This is my network!
I created the second interface cause it doesn’t set it up, I subnetted it and got the 192.168.1.252 network address and setup that Interface with 192.168.1.253 and without setting up dhcp. I setup the second router which is connected to the wan port with 192.168.1.254 and the mask of 255.255.255.252 and the dns to 192.168.1.253, then added the second interface to the primary lan zone,but I don’t get dns unless I add a dns server
eth0's network overlaps that of eth1. To be more specific, every subnet on a router must be unique and non-overlapping. 192.168.1.0/24 includes 192.168.1.252/30.
Also, what is the purpose of the DD-WRT router? You appear to be using it as a router -- why not simply setup the 192.168.2.0/24 network on eth0 and omit the WRT300N (or make it a bridged AP instead of using it as a router)?
The main openwrt x86 router has been pretty solid and I did some networking training online I’m just doing labbing and practicing subnetting a subnet, and then creating a second network on top of that. The other router is something I had that was basic and doesn’t have too many options so if I have issues I know it’s probably not an advanced feature that’s causing an issue to simplify things.
Ok... well, there are two simple solutions...
- delete the second interface and put eth0 into a bridge with eth1 so that it is part of the 192.168.1.0/24 network that already exists.
or
- Change the second interface's IP to something that is unique and non-overlapping. For example, 192.168.51.0/24 (so the OpenWrt router's address would be 192.168.51.1/24, for example).
1 Like
So maybe I should go with a /23 then and go with 192.168.0.1 for the primary interface and 192.168.2.1 for the second interface?
I mean you can do this, but why? Do you have more than ~250 devices connecting to either or both of the networks?
You could do this regardless of the choice of /24 or /23.
Or, you could leave your 192.168.1.0/24 network in place and use 192.168.2.0/24 on the eth0 interface.
All that matters is that the subnets are unique and non-overlapping.
Can you explain what is happening with the dns as it is?
I'm not sure what you're asking. It would be helpful to see your config so that it is clear where you're adding the DNS, but before we even worry about that, you need to fix the initial issue of the overlapping subnets.
Once that is fixed, if you're still having issues, let's see the config:
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):
Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall
Your subnets overlap. You need to make the original 192.168.1.1 interface smaller than /24 (e.g. /25, not /23) if you're going to set up another network in the same /24.
In home networks it is almost universal to use /24 to keep the numbering simple.
I just reinstalled the software [OpenWrt 24.10.5 (r29087-d9c5716d1d)] and under the primary interface I have the ip 192.168.1.1 and subnet mask 255.255.255.0 and the second interface I just changed the second interface ip to 192.168.2.1 255.255.255.0 then on the next router after the second interface I changed it to 192.168.3.1 and 255.255.255.0 and 192.168.2.1 for the gateway and when I change the dns to 192.168.2.1 on the next router it fails to connect to web pages giving a dns error but when I change the dns to google dns address 8.8.8.8 the pages load fine!
Please post the configs as requested earlier. It tells the whole story.
So I did some things before posting. The first thing I did is just pulg in the second interface into a pc directly without dhcp enabled with the gateway as 192.168.2.1 and the dns as 192.168.2.1 and the internet worked just fine getting dns. Then I enabled dhcp and the dns was working fine. Then I plugged the ethernet cable back into the second router after the second interface just assing the Ip address and dns maually still having dns issues. I then changed the router to dhcp for the wan but was still having dns issus.
ubus call system board
{
"kernel": "6.6.119",
"hostname": "OpenWrt",
"system": "AMD Athlon(tm) 64 X2 Dual Core Processor 4200+",
"model": "MICRO-STAR INTERNATIONAL CO., LTD MS-7125",
"board_name": "micro-star-international-co-ltd-ms-7125",
"rootfs_type": "ext4",
"release": {
"distribution": "OpenWrt",
"version": "24.10.5",
"revision": "r29087-d9c5716d1d",
"target": "x86/64",
"description": "OpenWrt 24.10.5 r29087-d9c5716d1d",
"builddate": "1766005702"
}
}
cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
config interface 'wan6'
option device 'eth1'
option proto 'dhcpv6'
config interface '6in4'
option proto '6in4'
option peeraddr '***********'
option ip6addr '*****/64'
list ip6prefix '*********'
option tunnelid '*****'
option username '*********'
option password '******'
config interface 'Network2'
option proto 'static'
option device 'eth2'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option delegate '0'
cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
list addnmount '/bin/busybox'
list addnmount '/var/run/adblock-lean/abl-blocklist.gz'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
option piofolder '/tmp/odhcpd-piofolder'
config dhcp 'Network2'
option interface 'Network2'
option start '100'
option limit '5'
option leasetime '12h'
cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'Network2'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network '6in4'
list network 'wan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option src 'wan'
option dest 'lan'
option name 'Allow-protocol-41'
list proto 'ipv6'
option target 'ACCEPT'
option enabled '0'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'web'
option src 'wan'
option src_dport '80'
option dest_ip '192.168.1.102'
option dest_port '80'
list proto 'tcp'
list proto 'udp'
So you solved the first problem, but you created a similar one in the process...
This subnet (192.168.2.0/24) feeds the wan of the DD-WRT router. But the DD-WRT router's lan is also 192.168.2.0/24, which means that routing will not work properly.
If you plan to use the DD-WRT device as a router, you must have unique/non-overlapping subnets on its wan and lan, as well. So that means changing one or the other.
So, you could change the above Network2 address to something else that doesn't overlap any of the other subnets (for example, 192.168.7.1), or you can change the DD-WRT lan address (you could use the same example address). Do this in only one place, though -- either OpenWrt or DD-WRT, not both.
Sorry I didn’t realize I didn’t change the network map to reflect the changes. To make it more simple with less complex software, I changed the router to a Belkin N300 F9K100v5(01b), then as we discussed not on the same network, so I changed the second interface to 192.168.2.1 and the N300 to 192.168.3.1.
Ok... so we know that there are no overlaps of the various subnets throughout your topology.
With that in mind...
This seems to indicate that the issue is with the DD-WRT device itself. That is clear because a computer connected to the OpenWrt router Network2 interface works just fine -- it gets a DHCP lease, has connectivity, and also has working DNS. This proves that the OpenWrt config is correct.
When you connect the DD-WRT device to Network2, if it doesn't work, that means that there is something that is misconfigured or otherwise not working properly on that side.
No dd-wrt software stock belkin n300
This is yet another difference between the original topology diagram and the current state... a bit confusing (I see you did state that in one of your latest responses, but I overlooked that detail).
Do you still have the DD-WRT device?
Yes, I still have the dd-wrt router but I just didn’t want to introduce more problems with more complex software.
Give the DD-WRT router a try (connected via its wan port directly to the x86 machine Network2/eth2 instead of the Belkin device). Make sure that it doesn't have an overlapping subnet on its lan.
What is the problem with the stock Belkin router?