Static Route & Default Route

My main router ( Router A ) runs OpenWRT and is connected to the internet and serves IP address in the 192.168.1.x range to my main network. I have connected a Raspberry Pi running OpenWRT to this via wifi (static IP 192.168.1.254) (I'll call this Router B ). I have set the RPi to serve IPs in the 192.168.2.x range on its ethernet port. It has a static address on ethernet of 192.168.2.1.

I have managed to use static routes to allow Laptop A (connected to Router A) to talk to Laptop B (connected to Router B via ethernet). However, I can't get Laptop B to connect to the internet. If I compare my routing tables between the two routers I can see that Router A has a default route defined whereas B does not - even though I have specified it in the Static Routes section.

The content of /etc/config/ on Router B is as follows:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd8a:dcde:2c1e::/48'

config interface 'lan'
	option ifname 'eth0'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.2.1'
	list dns '1.1.1.1'
	option gateway '192.168.1.1'

config interface 'wwan'
	option proto 'static'
	option ipaddr '192.168.1.254'
	option netmask '255.255.255.0'
	option gateway '192.168.1.1'
	list dns '1.1.1.1'

config route
	option target '0.0.0.0'
	option gateway '192.168.1.1'
	option interface 'wwan'
	option netmask '0.0.0.0'
	option table 'main'

config route
	option gateway '192.168.1.1'
	option target '192.168.1.0/24'
	option interface 'wwan'
	option netmask '255.255.255.0'

And the content of /etc/config/firewall on Router B is:

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option synflood_protect '1'
	option forward 'ACCEPT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan'

config zone
	option name 'wan'
	option output 'ACCEPT'
	option mtu_fix '1'
	option network 'wan wan6 wwan'
	option input 'ACCEPT'
	option forward 'ACCEPT'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Support-UDP-Traceroute'
	option src 'wan'
	option dest_port '33434:33689'
	option proto 'udp'
	option family 'ipv4'
	option target 'REJECT'
	option enabled '0'

config include
	option path '/etc/firewall.user'

config forwarding
	option src 'wan'
	option dest 'lan'

Could anyone please point me towards what I need to do in order to get laptop B connected to the internet? (I realise that this is not a sensible permanent solution - I am just using this as a lockdown learning exercise)

Here are screenshots of my routing tables if it helps:

uci -q delete network.lan.gateway
while uci -q delete network.@route[0]; do :; done
uci commit network
/etc/init.d/network restart
1 Like

Thank you so much for that! It works perfectly now. I have two questions:

  1. Will this survive a reboot?
  2. What the hell did I just do!?
1 Like

Yes.

There was a wrong gateway option in the lan interface config and redundant routes.

Thank you for your help!

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.