[FR/EN] Problems communications between the routers/computer

hi everyone,

First, sorry for my bad english.

EDIT 1 : i changed my address : 128.0.0.0/11 => 10.0.0.0/8

Capture

I want :

  1. Create 2 network (here : 192.168.1.0/24 and 128.0.0.0/11)
  2. Communicated between him ( 192 -> 128 and 128 -> 192)
  3. to have ethernet on all machine

I have :

  1. Openwrt Reboot (17.01.4, r3560-79f57e422d) on Router Netgear
  2. Create différent interface "Lan/wan" on router
cat /etc/config/network

config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fde2:fc06:5698::/48'

config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option proto 'static'
option ip6assign '60'
option ipaddr '128.0.0.1'
option netmask '255.224.0.0'

config interface 'wan'
option ifname 'eth1'
option _orig_ifname 'eth1'
option _orig_bridge 'false'
option proto 'static'
option ipaddr '192.168.1.100'
option netmask '255.255.255.0'
option gateway '192.168.1.254'
option dns '192.168.1.254'

config interface 'wan6'
option ifname 'eth1'
option proto 'dhcpv6'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
option blinkrate '2'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 5'

config switch_port
option device 'switch0'
option port '1'
option led '6'

config switch_port
option device 'switch0'
option port '2'
option led '9'

config switch_port
option device 'switch0'
option port '5'
option led '2'

config route
option interface 'lan'
option target '0.0.0.0'
option netmask '0.0.0.0'
option gateway '192.168.1.100'

  1. I see on other topic, how add a route. So i try
    eth0 "lan" 0.0.0.0 | 0.0.0.0 | 192.168.1.100 | 1500 | local or unicast
    i think that very bad ^^
  2. same to firewall (if i disable Masquerading, cant connect the true WAN (http ...))
cat /etc/config/firewall

config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'

config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'

config zone
option name 'wan'
option output 'ACCEPT'
option network 'wan wan6'
option input 'ACCEPT'
option forward 'ACCEPT'
option masq '1'

config forwarding
option src 'lan'
option dest 'wan'

config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'

config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'

config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'

config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'

config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'

config include
option path '/etc/firewall.user'

  1. I can ping with machine 128.20.0.1 to 192.168.1.80 (other machine). But when i use the command tracert he jump directly 192.168.1.80 without going per the routeur BBox (192.168.1.254). It's normal ?

tracert 192.168.1.80

Détermination de l’itinéraire vers 192.168.1.80 avec un maximum de 30 sauts.

1 <1 ms <1 ms <1 ms LEDE.lan [128.0.0.1]
2 2 ms 2 ms 3 ms 192.168.1.80

i think 128.0.0.1 (R netgeart) to go 192.168.1.254 (R bbox) and finish by 192.168.1.80.

But reverse is not functional : to 192.168.1.80 => 128.20.0.1 or 128.0.0.1 i can't ping ....
I sure it's cause my router bbox (Internet provider), because i have just options 33 (static routing table) and 131 (classless static route option) DHCP.

Config ethernet static

128.20.0.1
255.224.0.0
128.0.0.1
DNS 192.168.1.254

192.168.1.80
255.255.255.0
192.168.1.254
DNS 192.168.1.254

So how i do communicate all computer between her ?

I think I said everything.

Again sorry for my english :slight_smile:

Thank you so mush.
Darck

You must not use public IP-range for your network, only private one:

1 Like

Hum ... i dont see that !
I have change my adresse IP. 128.0.0.0/11 => 10.0.0.0/8

But the problem persist.
I can use internet, ping all router, computer with my subnet 10.0.0.0/8 but with my 192.168.1.0/24 cant ping the other subnet (10.0.0.0/8) and i have internet.

i dont focus where is the problem. It's my router (bbox) or my config openwrt (maybe ...) or both ?

Thank you

  1. Remove masquerading from WAN-zone:
  1. Add route to network 10.0.0.0/8 through 192.168.1.100 to gateway FAI/bbox.
  2. Remove redundant route from router Netgear:

The bbox router will need a static route to 128.20.0.0/11.

Hi,

@vgeatera

  1. Remove masquerading

Capture02

  1. Add route
    If i understand, i need add route on the bbox router ? (not on netgear ?)
    i delete all route on netgear

Capture03

I have just 2 options on the router bbox :
Capture05
with help : https://ercpe.de/blog/advanced-dhcp-options-pushing-static-routes-to-clients

I do : 08:A0:00:00:00:C0:A8:01:64 on option 121 and delete 33 (useless)

08 : mask
A0:00:00:00 : Dest
C0:A8:01:64 : Router

Problems

The IP address 192.168.1.x/24 cant access WAN now (before yes) and cant ping 10.0.0.0/8
The ip address 10.0.0.0/8 can always not access wan (but if i enable masquerading i can !!)

i so so sorry i very bad .....

thank you for everything

EDIT 1 : with my config, i lost dhcp bbox. so i config static ip for computer (in 192.162.1.0/24)
i can access wan for both network (if i enable masquerading on netrgear)

but same problème, i cant ping 192 => 10

Pushing the route as DHCP-option is most likely not going to work, because that method has too many conditions/limitations.
And the main point is FAI/bbox should see the route, not only DHCP-clients.
Otherwise things will become complicated.


I do not have a manual for FAI/bbox.
It should be something like:

Administration > Network > Routes > Add static route:
Network: 10.0.0.0
Mask: 255.0.0.0
Gateway: 192.168.1.100

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.