Allowing 2 interfaces to communicate (rephrasing)

grosjo · August 20, 2023, 7:58am

I have the following setup : A bare OpenWrt box , with 2 ethernet port

Each port has a fixed IP (call it IP1 and IP2), access 2 different networks (say IP1 = 10.0.0.2 and IP2 = 192.168.1.12)

Problem : Connecting on eth0 (IP1) does not allow to access eth1 and vice-versa

How to resolve this problem ?

Thank you

andyboeh · August 20, 2023, 9:17am

Is the OpenWrt box the default gateway for both subnets? If not, do all clients receive their IP configuration via DHCP and can you change the DHCP server?

eduperez · August 20, 2023, 9:21am

Connecting both networks through the OpenWrt router is trivial, you just need to add two forward rules (one I'm each direction). The problem, as pointed out by @andyboeh, is how to tell devices on each network that they should use the OpenWrt box to reach the other network.

grosjo · August 20, 2023, 9:32am

Yes, I tried that, packets arrive on one interface, but nothing goes out on the other

krazeh · August 20, 2023, 9:32am

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall

grosjo · August 20, 2023, 9:32am

How to do that ?

grosjo · August 20, 2023, 10:27am

No dhcp, no firewall, just the default config post 'mtd' with 2 interface

krazeh · August 20, 2023, 10:32am

How about just posting the configs? If you want assistance then you need to put in some effort as well.

grosjo · August 20, 2023, 10:47am

Because it is completely useless

Anyway, here the files asked

/etc/config/firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config include
        option path '/etc/firewall.user'

/etc/config/dhcp -> inexistant

/etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan1'
        option device 'eth0'
        option proto 'static'
        option ipaddr '192.168.1.12'
        option netmask '255.255.255.0'

config interface 'lan2'
        option device 'eth1'
        option proto 'static'
        option ipaddr '10.0.0.2'
        option netmask '255.255.255.0'

krazeh · August 20, 2023, 10:52am

As a starting point assign the interfaces to a firewall zone. Either the same one or separate zones with forwarding allowed between them.

grosjo · August 20, 2023, 10:53am

Not going to have a firewall.. I just want to have the 2 interfaces talking to each other

krazeh · August 20, 2023, 10:57am

Look if you want people to take time to assist then you're going to have to take the time to do what is asked of you. We're not suggesting things just for a laugh or the sake of it.

If you don't want to do that then you're not going to get far in reaching a solution.

grosjo · August 20, 2023, 11:01am

My initial question is not about firewall or DHCP, but on how to make the 2 interface talk to each other

krazeh · August 20, 2023, 11:02am

And my answer addressed that question.

dave14305 · August 20, 2023, 11:17am

This thread is the sequel to a similar circular discussion yesterday.

grosjo · August 20, 2023, 11:40am

Yes indeed.

Anyone can please read properly the question and give some hints ?

krazeh · August 20, 2023, 12:07pm

Here ya go.

eduperez · August 20, 2023, 12:23pm

In OpenWrt, having "2 interface talk to each other", is part of the firewall configuration. Even if you do not want a firewall, it's much easier to follow the advice received, and use the firewall configuration tools.

Otherwise, this is not a question about OpenWrt, but about the underlying tool, called "nftables": https://wiki.nftables.org/wiki-nftables/index.php/Main_Page

mk24 · August 20, 2023, 12:25pm

If this OpenWrt box is not the main router in the LAN network either or both networks, the network devices will not know to route through it to reach the other LAN. The best solution is to install static routes in both main routers to point to the other LAN via the OpenWrt box's IP on the local LAN.
In subnet 1 main router install route 192.168.1.0/24 via 10.0.0.2
In subnet 2 main router install route 10.0.0.0/24 via 192.168.1.12
Again these need to be configured in the network's router, not the OpenWrt box in question here.

These routes could also be installed manually on the network endpoints, or pushed to them by DHCP, but Windows in particular is not built for routing and may fail to handle them properly.

If you set the default firewall forward rule to ACCEPT (the default is REJECT) and make sure not to assign either interface to a firewall zone, the firewall will allow forwarding between such unassigned zones. This is about as close as you can get to having no firewall.

psherman · August 20, 2023, 1:59pm

Are the files provided complete? For example, in your previous thread, there were many more sections in the network config file.