Connecting two LANs (Verbinden von zwei Netzwerken)

Hallo

Ich hoffe ich bekomme hier auch deutsche Antworten. :wink:

Ich habe zwei Netzwerke mit je einem eigenen Internetzugang erfolgreich miteinander vernetzt (mit einem openwrt-TPlink-Router). Mit Routen komme ich auch von einem zum anderen Netzwerk. Das was nicht ganz korrekt funktioniert ich die Nutzung gegenseitig der Internetzugänge.

Vom Netzwerk, welches auf dem LAN-Anschluss des TP-Linkrouters steckt, funktioniert die Internetverbindung über das WAN-Netzwerk (Gateway und DNS der PC im LAN-Netz muss der von der LAN Netzwerkschnittstelle sein)

Wenn ich jedoch von der WAN aus den Internetzugang des LAN nutzen möchte werde ich immer wieder zurück ins WAN geschickt. Problem ist, das immer der Gateway der WAN-Schnittstelle genutzt wird.

Meine Frage wäre wie und wo kann ich einstellen des bei WAN zu LAN der Gateway der LAN-Schnittstelle genutzt wird?

Ich hoffe ich konnte deutlich machen was ich will.


Goggle translate:

I hope I get German answers here too. : wink:

I have successfully networked two networks with each other with their own internet access (with an openwrt TPlink router). With routes I can get from one network to another. What is not working completely correctly I am using each other's internet access.

From the network, which is plugged into the LAN connection of the TP link router, the Internet connection works via the WAN network (gateway and DNS of the PC in the LAN network must be that of the LAN network interface)

However, if I want to use the LAN's Internet access from the WAN, I am always sent back to the WAN. The problem is that the gateway of the WAN interface is always used.

My question would be how and where can I set the gateway of the LAN interface to be used with WAN to LAN?

I hope I could make it clear what I want.

cu HU

English, dude, English.

Or at least Google translate.

You need to explain this further, or create an image, because it doesn't make any sense :slight_smile:
Or explain what you'd like to achieve.

Nope, sorry it is not clear, a picture could say a thousand words.

But let me try to summarize as I understand it.

  1. You have two routers each with their own internet connection
  2. You want to use the internet of the "other" router

So questions is how/when do you want to use it.

  1. Do you want it being used in parallel (e.g. load balancing)?
  2. Do you just want to use it when the other one fails?

When you have 2 internet access connect to the same router this can be done with mwan3 (see below) having them on two routers that still can be possible but most likely need some extra work.

Hallo

Mir geht es nicht um Load balancing/failover.
Ich möcht durch einen manuellen Eintrag des Gateway und DNS auf den PC's, den Internetzugang des jeweiligen anderen Netzwerkes nutzen.

In eine Richtung funktioniert es ja.
Im Netzwerk, welches auf die LAN-Schnittstelle des "Bridge Routers" liegt, kann ich durch manuelle Einträge in Gateway und DNS den Internetzugang des Netzwerkes auf der WAN Schnittstelle des "Bridge Routers" nutzen.
Nur anders herum nicht.


Goggle Translate:

I'm not interested in load balancing / failover.
I would like to use the Internet access of the respective other network by manually entering the gateway and DNS on the PC.

It works in one direction.
In the network, which is on the LAN interface of the "Bridge Router", I can use the Internet access of the network on the WAN interface of the "Bridge Router" through manual entries in the gateway and DNS.
Only not the other way around.

Well, there appears to be a FW in between the left and the right side of the setup.

If you want to make it work, you either have to put everything on the same LAN, or start making holes in the FW.

1 Like

Which is logic as WAN to LAN would be blocked by the Firewall.
You would need to enable Masquerading from WAN to LAN. While to avoid confusion you might actually rename the Interfaces/firewall zone into LAN1 and LAN2 and then start with a whole new set of rules.

Hallo
Danke für die Antworten.
Siehe Firewall Screenshot im ersten Post. Masquerading ist korrekt

Die Routen funktionieren ja auch korrekt.

