Creating Static Route for Home network

My networking routing skills appear to be a bit rusty. I want to create a very simple static route, and so far I can not get it to work.

All devices on the can ping and access all devices on, but the reverse is not true. Devices on can not ping or access any devices on

A simple static route on the OpenWRT router should fix the problem, but so far I have not been successful. Clearly I am not creating the static route correctly using the OpenWRT UI

Using OpenWrt 18.06.2 r7676-cddd7b4c77 / LuCI openwrt-18.06 branch (git-19.020.41695-6f6641d)

All suggestions are welcome.

Plain routing requires you to disable NAT on Netgear router.
If it's not possible, then you can try to disable DHCP on Netgear router and use its LAN-port to connect to OpenWrt router effectively converting Netgear router to a switch.


Building on what @vgaetera said, if you are interested in having 2 independent networks with specific rules that control inter-network connectivity, take a look at implementing VLANs on your openwrt router instead of cascading two routers like your current configuration.

Thanks.... Yeah, I really don't need routing. I can get the everything to work by turning the Netgear router into a Access Point and then have every device be on a single network. I recently added the Netgear router and the small project has turned into learning exercise about routing. In other words the is no reason I shouldn't be able to get routing to work, and I want learn how to make it work even though there is an easier, and probably better way network design.

Just to make it clear, it won't work until you disable NAT on Netgear router.
Though you can bypass NAT via VPN, in your case it would be unreasonable.

I accept that you're correct. Why does NAT need to be removed?

Isn't NAT required if any of the devices need to access the internet? Technically my internet IP is for all devices on my home network.


We are discussing NAT on Netgear router.
Obviously NAT on OpenWrt router should be preserved.

Actually it isn't NAT on the Netgear router that blocks inbound requests from, it's a firewall. Using NAT for outbound requests on a router while allowing incoming requests from the outside ( directly to the inside ( is completely doable, if the router supports that configuration which might not be the case on a home router.

If you just allow forwarding without disabling NAT, then connecting to one host you will get reply from another.
Which protocols can handle it without specific tuning?

Shouldn't that be handled by a state-ful connection tracker, which I think is a requirement for NAT? It shouldn't apply NAT on the reply if it wasn't applied to the request. But I don't know how Netgear R6400v2 would handle such connections. It should work with a state-full firewall and the connection tracker in Linux any way.

@nrnoble -

Assuming your goal is to use the Netgear router as a switch and AP (making all the clients part of the same network as those on the other half of the drawing), the simplest approach is to simply turn the Netgear into a dumb AP. How you do this depends on the details of the Netgear firmware, but simply put you can do the following and get it to work (all of this on the Netgear device):

  1. Set the LAN IP address to something in the range that is not currently being used by any other devices and that is outside the DHCP server range on the OpenWrt router.
  2. Disable the DHCP server
  3. Connect the Netgear router to the main (OpenWrt) router LAN-to-LAN (don't use the WAN port on the Netgear).

At that point, the Netgear will just be an AP and a switch, and the devices connected to it will be part of your regular network (

If you want to do routing as a learning exercise, the issue you'll have is that your Netgear firmware probably doesn't have options to do non-masqueraded NAT and may or may not have the ability to disable the firewall. Fundamentally, routing networks like this isn't that hard, but if you have a masquerading on the WAN port, it gets much more challenging. OpenWrt and other non-consumer type router environments will often allow you to disable masquerading, but typically not the OEM firmware on consumer devices.