Failed to connect two subnets

Español:

Buenas!,

Tal vez no sea el sitio adecuado, pero ando algo perdido y sé que alguno de ustedes veréis esto más fácil que yo.

Tengo una maquina con openWRP x86 en ella tengo eth0 y wlan0, eth0 es la que está conectado a mi moden/router y el Wifi es la que me da acceso a Wifi a mis dispositivos, intento detallarlo.

Internet ---> moden/router (Gateway 192.168.1.1) ---> OpenWRP - eth0(192.168.1.80) y wlan(192.168.3.1)

Los dispositivos se conectan mediante WIFI a openWRP correctamente y le da Ips por ejemplo 192.168.3.109, 192.168.3.55, etc sin problemas, pero estos dispositivos no tienen internet, ya sea por nombre de dominio o IP de dominio, cabe decir que la máquina de Openwrp si tiene internet.

Básicamente lo que sucede es que los paquetes se quedan en la máquina de OpenWRP y se necesita un route para especificarle que los paquetes salgan por eth0

Pues bien, intento de todo y no puedo solucionar el problema, llevo ya varios días dándome golpes contra el teclado y necesito algo de luz. Se que no tiene nada que ver con docker pero por si alguien puede echarme una mano, si no siento las molestias, muchas gracias!

Dejo las salidas de route, ip route list y ifconfig

Gracias de nuevo!!

Saludos,


Automatic translation

Good!,

It may not be the right place, but I'm a bit lost and I know that some of you will see this easier than me.

I have a machine with openWRP x86 on it, I have eth0 and wlan0, eth0 is the one that is connected to my modem / router and the Wifi is the one that gives me access to Wifi to my devices, I try to detail it.

Internet ---> moden / router (Gateway 192.168.1.1) ---> OpenWRP - eth0 (192.168.1.80) and wlan (192.168.3.1)

The devices connect via WIFI to openWRP correctly and it gives Ips for example 192.168.3.109, 192.168.3.55, etc. without problems, but these devices do not have internet, either by domain name or domain IP, it can be said that the machine from Openwrp if you have internet.

Basically what happens is that the packets stay in the OpenWRP machine and a route is needed to specify that the packets go out through eth0

Well, I try everything and I can not solve the problem, I have been banging against the keyboard for several days and I need some light. I know it has nothing to do with docker but in case someone can give me a hand, if I don't feel the inconvenience, thank you very much!

I leave the outputs of route, ip route list and ifconfig

Thanks again!!

Greetings,

1 Like

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
1 Like

Hi,
Thanks for answering. And installed but the exact same problem happens to me.

I leave the exits here.

Thank!!

Greetings,

/etc/config/network

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdb6:4327:7b81::/48'

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.1.25'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '192.168.1.1'
        option dns '8.8.8.8'
        option ifname 'eth0'

config interface 'wan'
        option ifname 'eth1'
        option proto 'dhcp'

config interface 'wan6'
        option ifname 'eth1'
        option proto 'dhcpv6'

config interface 'wlan0'
        option proto 'static'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'
        option gateway '192.168.2.1'
        option broadcast '192.168.2.255'

config route
        option interface 'lan'
        option target '0.0.0.0'
        option netmask '0.0.0.0'
        option gateway '192.168.1.1'

/etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'pci0000:00/0000:00:14.0/usb3/3-1/3-1:1.0'
        option htmode 'HT20'
        option country '00'
        option legacy_rates '1'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'psk2'
        option key '12345678'
        option network 'wlan0'

/etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option dhcpv6 'server'
        option ra 'server'
        option ra_management '1'
        option ignore '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'wlan0'
        option start '100'
        option leasetime '12h'
        option limit '150'
        option interface 'wlan0'

/etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan wan6'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'
1 Like
# Set up firewall zone
uci -q delete firewall.wlan
uci set firewall.wlan="zone"
uci set firewall.wlan.name="wlan"
uci set firewall.wlan.network="wlan0"
uci set firewall.wlan.input="ACCEPT"
uci set firewall.wlan.output="ACCEPT"
uci set firewall.wlan.forward="REJECT"

# Enable masquerading
uci set firewall.@zone[0].masq="1"
uci set firewall.@zone[0].mtu_fix="1"

# Add forwarding
uci -q delete firewall.wlan_lan
uci set firewall.wlan_lan="forwarding"
uci set firewall.wlan_lan.src="wlan"
uci set firewall.wlan_lan.dest="lan"
uci commit firewall
/etc/init.d/firewall enable
/etc/init.d/firewall restart

# Fix routing
uci -q delete network.wlan0.gateway
uci -q delete network.@route[0]
uci commit network
/etc/init.d/network restart
2 Likes

@vgaetera

This is fantastic!! It works perfect!! I do not understand all the steps well.

You are a real crack!

Thank you!

2 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.