Communication between network interfaces in different subnets

Hi,

i'm using TP-Link MR3220v2 with its Openwrt firmware. what I would like to do should be simple, but I am not succeeding. i have 3 devices in two different subnets and i would enable communication through each devices (i don't know if i can say that i would like "bridge" the 2 subnets). this is the devices list:

  1. my pc (IP 192.168.1.65)
  2. my openwrt modem (LAN interface IP 192.168.1.1)
  3. a third device that generates its wifi network (SSID "DESKTOP-CDTLO95-6027") (IP 192.168.137.1)

i connect TP-LINK to my pc via ethernet cable ("LAN" interface of TP-LINK modem) and then i connect the TP link modem to wifi network of the third devices. then i create the new network interface called "wwan" (related to the wifi network "DESKTOP-CDTLO95-6027") with DHCP client protocol.

i follow this tutorial

https://oldwiki.archive.openwrt.org/doc/recipes/relayclient

to "connect" the "LAN" and "WWAN" interfaces (using relayd) but when i try to ping the device IP (192.168.137.1) from my pc (192.168.1.65) i don't recive response.

how can implement a bridge over the WWAN (wifi) and the LAN (ethernet) interfaces? am i okay to use relay for this purpose? are there any way to set up a bridge between wifi/eth different subnet?

Best regards

sorry,

when i say " i have 3 devices in two different subnets and i would enable communication through each devices" it means that my pc has to communicate with the third device with TCP/IP protocol and excange JSON packets

How about ip route add 192.168.137.1 via 192.168.137.177

?

hi kukulo,

thanks for your replay

i change the third device..now it is set on IP address 192.168.43.1

i try your solution in 2 configuration

  1. reset modem, add the interface of wireless network (after wireless scan) and then modify the physical settings of the LAN interface bridging all the network togheter

your solution tells me that file exists
image

  1. reset modem, add the interface of wireless network (after wireless scan) add the bridge interface protocol RELAYD with IP 192.168.43.85, reboot the modem. type your solution but i receive the same output

maybe i have to change some network settings from my PC? Gateway? DNS server?

these are my actual settings

Best Regards

these are the routes tables after use the command "ip route add" a few time

Unassign the wlan0 interface from lan zone. I would now add a different firewall zone (lan2), assign the wlan0 interface to this zone and enable forwarding between zones lan and lan2. The reason, why it does not work now is a different subnet - you are trying to communicate between 192.168.43.X and 192.168.1.X subnets. This does not work by default. There is nothing now that enables forwarding the packets between subnets. We want to do this work by firewall.

i reset the modem, i create the second firewall and enable forwarding but i can't ping the device (ip 192.168.43.1) from my pc (192.168.1.65)

these are my pc IPV4 network settings:
IP 192.168.1.65
subnetmask 255.255.0.0
gateway not set
DNS not set

all of this without set up a relay bridge interface
i try also to execute

ip route add 192.168.43.1 via 192.168.1.1

but it still exists in the route file

do i set some other properties in the firewall section?

these are the actual settings:

best regards

these are port forwards and traffic rules

and these are the network interfaces.
LAN interfacee has
static IP 192.168.1.1
subnetmask 255.255.0.0
IPV4 gateway not set
IPV4 broadcast notset
custom DNS servers NOTSET
in the DHCP server, general setup, there is no FLAG on "Disable DHCP for this interface" option
in the "physical settings" LAN interface bridge the wireless master network "LEDE" and the ethernet switch "eth0"

the WAN interface has "DHCP client" protocol

Paste the output of ip route show. does the ping -I wlan0 192.168.43.1 work from the router?
Try to tick the masqerading option on forward from lan2 to lan.

output:

root@LEDE:~# ip route show
192.168.0.0/16 dev br-lan  src 192.168.1.1
192.168.43.21 via 192.168.1.1 dev br-lan
root@LEDE:~#

yes, the command works from the router. also without the -I option

i have "flag" the option "Masquerading" from lan2 to lan. reboot the router but it doesn't work. i try also to flag only the lan to lan2 masquerading option, but still doens't work. never flagging both of them.

Can you ping 192.168.43.21 from the lan device?
For now leave the masquerading and MSS clamping on only on lan2 to lan. You do not need to reboot your router, just hit save and apply.

i leave the masquerading and MSS clamping on only on lan2 to lan

sorry for the mismatch but 192.168.43.21 is error (i failed to tip the IP) the correct one is 192.168.43.232 that is an other device that is connected to the wifi of the lan2 network

from lan device (my router)


