I cannot ping from wan to lan, as by default openwrt configuration lan to wan pings works fine., Even after adding Allow-LAN-Ping firewall rule and trying all nCn combinations, I cannot ping from wan to lan.
Please give me the configuration steps, so that i can ping from wan to lan.
what's the point of trying to ping lan from wan ?
I want to access both the networks, as my goal is to create a mesh architecture, my wifi(ISP) is on the wan side and my openwrt is on lan side, I have the internet access from wan to lan, also can ping wan from lan, But i also want to ping lan from wan.
I have several routers running internally, to connect from upstream to downstream aka from WAN to LAN I use this rule:
config rule
option name 'allow_forward'
option src 'wan'
option dest '*'
option target 'ACCEPT'
list src_ip '10.0.0.0/8'
list src_ip '192.168.0.0/16'
option enabled '1'
To connect to downstream you also have to set a static route on the upstream router
if you want to access both networks, why not configure the openwrt device as a dumb AP ?
other than this tell me do i have to do something else adding 1. firewall rule 2. Adding route in Network>Routing ?
Have you tried to enable forwarding from WAN to LAN? That should be enough... if the main router on the WAN side is also configured to route packets for the LAN network using the OpenWrt device as a gateway.
Yes, but then also it is not working, I am sending screenshots of my configurations
If you do not want to setup as a Dumb AP but keep the routers on their own subnet connected with the WAN to the LAN of the upstream router and you want to have full access you need two firewall rules on the downstream router:
/etc/config/firewall:
config rule
option name 'allow_forward'
option src 'wan'
option dest '*'
option target 'ACCEPT'
list src_ip '10.0.0.0/8'
list src_ip '192.168.0.0/16'
option enabled '1'
config rule
option name 'allow_input'
option src 'wan'
option target 'ACCEPT'
list src_ip '192.168.0.0/16'
list src_ip '10.0.0.0/8'
option enabled '1'
The first is to allow traffic going to your LAN (clients) and the second to allow access to the router itself.
But you have to set a static route on the upstream/main router
My main router (192.168.0.0/24) which also runs openwrt has this static route to my downstream router (192.168.9.0/24 with WAN address 192.168.0.9)
/etc/config/network:
config route
option interface 'lan'
option target '192.168.9.0/24'
option gateway '192.168.0.9'
option disabled '0'
basically:
ip route add 192.168.9.0/24 via 192.168.0.9
Can we see the configuration on the ISP router, please?
My ISP router is tp-link DECO(main router), can i set static route on DECO?
I googled: tplink deco static route
The first thing that came up: https://www.tp-link.com/nl/support/faq/560/
Let me configure this static route on the main router first, then, i will get back here, and let you know the results
I looked into it, i found, tp-link Deco does not support Static Routes - google.com/does-deco-supports-static-routing,
Now, I am thinking I would take 2 Openwrt raspberry pi routers, One will be my Mainstream Router and the second one will be my Downstream router, as openwrt supports static routing.
So would now will i be able to ping wan and lan from both upstream and downstream (2 different network) devices?
Certainly, but you can also consider setting up the second router as a Dumb AP as said in my earlier post
