I used to be able to connect just fine from openwrt from default ip (192.168.1.1), but i changed it to the same subnet as my ISP modem (192.168.0.1), my openwrt router is now 192.168.0.2, and i cant access to my ISP modem now, how can i fix it?
if they're on the same subnet, it's not routing any more, reconfigure it to be a dumb AP
1 Like
If you want to have your OWRT router in the same subnet then consider setting up as a Dump AP
If that is not what you want and just use the OWRT in router mode behind the ISP router then you have to choose a different subnet
1 Like
ok, now i get, but i have another problem, i need to forward ports from my modem ISP to my router (Soulseek, Bittorent, xbox...etc) because it cant be set to bridge mode, but my modem dont let me forward ports to a different subnet, how can i forward the ports?
But i lose some tools and options if i set to Dumb ap, right?
you use the WAN IP your modem assigned your router, assuming it's not set up as a dumb AP, then use the LAN IP.
you'll also have to open the same ports on your openwrt device, if it's running as router.
the thing you lose by using dumb AP, is the firewall on the openwrt device, on the other hand, you're not double NATing.
2 Likes
As @frollic said, if you are double NATing in the network, you also have to forward twice, once in each router to move back across that router's NAT.
Another way is to make the ISP router aware of the downstream LAN so it can reach it with a static route. Then the second router (OpenWrt) does not use NAT. Outgoing connections are single NAT in the ISP router. Incoming connections are still DNAT (port forward) in the ISP router, and then simply routed forward by the second router.
Assume this network exists:
ISP router LAN 192.168.0.1/24
OpenWrt router WAN 192.168.0.2 (set statically or DHCP reservation in the ISP router)
OpenWrt router LAN 192.168.1.1/24
Web server that should be reachable from outside 192.168.1.10 port 443
Then the configuration of the ISP router needs to include:
- Static route
192.168.1.0/24 via 192.168.0.2 - Port forward
wan port 443 TCP forward to 192.168.1.10 port 443
Since the ISP router now knows how to reach the 192.168.1 LAN, ports can be directly forwarded to the web server in that LAN even though it is not directly connected to the ISP router.
The configuration of the OpenWrt router would be as default, except to:
- Disable NAT (masquerade) on the wan zone
- Allow wan->lan traffic dest_ip 192.168.1.10 TCP port 443
By default the firewall blocks all wan->lan connections including the one that is needed to reach the web server. If you fully trust the ISP router and everything on its LAN you could instead check the box for general wan->lan forwarding (of any port or IP). But that defeats a lot of the purpose of running OpenWrt as a router so that there is a firewall.
1 Like
Blockquote
So, I just set a static IP to my router?
And then forward ports to my server as if it was connected to my ISP modem?
[quote]
Disable NAT (masquerade) on the wan zone[/quote]
If I do that my router stops responding
[quote]
If you fully trust the ISP router and everything on its LAN you could instead check the box for general wan->lan forwarding (of any port or IP). But that defeats a lot of the purpose of running OpenWrt as a router so that there is a firewall.[/quote]
Can I forward just the port or IP that I need and not all of them?
Yes, on the wan interface. Or set up a DHCP reservation in the ISP router so that the OpenWrt router as a DHCP client always gets the same address.
If you are logged into the lan side of OpenWrt (192.168.1.X), you should still access OpenWrt. The LAN connection is not affected by the WAN firewall at all. You will lose access to the Internet and the ISP router if the static route is not in place in the ISP router.
Yes you can write a Traffic Rule that is specific to one IP and port. Any other access from the Internet or from the ISP router's 192.168.0 LAN to your OpenWrt 192.168.1 LAN will still be denied then. The default is to deny everything incoming.