Das was ich festgestellt habe das über "pathping" (z.B. auf web.de) immer der Gateway des "WAN" von dem "openwrt Routers" genommen wird.
Wo kann ich einstellen das das Gateway der betreffenden Schnittstelle verwendet wird. (WAN oder LAN)

Goggle Translate:
Hello
Thanks for the answers.
See firewall screenshot in the first post . Masquerading is correct

The routes also work correctly.

What I found out that via "pathping" (e.g. on web.de) the gateway of the "WAN" is always taken from the "openwrt router".
Where can I set that the gateway of the relevant interface is used. (WAN or LAN)

We should have a 7-bit ASCII only rule. That'll show 'em! :man_facepalming:t5:

Well you basically would need to change the default Gateway of the Openwrt. The easiest way most likely will be to have a script that swap LAN/WAN on the openwrt router. You can use some uci cli commands for that.

To be honest I think it would still be easier to define the openwrt as your default gateway on your PC's and have it doing the WAN routing dynamically based on the mwan3 rules.

Google translate:
Obwohl die Namen nur ein "Hinweis" sind, kommen sie mit Standardverhalten.

Wollen Sie LAN-WAN-Dinge wie NAT, Firewall usw. in der zentralen Box?

Wann soll der Internetanschluss auf der rechten Seite genutzt werden?

And my original:
Although the names are just a "hint" they come with default behaviour.

Do you want LAN-WAN things like NAT, firewall, etc in the central box?

When do you want the internet connection on the right-side to be used?

Wenn ich es nach nochmaligem Lesen richtig verstanden habe, würdest du eine nicht filternde Verbindung (wie ein Kabel) zwischen die beiden Schalter legen oder alles in einen Schalter stecken.

Weisen Sie dann jeden Client-PC an, die IP-Adresse des einen oder anderen der Perimeter-Router als Gateway zu verwenden. Der Datenverkehr wird dann zu diesem Gerät und damit zu seiner Internetverbindung geleitet.

Das setzt voraus, dass sie sich im selben Subnetz befinden.

Verlassen Sie sich auf NAT im mittleren Gerät, damit die Dinge für verschiedene Subnetze funktionieren?

[If I got it right after reading it again, you would put a non-filtering connection (like a cable) between the two switches or plug everything into one switch.

Then instruct each client PC to use the IP address of one or the other of the perimeter routers as a gateway. The data traffic is then routed to this device and thus to its Internet connection.

This assumes that they are in the same subnet.

Do you rely on NAT in the middle device to make things work for different subnets?]

Hello

if required manuelly. E.g. when the traffic of a connection is used up or I need a faster upload

yes, but only the client I use, all other clients shouldn't

No
left 192.168.10.1/24
right 192.168.20.1/24

That seems to be the problem. The WAN network gateway is always used as the standard gateway.
How can I easily solve this with my Constellation. Firewall rule?
Or the mentioned script? How and where do I integrate this in openwrt

Still not 100% sure of the goal here, but wouldn't it be simpler to skip the router in the middle, and put the 2nd router as a 2nd WAN interface on each primary router?

Then reroute the traffic using mwan3, if the primary WAN goes down...

Or just one secondary, if the fail over is to happen only in one direction.

1 Like

No. I have two separate subnets

I don't want fail over or load balancing.
If necessary, I would like to manually redirect individual PCs to the other Internet access.

In that case, have all traffic bounce off the central router, allow or disallow cross traffic based on IP or mac in the fw.

Using that scenario, you wouldn't have to do anything on the client side, changes are made in the central unit.

Yes this could be handled with policy based routing in the main routers.

Or, to use the other ISP directly from an endpoint you can't just change the default route there. Since the default route is in another network, the endpoint needs to locally know the gateway to that network, which is the crossover router. For example for a PC on the left side to use the Internet via the right side ISP:
My IP : 192.168.10.X
Route to 192.168.20.0/24 via gateway 192.168.10.2 (crossover router)
Route to 0.0.0.0/0 via gateway 192.168.20.1 (right side main router)
Note that the left side main router isn't involved in this PC using the Internet except possibly for DNS.