I have two OpenWrt routers. Let's call them A and B. They both have the same /etc/config/network configuration (with different IPs on int and int2):
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd82:87e2:dd94::/48'
config interface 'wan'
option ifname 'eth0'
option proto 'dhcp'
config interface 'int'
option ifname 'eth1'
option proto 'static'
option ipaddr '172.16.1.10'
option netmask '255.255.255.0'
config interface 'int2'
option ifname 'eth2'
option proto 'static'
option ipaddr '192.168.10.1'
option netmask '255.255.255.0'
Interface wan allows Internet access, int is the interface that connects to router B physically and int2 corresponds to the client's network (it is the gateway for client stations).
On the /etc/config/firewall file, router A has the following configuration, which allows it to forward traffic from interface int2 to wan (so client's can have Internet access):
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
list network 'wan6'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config zone
option name int2
list network 'int2'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name int
list network 'int'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config forwarding
option src wan
option dest int2
config forwarding
option src int2
option dest wan
Now, I was trying to make an "experiment" where, in router A, I would forward client's traffic from int2 to int, conducting it to router B and once on router B, it will forward it to the Internet (while still forwarding its own clients' traffic to the Internet).
To make this possible, I updated the previous forward configuration lines in the /etc/config/firewall file in router A to:
config forwarding
option src int
option dest int2
config forwarding
option src int2
option dest int
so that the traffic would be redirected to router B. And in router B:
config forwarding
option src wan
option dest int2
config forwarding
option src int2
option dest wan
config forwarding
option src int
option dest wan
config forwarding
option src wan
option dest int
However, this setup is not working and A's clients cannot access Internet through router B, and I don't understand why. Do I need an extra firewall configuration?
When I tcpdump -i eth2
in router A it shows the clients traffic, but when I do tcpdump -i eth1
, no traffic is displayed.