Allowing 2 interfaces to communicate (rephrasing)

I have the following setup : A bare OpenWrt box , with 2 ethernet port

Each port has a fixed IP (call it IP1 and IP2), access 2 different networks (say IP1 = and IP2 =

Problem : Connecting on eth0 (IP1) does not allow to access eth1 and vice-versa


How to resolve this problem ?

Thank you

Is the OpenWrt box the default gateway for both subnets? If not, do all clients receive their IP configuration via DHCP and can you change the DHCP server?

1 Like

Connecting both networks through the OpenWrt router is trivial, you just need to add two forward rules (one I'm each direction). The problem, as pointed out by @andyboeh, is how to tell devices on each network that they should use the OpenWrt box to reach the other network.

1 Like

Yes, I tried that, packets arrive on one interface, but nothing goes out on the other

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall

How to do that ?

No dhcp, no firewall, just the default config post 'mtd' with 2 interface

How about just posting the configs? If you want assistance then you need to put in some effort as well.

Because it is completely useless

Anyway, here the files asked


config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config include
        option path '/etc/firewall.user'

/etc/config/dhcp -> inexistant


config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr ''
        option netmask ''

config interface 'lan1'
        option device 'eth0'
        option proto 'static'
        option ipaddr ''
        option netmask ''

config interface 'lan2'
        option device 'eth1'
        option proto 'static'
        option ipaddr ''
        option netmask ''

As a starting point assign the interfaces to a firewall zone. Either the same one or separate zones with forwarding allowed between them.

Not going to have a firewall.. I just want to have the 2 interfaces talking to each other

Look if you want people to take time to assist then you're going to have to take the time to do what is asked of you. We're not suggesting things just for a laugh or the sake of it.

If you don't want to do that then you're not going to get far in reaching a solution.

My initial question is not about firewall or DHCP, but on how to make the 2 interface talk to each other

And my answer addressed that question.

This thread is the sequel to a similar circular discussion yesterday.

Yes indeed.

Anyone can please read properly the question and give some hints ?

Here ya go.

In OpenWrt, having "2 interface talk to each other", is part of the firewall configuration. Even if you do not want a firewall, it's much easier to follow the advice received, and use the firewall configuration tools.

Otherwise, this is not a question about OpenWrt, but about the underlying tool, called "nftables":

1 Like

If this OpenWrt box is not the main router in the LAN network either or both networks, the network devices will not know to route through it to reach the other LAN. The best solution is to install static routes in both main routers to point to the other LAN via the OpenWrt box's IP on the local LAN.
In subnet 1 main router install route via
In subnet 2 main router install route via
Again these need to be configured in the network's router, not the OpenWrt box in question here.

These routes could also be installed manually on the network endpoints, or pushed to them by DHCP, but Windows in particular is not built for routing and may fail to handle them properly.

If you set the default firewall forward rule to ACCEPT (the default is REJECT) and make sure not to assign either interface to a firewall zone, the firewall will allow forwarding between such unassigned zones. This is about as close as you can get to having no firewall.


Are the files provided complete? For example, in your previous thread, there were many more sections in the network config file.