root@LEDE:~# ip route show
default via 192.168.43.1 dev wlan0  src 192.168.43.85
192.168.0.0/16 dev br-lan  src 192.168.1.1
192.168.43.0/24 dev wlan0  src 192.168.43.85
192.168.43.1 dev wlan0  src 192.168.43.85
root@LEDE:~# ping 192.168.43.232
PING 192.168.43.232 (192.168.43.232): 56 data bytes
64 bytes from 192.168.43.232: seq=0 ttl=128 time=116.732 ms
64 bytes from 192.168.43.232: seq=1 ttl=128 time=12.539 ms
64 bytes from 192.168.43.232: seq=2 ttl=128 time=9.117 ms
^C
--- 192.168.43.232 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 9.117/46.129/116.732 ms
root@LEDE:~# ping 192.168.43.232
PING 192.168.43.232 (192.168.43.232): 56 data bytes
64 bytes from 192.168.43.232: seq=1 ttl=128 time=50.286 ms
^C
--- 192.168.43.232 ping statistics ---
2 packets transmitted, 1 packets received, 50% packet loss
round-trip min/avg/max = 50.286/50.286/50.286 ms
root@LEDE:~# ping 192.168.43.85
PING 192.168.43.85 (192.168.43.85): 56 data bytes
64 bytes from 192.168.43.85: seq=0 ttl=64 time=0.646 ms
64 bytes from 192.168.43.85: seq=1 ttl=64 time=0.408 ms
^C
--- 192.168.43.85 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.408/0.527/0.646 ms
root@LEDE:~# ping 192.168.1.65
PING 192.168.1.65 (192.168.1.65): 56 data bytes
64 bytes from 192.168.1.65: seq=0 ttl=128 time=3.191 ms
64 bytes from 192.168.1.65: seq=1 ttl=128 time=2.668 ms
^C
--- 192.168.1.65 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 2.668/2.929/3.191 ms
root@LEDE:~#

from my pc i don't ping the subnet 192.168.43.X, only the devices oves 192.168.1.X

C:\Users\Utente>ping 192.168.43.232

Esecuzione di Ping 192.168.43.232 con 32 byte di dati:
Risposta da 192.168.1.65: Host di destinazione non raggiungibile.
Risposta da 192.168.1.65: Host di destinazione non raggiungibile.
Risposta da 192.168.1.65: Host di destinazione non raggiungibile.
Risposta da 192.168.1.65: Host di destinazione non raggiungibile.

Statistiche Ping per 192.168.43.232:
    Pacchetti: Trasmessi = 4, Ricevuti = 4,
    Persi = 0 (0% persi),

C:\Users\Utente>ping 192.168.1.1

Esecuzione di Ping 192.168.1.1 con 32 byte di dati:
Risposta da 192.168.1.1: byte=32 durata<1ms TTL=64
Risposta da 192.168.1.1: byte=32 durata<1ms TTL=64

Statistiche Ping per 192.168.1.1:
    Pacchetti: Trasmessi = 2, Ricevuti = 2,
    Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
    Minimo = 0ms, Massimo =  0ms, Medio =  0ms
Control-C
^C
C:\Users\Utente>ping 192.168.43.85

Esecuzione di Ping 192.168.43.85 con 32 byte di dati:
Risposta da 192.168.1.65: Host di destinazione non raggiungibile.
Risposta da 192.168.1.65: Host di destinazione non raggiungibile.
Risposta da 192.168.1.65: Host di destinazione non raggiungibile.
Risposta da 192.168.1.65: Host di destinazione non raggiungibile.

Statistiche Ping per 192.168.43.85:
    Pacchetti: Trasmessi = 4, Ricevuti = 4,
    Persi = 0 (0% persi),

C:\Users\Utente>

i don't understand this network conflict. maybe is the master wifi "LEDE" the problem? when i joined the HUAWEI client network (lan2) i didn't flag the option "replace wireless configuration"

these are LEDE routes

best regards

I would start from scratch, because the relay client guide you were following was broken later. I would follow following video guide: https://www.youtube.com/watch?v=1vsPz_aLZeE
The principle is same as wifi extender. This one is configured via Luci.

hi kukulo,

thank you for the support

i don't belive than a wifi extender is what i want. really i don't know why it doesn't work

i have a modem, with a host ethernet connected. after connecting the modem to an other wifi network and after making a bridge the modem has to connect the host to the wifi network. the subnet masks are opened..it has to work..it should be simple

Is there any other .43 network other than these two devices?

If not, you're only using the .43.1 device as a source of Internet and logging into it directly, you can treat it as a regular WAN device and put it on the WAN side of the firewall. I'm assuming the .43.1 machine is a Windows box with Internet Connection Sharing enabled. To use other services on it from that port, the firewall on the .43.1 machine likely needs to be altered-- that is beyond the scope of this forum.

If there are other .43.X devices that you want to reach from the other side of your OpenWrt router it gets more complicated.

Relayd works by forwarding DHCP requests upstream and also mangling ARP traffic to make it look like the network is extended via the router at layer 2. In the relayd scenario, the endpoint client will have an IP on the .43.X network not .1.X. Relayd is not a very good solution and should be avoided if there is another way.

True symmetric routing between two subnets requires installing a return route on the other box, the .43.1 of 192.168.1.0/24 via 192.168.43.177. Otherwise the network will not work because the .43.1 router only has a default route of anything other than 192.168.43.0/24 goes to the Internet. So replies to packets with a foreign IP arriving on another interface won't be routed back properly. Since the .43.1 box is not OpenWrt that is also outside the scope of this forum.

Note that pinging 192.168.43.1 from the OpenWrt box works, because the packets are sent from the wwan port with a .43 IP and return to there directly.

Hi mk24,

thank you for the reply

no, there isn't any other .43 subnetwork. it is the hotspot network of my smartphone.

now i try to configure the firewall or the route of the third device

best regards

Use the default firewall which NATs to the wan. Put the phone in the wan zone. This will give you basic Internet access through the phone, it's called a routed client.

2 Likes