Need Help please by Routing 2 Subnets

Hello everyone in the forum,

I need help again. I want to use a Cudy WR1300 router as a camera router.
The Cudy router (WAN: 192.168.2.201/24 and LAN: 192.168.1.1/24) is behind a Speedport router (LAN: 192.168.2.1/24).
I want to access the 192.168.1.xxx network via the Speedport or the 192.168.2.xxx network. And vice versa.
I have already tried using relay bridge, routing, firewall and NAT rules.
It didn't work.
Is there a manual somewhere?
Can you please help me?

Greetings from Germany - Martin

Hallo an alle im Forum,

ich bräuchte wieder mal Hilfe.Ich möchte einen Cudy WR1300 Router als Kamera-Router benützen.
Der Cudy-Router(WAN:192.168.2.201/24 und LAN:192.168.1.1/24) ist hinter einem Speedport-Router(LAN:192.168.2.1/24).
Ich möchte über den Speedport bzw. dem 192.168.2.xxx Netz auf das 192.168.1.xxx Netz zugreifen.Und umgekehrt.
Ich habe schon versuche mit Relay Brücke,Routing,Firewall und NAT Regeln gemacht.
Nicht funktioniert.
Gibt es irgendwo eine Anleitung?
Könnt ihr mir bitte helfen?

Grüße aus Deutschland - Martin

root@OpenWrt:~# ubus call system board; \
> uci export network; uci export firewall; \
> head -n -0 /etc/firewall.user; \
> iptables-save -c -t filter
{
	"kernel": "5.15.150",
	"hostname": "OpenWrt",
	"system": "MediaTek MT7621 ver:1 eco:3",
	"model": "Cudy WR1300 v1",
	"board_name": "cudy,wr1300-v1",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.3",
		"revision": "r23809-234f1a2efa",
		"target": "ramips/mt7621",
		"description": "OpenWrt 23.05.3 r23809-234f1a2efa"
	}
}
package network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd99:2981:c2ff::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.2.1'

config interface 'wan'
	option device 'wan'
	option proto 'static'
	option ipaddr '192.168.2.201'
	option netmask '255.255.255.0'
	option gateway '192.168.2.1'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

package firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

head: /etc/firewall.user: No such file or directory
-ash: iptables-save: not found
root@OpenWrt:~# 

Does your speedport device support static routes? This is required for you to achieve the stated goals.

Assuming that it does:

  • you will use the cudy in standard routing mode (in other words, the default configuration)
  • you will add a static route on the speedport 192.168.1.0/24 via 192.168.2.201
  • and finally you will disable NAT masquerading on the wan zone of the OpenWrt router in the firewall config.

Hello, the Speedport has dynamic port activation, port redirection and port forwarding and dynamic DNS.



None of those will help. Keep looking for static routes.

Ok, thanks. I'll ask Google and think about other solutions.
What happens if I set the subnet mask in the Speedport to 255.255.0.0?

That will not solve the routing issue. It will break routing entirely for the openwrt network.