Firewall config between sub-nets

I installed my first OpenWRT last month, I thought it was interesting to install it on another router that I also have, to have a unique interface for both.
The only thing I'm struggling with is the firewall configuration, which I understand, but very primarily.
My problem is connecting two subnets that I have in the company and that cannot communicate in 99% of the cases.
I need to manage both, regardless of which subnet I find myself on.
My structure is a modem/router from the provider that is connected to the internet. It has the LAN IP
My two subnets (each of OpenWRT) are LAN and LAN,.
Both are connected to the modem/router and have been assigned WAN IPs and
From both subnets I can access the Internet without any problems.
I can also, from each of the subnets, ping the router of the other subnet.
But I can't access the web interface from one subnet to the other.
I know that the problem is in the configuration of the firewall rules, but I have already made several unsuccessful attempts.
Got a case, but opening all IPs and ports from one network to another.
But I can't release everything. I need it to be restricted to OpenWRT IPs only.
Since pinging between subnets works, I believe I don't need to do anything on the provider's modem/router firewall.
Can someone help me.

I assume you ping the WAN IP addresses.
Create a traffic rule in both routers.
If the network is not trusted, you can specify the WAN IP of the other router in each rule.

Thanks for your response @pavelgl.
I tried it but no response too.
Is there a way to catch packet’s arriving WAN, and if so, why they are rejected?
I made a test too, connected on wifi of modem/router directly, without success.

What is the installed version of OpenWrt? I need to know if the firewall is based on iptables or nftables.

Try the rules without specifying source IP address.

I configured exactly as you suggested, without source address.
I’m using 21.02.3

SSH into the router and post the output of:

iptables -nvL zone_wan_input

I found the problem.
I don’t know how, but the the rule i typed i, was defined as reject.
After correcting the error, now it is working.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.