diagram, it appears that you want the "other devices" to be on the ame subnet as the upstream connection. This means that you should follow the wifi extender link.

19

As far as your router is configured: I guess this should work. At least your router is not blocking anything.
Your firewall zone "lan" has a default behavior of "Forward" set to "access" as of the third drop down field in your screenshot.

I guess the devices in the 192.168.0.0/16 range on your WAN port simply don't have a route telling them traffic targeted at any 10.0.0.0/16 device had to be routed through 192.168.1.201. Why would they. There's really no reason for your ISP modem to even know anything about your 10.0.0.0/16 range, not be available at all and especially not being available via 192.168.1.201.
The situation is often called "there's no return route in place".

You can varify this by using tcpdump on your routers "phy0-sta0" port (as you called it in your second diagram). You will see packaes going out but not coming back.

Just as an example:

  • Your ISP router has 192.168.1.1
  • Your router has 192.168.1.201 on its WAN port
  • Your router has 10.0.0.2 on its LAN port
  • Your computer has 10.0.0.100 as it is connected to your routers LAN port
  • Some other device, e.g. a printer, has 192.168.1.150 as it is connected to your ISPs Wifi
  • Now go to 10.0.0.100 and "ping 192.168.1.150".
  • The traffic will go from 10.0.0.100 into 10.0.0.2, out of 192.168.1.201. It will reach 192.168.1.150.
  • Then 192.168.1.150 tries to respond . The answer goes from 192.168.1.150 into 192.168.1.1, leaving your ISP routers publc interfaces and off into the internet.

So your problem is with your network architecture in general.

My suggestion would be

  • to put the wifi uplink back into the WAN firwall zone,
  • to re-enable the "Masquerding" checkbox for the WAN firwal zone
  • and not to have any devices at all at the 192.168.0.0/16 side of your network. Everything should go to the LAN side of your network and get IP addresses in the 10.0.0.0/16 range.

Of course "routed client" or "wifi extender", as @vgaetera and @psherman suggested, will work, too. But that will render every other OpenWRT feature you might want to use in the future completely numb because it will reduce your OpenWRT device basically to a cable.

As a side note: Why are you using /16 networks? That's frankly insane.
Especially the 192.168.0.201/16 doesn't seem right. It looks lik your ISP tried to somehow make shure none of its customers uses a personal router of its own and doesn't VPN into anouther network (e.g. from your employer) as well, because there's a great chance they overlap. That's basically what happened in your first post: You created two completely different networks, used overlapping IP ranges and wondered why they would not communicate.
If I were you, I'd have a chat with my ISP to not use 192.168.0.0/16 but 100.64.0.0/10 for customer links. See: https://datatracker.ietf.org/doc/html/rfc6598

1 Like
20

You are confusing routed client and Wi-Fi extender scenarios.
The first half of your reply is what a routed client should be.

21

1 - I still have not solved the initial question (having 2 interfaces on OpenWrt with 2 IPs, communicating with each other)

2 - I resolved the wifi issue with relayd, putting a 192.168.2.10 IP on my router , keeping the /16 mask so my box is visible from the lan, and the relayd make it communicate between the 192.168.1,1 of the ISP to the 192.168.2.10 of my box, and further to any other device on the LAN side