Attaching HomeLab lan to home Wireless

I am trying to do something I thought would be easy. I have a home lab of non-wireless devices that I want to run as a lan with access to the home network (comcast xfinity WIFI router) for access to the internet (and for my laptop to ssh into the homelab machines).

Xfinity is at 10.0.0.1 with a subnet of 10.0.0.0/16 dhcp serving 10.0.0.20-10.0.0.199

My router has a wwan interface (I created it) on 10.0.0.251. I have this attached to my network
My lan is subnetted to 10.0.10.0/24.
The br-lan interface on the router is 10.0.10.250 I can reach this.
lan computers (lab equipment) have static ip's on the 10.0.10.0/24 subnet

I can reach the router from both networks but IP traffic is not flowing across.

First, let me know if I am testing this the right way. I ssh into the router and attempt
ping -I br-lan 10.0.0.251 meaning pinging the wwan interface from the lan interface. I don't get any responses.

ping -I wlan1-1 10.0.10.250 does not work either
but ping -I wlan1-1 10.0.10.250 does work.

I am sure I am missing some simple step of plugging things together. If there is a simpler way to do this without introducing yet another wireless access point (Which I think would be needed for WDS) is there a way to do this?

root@OpenWrt:/etc/config# cat network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd4d:1b17:a490::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1.1'

config interface 'lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        list dns '10.0.0.1'
        option ipaddr '10.0.10.250'
        option device 'br-lan'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '2 3 4 5 0t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '1 6t'

config interface 'wwan'
        option proto 'static'
        option ipaddr '10.0.0.251'
        option netmask '255.255.255.0'
        option gateway '10.0.0.1'
        list dns '10.0.0.1'

config route
        option target '10.0.10.0/24'
        option interface 'wwan'

config route
        option interface 'lan'
        option gateway '10.0.0.1'
        option target '0.0.0.0/0'

config device
        option name 'wlan0'

config rule
        option out 'lan'
        option dest '10.0.10.0/24'
        option in 'wwan'

config rule
        option out 'wwan'
        option in 'lan'

image1221×527 14.4 KB

What you’re trying to do is called symmetric routing. There is a requirement that the upstream router must have the ability to set static routes. If this is not available, you cannot achieve your goal. But assuming it is, you’ll add a static route on the main router that is:

10.0.10.0/24 via 10.0.0.251

Once that route is in place on the main router, you will disable the masquerading on the wan firewall zone of the downstream router (i.e. the OpenWrt router). And, finally, you’ll add a forward rule from wan > lan.

All of this should be deleted:

I can't add a rout to my Comcast/Xfinity router (not surprising), so I will need yet another router.

What is the easiest way to perform this (basically I need ethernet connections where I have wife but no hardline available. I can add a wireless router via ethernet to my xfinity/router/gateway and then another in my office(homelab). But since I am doing this, what is the easiest way to set this up.

is Symetric routing a reasonable solution (and can I still do it in this configuration).
Is WDS the right solution?
is there a "point to point bridge" capability that makes the most sense?

Thank you. Somehow I thought this would be easier.

If you don’t need to have symmetric routing, you can simply use it as is with your lab machines on a different network. However, if you want them to be on the same network, you’ll need to use relayd (wds and 802.11s mesh won’t work unless you have another openwrt router upstream).