Creating an Interface to access a Cascading (LAN to LAN) Router

I want to make an Interface to access a Cascading (LAN to LAN) router (below as R1).
My setup is as follows:

All I want is to have access to R1's GUI from my PC.

PS: I have succesfully created an Interface for my Modem (which is also in a different subnet) but I can't do the same for R1.

If you want to create a LAN-to-LAN connection, that means that R1 must be on the the same subnet ( as your OpenWrt router.

I understand the physical goal of your network configuration, but can you explain why you want to do this? Why do you want to have R1 in the system (what functionality does it provide)?

1 Like

As @psherman said, if you want them LAN to LAN then they should be on the same subnet (I world stick to the default of for OpenWrt though, and make R1, but this is only a personal preference). You would also want to disable DHCP server on one of them, usually the second one but doesn't have to be it. In LAN to LAN setup you have access or of the box unless you changed something with VLANs etc.

If you meant LAN to WAN, as your IP suggests then you would need to handle that on R1, as its firewall works typically block access from the WAN side unless you allow it.

A side note: it appears that you misplaced the PPPoE text on the OpenWrt router.

1 Like

R1 features a special tool for PS4/XBOX matchmaking (Geofilter) that filters a region for the possible clients.
My goal is to combine OpenWRT's QOS with this tool.
Furthermore 192.168.88.x is locked and cannot be changed.
@Hegabo PPoE is on the OpenWRT router the pic is accurate.

This is a good starting point and I appreciate your advice but It feels akward I have to change the entire LAN to 192.168.88.x because of this box.

You could create a VLAN on your OpenWrt box. Give that VLAN a static IP (such as, assuming that is not taken and not part of the DHCP range for that network). Make sure you do not enable a DHCP server on that network. Create a new firewall zone for it, and then allow forwarding from the LAN firewall zone to the the new zone.

EDIT: Should have mentioned that you'll want to assign one port of the switch to be untagged for the new VLAN (and off for the others), and then use that port for connecting LAN - LAN between the routers.

Well, I haven't heard of PPoE before, and it doesn't look like there is such thing.

If you meant PPPoE (Point to Point Protocol over Ethernet) then that should be at the other end of the OpenWrt router (modem side).

Or did you possibly mean PoE (Power over Ethernet)?

What keeps you from just entering from your browser as is?

Also, people often get confused about this. An IP address doesn't belong to a machine, it belongs to a network interface. Any router must (by definition of the fact that it's a router) have at least 2 network interfaces and at least 2 IP addresses (one for each network it's routing between).

It could be useful to put all the IP addresses associated with each machine on your diagram, in which case it will become more obvious what to do I think.

From the diagram, I am pretty sure that the Playstation is double NAT'd. The issue is that the network is the LAN of R1, but the WAN of that device is connected to the network The PC sits on the .2.0/24 network as well, and the firewall of R1 prevents access to the router admin page.

But, with that said, it may be possible to set R1 to allow remote administration via the WAN. Normally this would be a bad idea, but since R1's WAN is actually part of the OpenWrt network, there is no security issue there.

@Sgt_Greco - check the admin page of R1 to see if there is a remote admin option, or if you can adjust firewall rules such that you can enable access from the WAN. Then you would just type in the address of R1 as it appears on the subnet.

Yeah, turn off NAT on the R1 as well. There is no value in doing NAT there.

In almost every circumstance, I would agree about this. However, according to the OP, it appears that the router performs some functions that affect geofiltering (bypassing geofilters? Maybe it is a VPN or some other tunneling technique; I don't really know since I don't have any interest in video games). But regardless, I think that the traffic must be routed through R1, so I think that the NAT is important here (strictly speaking, a router can still route without NAT, but practically speaking turning off NAT turns the device into as switch).

1 Like

I am not sure what the purpose is either but I suspect it may do something like serve special DNS records so that the game server with the smallest ping is always chosen by the PlayStation or it may firewall certain "bad" servers so the PlayStation gives up trying to connect to them and chooses a "good" one...

those kinds of functions don't require NAT. in fact routing without NAT is the norm, NAT is a hack. the R1 device doesn't become a switch, it still likely provides DHCP and DNS and possibly QoS to the gaming machine... turn off the NAT. Most likely the OpenWrt machine will need a static route so it can know where to send packets destined for

1 Like

This is true on both accounts. But if you think of stock firmware for pretty much any consumer router, I don't think there is a way to disable NAT. We know that we can disable NAT via the masquerading option in OpenWrt, but there are many firmware releases that probably don't have an accessible switch to turn on/off masquerading. We don't know what firmware is on the R1 device and we don't know if NAT can be disabled directly on that firmware.


true enough, disable it if possible without compromising the special sauce

1 Like

Wouldn't there still be a firewall between the upstream and downstream?

Wow tons of info. Can't thank you enough .

First off I've updated the OP pic with my IP addresses as I've installed a fresh 19.07

I'll try to reply to each post. Bear with me my Network knowledge is very limited.

Is this OK? How do I give VLAN a Static IP? Through an new Interface?

Yes. I also used to be confused but now I know better. I tried entering but it didn't work the same work it did with my modem (OP pic) . Don't know why. Maybe because Modem-OPENWRT
is WAN-LAN and I created a correct Interface and OpenWRT-R1 is LAN-LAN. Or maybe because R1 was blocking me. I'm on it.

OK, it's PPPoE my bad.

Is this of any help?

Double NAT is at the back of my mind and it's a big problem indeed, but for now I'm just trying to access R1 via my PC. If it occurs I'll deal with it later.

I'm afraid there is no such option. Misc settings are as the picture I posted above.
WAN settings are as picture below.

Once again, you guys are awesome :slight_smile:

Try undoing your vlan setting for the moment. Then enable the option for admin access from the wan. From there, figure out the wan address of the r1 unit (it will be in the network - if you don’t know what it is, you can look at the openwrt dhcp lease page or maybe on a status page of the r1 device). That should do what you want.

1 Like

So I figured it out.
This is R1's GUI .

but unfortunatelly double NAT (2 internal IPs in the first two hops)

Should I DMZ from OpenWRT and how can I do it?
Or is there an easier way to resolve this?

I honestly don't know what you should do. DMZ may not really affect much unless the R1 router is opening ports (i.e. for inbound connections). My guess is that it shouldn't be necessary, based on the fact that you never said your gameplay was problematic. Your original request was just to have access to the admin page of the R1 device -- so enabling the remote admin feature should provide that capability.

@psherman. Thanks for your replies. Networking isn't my thing obviously. I appreciate your time and advices .