Help with static route?

Dumping RelayD was a good tip. Thank you.

I've successfully created the static route/gateway pairing on my pfsense router (Router A.) I can now access Router B and Router C when connected to that the WiFi on Router A -- this was my goal and it's working!

But I can't make vice versa work. While connected to Router C, I'm not finding a route to Router A. It appears to be routing through the WAN interface when I do a tracert?

config interface 'lan'
        option ifname 'eth0'
        option proto 'static'
        option ipaddr '192.168.100.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option delegate '0'
        option multipath 'off'
        option ip4table 'lan'
        option macaddr 'dc:a6:32:c0:e6:21'
        option modalias 'of:NethernetT(null)Cbrcm,bcm2711-genet-v5Cbrcm,genet-v5'
        option metric '8'
        option label 'lan'
        option defaultroute '0'
        option peerdns '0'

config route
        option interface 'lan'
        option target '192.168.1.0/24'
        option netmask '255.255.255.0'
        option gateway '192.168.100.2'

It's worth noting that I'm running OpenMPTCPRouter on Router C -- if my rule above seems correct there must be something in it's settings that is routing this traffic?

Dumb user trying to modify the dumb ap lol!

OK now it appears to be routing through the correct gateway of Router B but not being forwarded from there -- do I need to bridge the two lan interfaces on Router B somehow?

Tracing route to 192.168.1.1 over a maximum of 30 hops

  1     2 ms     3 ms     2 ms  OpenMPTCProuter.lan [192.168.100.1]
  2     4 ms     1 ms     1 ms  192.168.100.2
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.

The firewall in B needs to allow forwarding. The easiest way to do that is to put both interfaces in the lan zone and make sure the default forward is accept.

1 Like

Thank you. They were both on LAN but thought changing default forward to accept would make it work but it did not. Any other ideas?

Post the configs to see how it looks like:

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
iptables-save -c; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru

Here is the output on my router C. There's a lot so hoping you don't mind viewing a pastebin.

I don't mind so much, although you could split it in 2 posts. The issue is that you are running OpenMPTCProuter distro, which is modified OpenWrt. I suppose this is router C.
The only weird thing I could see is the the mangle rule which marks the packets for the lan doesn't have any hits:
[0:0] -A omr-bypass -m set --match-set omr_dst_bypass_eth0 dst -j MARK --set-xmark 0x5398/0xffffffff

It should not be necessary to mark or mangle anything to make this work. Run route -n on all three routers to see their basic routing tables.

Router C:

root@OpenMPTCProuter:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.255.255.1    0.0.0.0         UG    0      0        0 tun0
0.0.0.0         10.255.255.1    0.0.0.0         UG    11     0        0 tun0
0.0.0.0         192.168.42.129  0.0.0.0         UG    16     0        0 usb0
10.255.255.1    0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.255.255.2    0.0.0.0         255.255.255.255 UH    11     0        0 tun0
23.237.137.237  192.168.42.129  255.255.255.255 UGH   0      0        0 usb0
127.0.0.0       0.0.0.0         255.0.0.0       U     7      0        0 lo
192.168.1.0     192.168.100.2   255.255.255.0   UG    0      0        0 eth0
192.168.42.0    0.0.0.0         255.255.255.0   U     16     0        0 usb0
192.168.42.0    0.0.0.0         255.255.255.0   U     18     0        0 usb1

Router B:

root@OCTOPUS:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan0
192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 br-lan

Post these commands from router B too.

Here's another pastebin for you. Thanks for helping me try to figure this out!

Delete the static route.
Other than that this device is alright. Verify that router A has a static route for 192.168.100.0/24 via 192.168.1.15.

Confirmed.

Sorry -- I added that just as a trial and error. It's been removed now.

Run a ping from router A to 192.168.100.1. Does it work?
If not, run tcpdump on router B tcpdump -i any -evn icmp , run again the ping from A to C and post the results.

Yes, from A->C works but not vice versa.

This looks like a firewall on router A.

Boy do I feel dumb. PFSense by default allows packets from known hosts in its subnet but did not allow packets outside of it's subnet. I've fixed that. Thank you so much for your patience!

1 Like

I've run into another issue -- when I connect to either of my openwrt routers from my main network -- the SSH session closes. There's nothing in the logs to indicate why and I've tried logging in with 'ssh -vvv -l root 192.168.50.2' it becomes unresponive after a few minutes (even if the session is active.) No error messages are displayed. Bitvise drops the connection but is able to reconnect immediately.

If I log into router B w/ with its 192.168.1.15 address (so the same subnet as my A network) it seems to work fine and I don't have any time-outs. Any thoughts on what might be going wrong?