Problem with disabling NAT behind an ISP router

CABAL · January 12, 2024, 8:11pm

Hi,
my setup:

ISP router ip 192.168.7.1 -> network 192.168.7.0/24

OpenWRT Router ip 192.168.178.1 connected to ISP router
wan ip 192.168.7.2
network 192.168.178.0/24

I want to access devices in network 192.168.178.0/24 from network 192.168.7.0/24.

I have an ip route on the ISP router to 192.168.178.0/24 via 192.168.7.2.
I have an ip route on the OpenWRT router to 192.168.7.0/24 via 192.168.178.1 on the wan interface.

As soon as I disable masquerading on the firewall wan zone I am losing internet connection in network 192.168.178.0/24 and can't still access devices there from 192.168.7.0/24.

I all did this via the LuCi UI.

What do I missing here or doing wrong?

AndrewZ · January 12, 2024, 8:18pm

delete it, 192.168.7.0/24 is directly attached, route is created automatically once the associated interface is configured

egc · January 12, 2024, 8:40pm

Besides deleting the route as @AndrewZ remarked you have to open up the firewall for traffic from 192.168.7.0/24 or disable the firewall

CABAL · January 12, 2024, 8:52pm

Ok I found a mistake. I did the ip route on the ISP router wrong. After I fixed it I can access devices in 192.168.178.0/24 from the ISP router network. But how is it possible when masquerading is still on on the OpenWRT router?

egc · January 12, 2024, 9:31pm

Why not that is the normal way the router operates.
Only the NAT is no longer necessary as the primary router now knows the route.
But it can still operate with NAT enabled.

The only necessary thing besides the route is opening the firewall.