Hello,
I am having trouble connecting to a machine in another subnet. My topology looks something like this:
pc1 (192.168.2.15) ---- (192.168.2.0/26) router1(openwrt) (192.168.1.38) --- (192.168.1.0/24) router2 -- to ISP
pc2 (192.168.1.6)
I can't ping 192.168.1.38, 192.168.1.1 or 192.168.1.6.
Network Config:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd45:31b7:d8c4::/48'
config interface 'lan'
option proto 'static'
option ip6assign '60'
option ipaddr '192.168.2.1'
option gateway '192.168.1.1'
option ifname 'eth0'
option netmask '255.255.255.192'
option type 'bridge'
option igmp_snooping '1'
option stp '1'
config interface 'WLAN'
option proto 'static'
option gateway '192.168.2.1'
list dns '192.168.1.1'
option force_link '0'
option netmask '255.255.255.192'
option ipaddr '192.168.2.64'
config interface 'WAN'
option proto 'dhcp'
option hostname 'RPi-OpenWRT'
option force_link '1'
option ifname 'eth1'
option broadcast '1'
config route
option target '192.168.1.0'
option gateway '192.168.2.1'
option netmask '255.255.255.224'
option interface 'WAN'
Firewall config:
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan WLAN'
config zone
option name 'wan'
option output 'ACCEPT'
option mtu_fix '1'
option log '1'
list device 'eth0'
option input 'ACCEPT'
option forward 'ACCEPT'
option network 'WAN'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option family 'ipv4'
option target 'ACCEPT'
list icmp_type 'echo-request'
option dest 'lan'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config forwarding
option dest 'lan'
option src 'wan'
This has been rattling my brain for some time. I think it is a firewall issue. Oh, I am able to ping both IP's (192.168.1.6, 192.168.1.1, basically any 192.168.1.0/24) from router1 (open wrt).
Thanks for your help!