Network issue Possible solution

Hello All,
I have one question. I have master and slave network with two router. Slave router is connected to master router with LAN. Below is diagram for this.

Left red network is designed for all IOT devices and has many cameras. From that network you can not reach to 192.X network. This has been achieved at firewall level. However from 192.X I can reach 10.X network. There was route configured. Every thing works well. I have one server it has lan and wireless network. It connected 192.X network and got IP 192.168.1.100. Its connected on 10.X network and got the 10.0.0.100 Ip address. Server has webpage on port 80. I can visit page from both network. Machine is named Lap1. but some times I am facing lot of latency reaching it. what could be best way to handle this ?
I can disconnect wireless but red network is slow. I have given host name as well.
Please suggest.

Please elaborate under what conditions is is slow? Is it always slow in some scenarios, but always fast in others? Or is it intermittently slow and sometimes fast?

How is the laptop connected to each network (you mention wired and wireless -- is it wired to one and wireless to the other)?

What OS is the laptop running?

Are the there two separate routers involved here, or is there just one that covers both networks?

Os is windows server 2019. machine name is configured in openwrt on both router with ip address. under host name (DHCP and DNS). slow means.. webpage some times come quickly or some times does not come properly. there is no guarantee

Do other devices have this issue? To me, this sounds more like an issue with that specific host and/or the sites that you are trying to visit, and not related to OpenWrt.

I made small change. I disconnected wifi of that machine. Now that machine can be viewed as below.

In 10.* network. Under host configuration, machine name is configured. It can be reached very quickly. but from the 192 Network. Machine is reachable over ip only. I can not reach by name. so on the router 192 network, I added host name still same issue. Then I added one route on 10* network as below, issue persist.

nslookup gives correct IP quickly.

So does this mean your problem is solved?

No problem is still there .. I am not able to think what could be wrong.

Can you be more specific about the issue? The problem statement isn't entirely clear. - Is the issue in reaching resources? external resources? both?

  • Are the two networks shown handled by a single router, or are there two routers in use?
  • If the problem is reaching internal resources, does the problem show up when accessing from one network to the other, or is it there even on the same network?
  • Do any other devices on your network have similar issues?

Can you be more specific about the issue? The problem statement isn't entirely clear. - Is the issue in reaching resources? external resources? both?

  • Yes , there isssue of reaching to resource from another network. Interestingly it is reachable by IP. but not by name.
  • Are the two networks shown handled by a single router, or are there two routers in use?

There are 2 routers. One is master and second one is kind of slave, connected by lan cable.

  • If the problem is reaching internal resources, does the problem show up when accessing from one network to the other, or is it there even on the same network?

In primary network, its is available by ip and name both. in master network it is available only by IP. I missed one point, its webpage is on 8083 port. but I dont think port or firewall isusse. if it was then by ip also it should have blocked.

  • Do any other devices on your network have similar issues?

Not tested ,.. there is no need .. I think I am making some small mistake some where.

Sounds like a basic nameserver issue, or if you're using mdns, that doesn't traverse across routers without additional packages.

Let's take a look at your configs. Please make it clear which router is which.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

First Main Router,,,,


"kernel": "5.15.150",
        "hostname": "XXXXXXXXX",
        "system": "MediaTek MT7621 ver:1 eco:3",
        "model": "CUDY X6 v1",
        "board_name": "cudy,x6-v1",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.3",
                "revision": "r23809-234f1a2efa",
                "target": "ramips/mt7621",
                "description": "OpenWrt 23.05.3 r23809-234f1a2efa"
        }

cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd96:f70d:6de2::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

config route
        option interface 'lan'
        option target '10.0.0.0/24'
        option gateway '192.168.1.225'

config rule
        option in 'lan'
        option src '192.168.1.1/24'
        option out 'lan'
        option dest '10.0.0.1/24'
        option lookup 'local'

Pay attention to rule here, this is entry for going into second router.
Wire less is default.. there is no change..
cat /etc/config/wireless
No change
cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'
        option confdir '/tmp/dnsmasq.d'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config domain
        option name 'Laptop1'
        option ip '10.0.0.180'

Now this laptop1 is reachable over IP

In firewall, all default except below line -

config redirect
        option dest 'lan'
        option target 'DNAT'
        option src 'lan'
        option src_dport '8080-8089'
        option dest_ip '10.0.0.180'

Second router connected via lan cable. -

{
        "kernel": "5.10.176",
        "hostname": "XXXXXXXX",
        "system": "MediaTek MT7628AN ver:1 eco:2",
        "model": "Xiaomi Mi Router 4C",
        "board_name": "xiaomi,mi-router-4c",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.4",
                "revision": "r20123-38ccc47687",
                "target": "ramips/mt76x8",
                "description": "OpenWrt 22.03.4 r20123-38ccc47687"
        }
}

cat /etc/config/network


config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '10.0.0.1'
        option ip6table 'default'
        list ip6class 'local'
        option ipv6 '0'
        option delegate '0'

**

Removing unwanted text..
cat /etc/config/wireless
is default and no change.
cat /etc/config/dhcp

**


config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'
        option logqueries '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'


config host
        option name 'Laptop1'
        option ip '10.0.0.180'
        option mac '50:EB:XXXXXXXXXX'


config domain
        option name 'Laptop1'
        option ip '10.0.0.180'

All default for firewall except below rule.


config rule
        option name 'Laptop1'
        list src_ip '192.168.1.1/12'
        option dest '*'
        list dest_ip '10.0.0.180'
        option target 'ACCEPT'

This version is obsolete and EOL. It now unsupported. You should upgrade to 23.05.

I'm still not entirely certain what the specific problem and circumstance looks like. Can you please provide specific information about your connections and the errors or timing.

1 Like

So, I see this route...

But the second router doesn't seem to have an address on the 192.168.1.0/24 network. Did you redact anything from the second router's network config?

Second router is connected to main router which has 192.168.1.225 is address on wan. and all devices has address 10.0...do we need entry for this network in second child router ?

Laptop is reachable by IP and not by name this is problem.

There is no wan interface visible in the config you posted.

From where? And what is the name you are trying to use (provide a complete example).

Allow me some time.. I am still researching. within network there is no problem. from main network to slave network, machine is not reachable by machine name .

Here is further clear exception.

Here is network diagram.
Look for blue within red network.

I guess, I need to add dnS entry some where in main router.