Devices on modem cannot see devices on OpenWrt router

sasegox93 · October 16, 2021, 12:40pm

Hey fellas,

Is it possible for devices on modem (lan 192.168.1.) view devices on openwrt router (wan 192.168.2.)?

vgaetera · October 16, 2021, 1:00pm

frollic · October 16, 2021, 1:33pm

.... or make sure all clients connect via the openwrt device.

sasegox93 · October 16, 2021, 9:25pm

I dont want that. Is there a solution so that devices will can see each other?

sasegox93 · October 16, 2021, 9:28pm

This is not an option.

frollic · October 16, 2021, 9:30pm

Depends on your definition of see each other.

sasegox93 · October 16, 2021, 9:34pm

I want to ping a device which has the ip 192.168.1.6 from another device 192.168.2.18

psherman · October 16, 2021, 9:42pm

What is the purpose of your OpenWrt router? Why is a dumb AP configuration not acceptable?

frollic · October 16, 2021, 9:42pm

Is this the only requirement?
Make a hole in the firewall.

Are you sure about the IPS in your 1st post?

Openwrt device's WAN IP should generally be in the same subnet as the modem's LAN.

sasegox93 · October 16, 2021, 9:46pm

Well yes i want to make a hole in the firewall for a specific device. The IPs are an example. So i should make the WAN IP the same as LAN IP?

The purpose of my OpenWrt router is botnet isolation but i want some local services.

vgaetera · October 16, 2021, 9:48pm

Add a firewall forwarding from WAN to LAN zone.
Add a static route on the modem to the OpenWrt subnet.

psherman · October 16, 2021, 9:50pm

Where are the botnets or other untrusted devices? On the internet as a whole, or are you trying to keep IoT or other untrusted local devices from reaching your important/trusted devices?

sasegox93 · October 16, 2021, 9:53pm

OpenWrt router has the untrusted devices and guest WiFi. Guest WiFi is isolated on a Vlan. I want to see some of those devices for local services like cameras.

psherman · October 16, 2021, 11:36pm

You will need to turn off masquerading on the OpenWrt device. You'll then need to setup static routes on both routers, and finally firewall rules to specifically allow and prohibit the traffic as desired.

You may actually find it easier to connect all of your devices to the OpenWrt router. To do this, you would add a trusted network into the OpenWrt config and use that instead of your modem/router combo unit's network. Ideally, you'd set your modem into bridge mode and then it would act purely as a modem and your OpenWrt router would handle all of the routing for the entire network. Even if you can't do that, you can still do it by simply using a double-NAT configuration.

sasegox93 · October 17, 2021, 7:16am

I will try it thank you!