Double NAT/Firewall/Port Forward Problem

My OpenWRT router/modem, that I tried to make into only a modem, is connected to my default OS Asus router that I want setup for all wireless connected devices. So far I have given WAN and LAN separate IP's and via static lease assigned my Asus router to be the DHCP server and turned off DHCP for the br-lan interface in the modem. However, I have not yet turned off the modem firewall and port forwarded everything to my router because, to be frank, I don't know the proper way to do it. Also, I have a double NAT issue that I can't resolve. I tried turning masquerading off on the WAN side of the openWRT modem but that just cut the internet off. Does anyone have any idea on how to fix the double NAT and/or any advice on the port forward/firewall settings?

Does your asus router allow you to disable masquerading on the wan?

I can turn off NAT on the ASUS router, but in terms of a “masquerading” option I don’t see anything.

NAT may be the same thing... it's often called NAT Masquerading.

If you can do that, you'll set a static route on the OpenWrt side to route over to the network behind the Asus router... this way you can avoid double nat.

turning off NAT on the asus cut the internet

Did you add a static route on the OpenWrt router? That is required if you turn off nat on the asus.

I set the route and turned off NAT on the ASUS and still lost internet.

What is the IP address (from Openwrt's LAN) of the Asus (i.e. the Asus WAN)? And what is the address of the Asus lan?

The connection is connected like this: Asus(wan port) ----> Openwrt(lan port). The asus has 192.168.1.22 and the openwrt lan is the default 192.168.1.1 for now until I can get this working. Im assuming these are the IP's you are referring to.

Ok... and what is the Asus's lan network (subnet) or its address?

the asus lan is on a different subnet 192.168.12.xx

As it should be. Great!

So your route is 192.168.12.0/24 via 192.168.1.22
(if you're doing this with LuCI, you can select the interface as either unspecified or lan, route type unicast, target 192.168.12.0/24 and gateway 192.168.1.22)

ok perfect! Would I need to set the Asus Lan default gateway to point to a specific address or not?

I assume that the default route on the Asus will be 192.168.1.1 (i.e. the gateway on the wan interface).

Turned off NAT on the ASUS and its working solid so far. Is there any ssh commands or way to check if traffic is being solely routed through the ASUS router? Also, thank you for helping with that issue my friend, much appreciated!

You can do a traceroute from a device behind the Asus. You'll see a hop through the Asus then the OpenWrt router and then towards the internet.

But the Asus must be doing real routing since you've got a different subnet on the Asus lan than the OpenWrt lan.

Trace route checks out but after changing the gateway to the openwrt ip the connection keeps dropping for some reason

What exactly did you change? On what device? Can you show the exact place that you changed the gateway?

I changed the gateway in the Asus Router under its "LAN" settings ---> DHCP Server ---> Default Gateway. I just changed that portion to the Asus Router's WAN IP and the connection is stable so far. I will do my best to upload a screenshot of what I changed. Sorry for all the redactions ahead of time, I dont know what I can or can't share.

That should be what it was previously. Revert back. What you have done is basically a circular reference and won’t work.