Devices on modem cannot see devices on OpenWrt router

Hey fellas,

Is it possible for devices on modem (lan 192.168.1.) view devices on openwrt router (wan 192.168.2.)?

.... or make sure all clients connect via the openwrt device.

1 Like

I dont want that. Is there a solution so that devices will can see each other?

This is not an option.

Depends on your definition of see each other.

1 Like

I want to ping a device which has the ip from another device

What is the purpose of your OpenWrt router? Why is a dumb AP configuration not acceptable?

1 Like

Is this the only requirement?
Make a hole in the firewall.

Are you sure about the IPS in your 1st post?

Openwrt device's WAN IP should generally be in the same subnet as the modem's LAN.

Well yes i want to make a hole in the firewall for a specific device. The IPs are an example. So i should make the WAN IP the same as LAN IP?

The purpose of my OpenWrt router is botnet isolation but i want some local services.

  • Add a firewall forwarding from WAN to LAN zone.
  • Add a static route on the modem to the OpenWrt subnet.

Where are the botnets or other untrusted devices? On the internet as a whole, or are you trying to keep IoT or other untrusted local devices from reaching your important/trusted devices?

OpenWrt router has the untrusted devices and guest WiFi. Guest WiFi is isolated on a Vlan. I want to see some of those devices for local services like cameras.

You will need to turn off masquerading on the OpenWrt device. You'll then need to setup static routes on both routers, and finally firewall rules to specifically allow and prohibit the traffic as desired.

You may actually find it easier to connect all of your devices to the OpenWrt router. To do this, you would add a trusted network into the OpenWrt config and use that instead of your modem/router combo unit's network. Ideally, you'd set your modem into bridge mode and then it would act purely as a modem and your OpenWrt router would handle all of the routing for the entire network. Even if you can't do that, you can still do it by simply using a double-NAT configuration.

1 Like

I will try it thank you!