Raspberry Pi: Network 10.0.0.0 and 192.168.1.0 not separated

sophos · December 3, 2018, 10:27am

Hi,

I setup OpenWrt on a Raspberry Pi, enabled wifi, created a new static interface with address 10.0.0.1 on that wifi and enabled dhcp. I disabled the dhcp and the bridge to wifi on the default interface 192.168.1.1.

When I connect to that wifi with my laptop I got an IP 10.0.0.138 as expected. But why can I successfully ping 192.168.1.1 on that laptop?

Shouldn't 10.0.0.138 and 192.168.1.1 be totally separated?

Could someone explain why it is possible to ping 192.168.1.1 when I'm in 10.0.0.0 network?

What do I have to change, to separate the 10.0.0.0 and 192.168.1.0 network?

Thanks in advance,
Toni

mikma · December 3, 2018, 11:27am

The fact that you can ping all addresses of the openwrt router doesn't mean the networks aren't separated. I can't see any reasons to allow ping to only one and not all IP addresses of the router.

sophos · December 3, 2018, 1:08pm

But why can a device with IP 10.0.1.138 ping a device with 192.168.1.1 when it is in a total different network?

LGA1150 · December 3, 2018, 1:50pm

Because 192.168.1.1 and 10.0.0.1 are on the same router.
When your laptop tries pinging 192.168.1.1, which is not in 10.0.0.0/24, it forwards packet to the gateway, which is your Raspberry Pi. Unless some policy-based routing or firewall rule is set, your router will reply to the echo request and send the echo reply packet via the same interface. Therefore, you're doing nothing but pinging your router.

jeff · December 3, 2018, 3:42pm

You explicitly bridged the two networks into one. You have two subnets on the same "wire".

Edit: Are you trying to create a "guest network"? If so there are many threads here as well as likely wiki pages on the OpenWrt wiki that would be of help.

sophos · December 4, 2018, 8:44am

No, I disabled the bridge between wifi and the default interface 192.168.1.1. So the 10.0.0.1 interface is only bound to wifi and the 192.168.1.1 interface is only bound to eth0.

I just wanted to create an independent wifi an lan network. I did not expect, that i can ping 192.168.1.1 from the 10.0.0.1 network.

LGA1150 · December 4, 2018, 10:19am

Your PC and the OpenWrt forum server are apparently in total different network, but why can you log in here?
Creating a different subnet only isolates broadcast domains and blocks L2-only traffic. To access-control L3 traffic, you must set up firewall and/or PBR.
In OpenWrt firewall settings, you can create a different firewall zone for your WiFi interface.
Please refer to guest network setup guide for details