Port forwarding/routing between two networks

I have configured router with openwrt as dumb-switch.
My main router is connected directly with openwrt device, working services: DHCP, DNS.
Both routers are connected with ethernet, LAN->LAN port (WAN on openwrt is not used).
My network on image (everything above green line is done and working):

Output: /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr ''
        option netmask ''

config globals 'globals'
        option ula_prefix 'fdc6:8181:d110::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option delegate '0'
        option ipaddr ''
        option netmask ''
        option gateway ''
        option dns ''

config interface 'wan'
        option ifname 'eth1'
        option proto 'dhcp'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 0t'

Output: /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'platform/ar933x_wmac'
        option htmode 'HT20'
        option country 'US'
        option legacy_rates '1'
        option disabled '0'

config wifi-iface
        option device 'radio0'
        option mode 'ap'
        option ssid 'Home'
        option network 'lan'
        option encryption 'psk2+ccmp'
        option key ' :) '

Output: ip -4 ro dev br-lan scope link src

I disabled sevices: dnsmasq, firewall, odhcpd

If I try connect to Micro-controller as a client on openwrt WiFi whole network die.
Also the default route is changing to controller only.

I want to gain acces from main router to one port on Micro-Controller (controller not need internet access). Port number is 500.
First I tried to forward port from controller - to OpenWrt IP, but without success.

Thanks for any help,

1 Like
uci -q delete firewall.mc
uci set firewall.mc="zone"
uci set firewall.mc.name="mc"
uci set firewall.mc.network="mc"
uci set firewall.mc.input="REJECT"
uci set firewall.mc.output="ACCEPT"
uci set firewall.mc.forward="REJECT"
uci set firewall.mc.masq="1"
uci set firewall.mc.mtu_fix="1"
uci -q delete firewall.mc_redir
uci set firewall.mc_redir="redirect"
uci set firewall.mc_redir.name="mc_redir"
uci set firewall.mc_redir.src="lan"
uci set firewall.mc_redir.src_dport="500"
uci set firewall.mc_redir.dest_ip=""
uci set firewall.mc_redir.proto="tcpudp"
uci set firewall.mc_redir.target="DNAT"
uci commit firewall
/etc/init.d/firewall enable
/etc/init.d/firewall restart
uci -q delete network.mc
uci set network.mc="interface"
uci set network.mc.proto="dhcp"
uci set network.mc.defaultroute="0"
uci commit network
/etc/init.d/network restart

And assign the wireless client interface to the new network.

1 Like

Since your OpenWrt device is configured as a basic switch, there is no routing happening on the device and therefore no port forwarding either.

Are you trying to route between different subnets?

Also, why are you using a /16 for your main network? This is generally not useful unless you have thousands of clients, and in that situation you should be splitting them up into different networks (broadcast domains) anyway. /24 is a much better option for most networks.

Thank you Sir, works well :slight_smile:

1 Like

I need it in my homelab.

Yes, between =

But port forwarding works also, thanks once again @vgaetera.

You need 65000 IP addresses in your homelab? That's a big old lab!

I test all changes/settings in home lab, before implementation in company.
So hard to understand?

a /16 is extremely inefficient because of the huge broadcast domain. The only time a network this size makes sense is if it is a wifi network that has client isolation enabled as well as multicast blocking such that the network doesn't become super 'chatty'

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.