How to ping from WAN to LAN?

If you do not want to setup as a Dumb AP but keep the routers on their own subnet connected with the WAN to the LAN of the upstream router and you want to have full access you need two firewall rules on the downstream router:

/etc/config/firewall:

config rule
	option name 'allow_forward'
	option src 'wan'
	option dest '*'
	option target 'ACCEPT'
	list src_ip '10.0.0.0/8'
	list src_ip '192.168.0.0/16'
	option enabled '1'

config rule
	option name 'allow_input'
	option src 'wan'
	option target 'ACCEPT'
	list src_ip '192.168.0.0/16'
	list src_ip '10.0.0.0/8'
	option enabled '1'

The first is to allow traffic going to your LAN (clients) and the second to allow access to the router itself.

But you have to set a static route on the upstream/main router
My main router (192.168.0.0/24) which also runs openwrt has this static route to my downstream router (192.168.9.0/24 with WAN address 192.168.0.9)

/etc/config/network:

config route
	option interface 'lan'
	option target '192.168.9.0/24'
	option gateway '192.168.0.9'
	option disabled '0'

basically:
ip route add 192.168.9.0/24 via 192.168.0.9

1 Like