Help forwarding between zones. Wifi-routed client

Installing and Using OpenWrt Network and Wireless Configuration
1

This is my first post in this forum. I will be brief.

I need help setting up firewall forwarding between zones.

My current network setup consists in:

  • A main router which provides access to the internet. Subnet: 192.168.1.x
  • An OpenWRT router as a wireless client connected to the main router, provinding internet access to LAN devices. Subnet: 192.168.2.x

By default, I can access all IPs of the main router(and internet) from my OWRT LAN devices. However, all connections from the main router to any IP of OWRT (including the router itself) subnet cannot reach their destinations.

My purpose is to allow any connection from the main router and the OWRT, and viceversa. With internet access at the same time. If it is possible, it would be good to access my OWRT router only from LAN (physical access to the router).

BEWARE: I am not bridging the two routers over WiFi. I need my OpenWRT LAN to be in a different subnet.

Below is a diagram of what is going on.

                                                                                           
-                                                                                          
    +-------------------------------+              -                                       
    |                               |                                                      
    |      INTERNET                 |                                                      
    +-------------------------------+                                                      
                 |     ^                                                                   
                 |     |                                                                   
                 v     |                                                                   
         +---------------------+                                                           
         |   MAIN ROUTER       |      ALLOWED             +-------------------------------+
         |   192.168.1.1       | <----------------------- |       OWRT ROUTER             |
         +---------------------+                          | 192.168.1.137 / 192.168.2.1   |
                ^  |     ------------------------------>  +-------------------------------+
                |  |               NOT ALLOWED                      ^                 |    
                |  |            (I want to allow this)              |                 |    
                |  |                                                |                 |    
                |  |                                                |                 |    
                |  v                                                |                 v    
             +------------------+                                 +---------------------+  
             |      DEV 1       |                                 |      DEVICE 2       |  
             | 192.168.1.123    |                                 | 192.168.2.149       |  
             +------------------+                                 +---------------------+

Hope you understood.

Thanks.

2

On the main router you need to add a static route for 192.168.2.0/24 via 192.168.1.137.
On OpenWrt you need to allow wan->lan forwarding.
It is also quite possible that the firewall on main router will block the asymmetric routing as invalid, so keep that in mind as well to allow it.

1 Like
3

One more thing that needs to be done on openwrt - turn off masquerading on the wan firewall zone (or whichever zone is being used for the uplink). This will only work if the main router supports static routes as discussed by @trendy.

1 Like