Configuring OpenWrt Router Behind Primary Router

I've been having severe internet dropout issues on the network using this configuration:


So I reconfigured the network today as follows:

DD-WRT is serving DHCP between 192.168.1.100 and 192.168.1.150

OpenWrt has DCHP disabled on LAN


In this configuration, with the AC-1750 connected to the DIR-601 through its WAN port, the laptops connected to the LAN ports have no internet access. If I connect upstream using a LAN port (effectively using the device as a switch) the laptops get access.

I'd like to have my laptops isolated from the rest of the network.
How must I configure OpenWrt so that I have internet through the WAN port?

How is your firewall configured ?
You are needing NAT to be activated with the "Masquerading" option !
Why have you no gateway sets on your DDRT ?

On OpenWrt or DD-WRT?

I don't understand many things about networking. One of these is why devices behind a downstream NAT router can't see the internet connection on the upstream router. If a NAT router is expecting DHCP on its WAN port then what does it matter if it's downstream of a modem or another NAT router?

There are two ways to go about this. The first one is to make the downstream router a bridge so there is only one network. In other words the downstream router will not be routing, it will work like a switch. This can include converting from wired to wifi, which is a so-called "dumb AP".

The other approach is to have the downstream router do actual routing. There are advantages and disadvantages to that:

  • A firewall can be placed between the networks.
  • A wireless (AP-STA) link can be used as the link to upstream instead of a wired connection.
  • As the networks get larger, broadcast packets (such as DHCP requests) will be isolated to reduce congestion.
    • Discovery of printers and other services on the other network via broadcast packets won't work.

For NAT or any routing to work the IP subnets on the two sides need to be different. The OpenWrt router should be configured to use 192.168.2.1/24 for example. Then it will obtain a 192.168.1.X IP from the dd-wrt router on its WAN side and NAT Internet requests from anyone on its LAN into the upstream network. DHCP for the 192.168.2.1 network will be served from OpenWrt.

If the upstream router is made aware of the 192.168.2.0/24 network by placing a static route in its routing table, then it isn't necessary for the downstream router to NAT. NAT makes all users of the 192.168.2 network look like a single device (the router) to the 192.168.1. network with a 192.168.1 IP.

1 Like

Are NAT and Masquerading not the same thing?

They are the same thing.

That was the problem! They were both 192.168.1.0/24.
I gave the downstream router an IP of 192.168.2.1 and turned DHCP back on and now it seems to be working with the WAN port connected upstream.
I thought that turning off DCHP on the downstream router would nullify this but clearly my intuition on this matter could use some refinement.

This is primarily why I want to keep the networks separate. I don't want something the kids downloaded to interrupt my workday or workweek.

I've got cables running where I need them so this is moot (right?).

Hardly a concern on this network.

I suppose I can always configure something in the router to enable me to use a printer on the other subnet, or I can simply hop onto the house WiFi for a moment because that's where the printer lives.

Yeah, I need to learn about routing tables.

I might still try this.

Looking at your network diagram, I can't help but think that it might benefit from some simplification. Don't get me wrong, a complex network is totally fine if that is the intent, but I wonder if you are actually working with a network topology that achieves your goals. The diagram is extremely useful, but reveals that you may have multiple subnetworks that may or may not really be intended.

That said, if you are so inclined, come up with a list of goals of how your network should behave (are certain things supposed to be isolated from others? some things limited? certain things shared? or do you want a simple/flat network where common resources are easily shared?, etc.). OpenWrt has a lot of capabilities and gives you an excellent platform to learn all things networking, but it is best to really define the desired functional characteristics of the network so that you can achieve that as efficiently as possible.

The network layout is still in flux as I still have plans to pull more cable throughout the house, and I have yet to find an OpenWRT router that doesn't drop the connection (not that I've been trying too hard lately) but the basic requirement is for my computers to be on a separate subnet than the household WiFi, with routes established as required for printers, etc.

I would highly recommend making VLANs on your OpenWrt router and using all of the other routers as dumb aps/switches.

Why is this?

Also, right now I have yet to decide on the hardware for my next OpenWRT router. My AC1750 was failing in the task and in the meantime I'm using the Mercku base station for primary NAT duties.

Simplicity, all the routing happens on a single router so no misconfig between multiple routers etc. Also OpenWrt has a lot of tools that DD might not have

1 Like