remove the metric
Same, no change.
let's see the other router's configs
network:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.2'
option gateway '192.168.1.1'
list dns '1.1.1.1'
list dns '8.8.8.8'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 6t'
config device
option type 'bridge'
option name 'br-lan2'
list ports 'eth0.2'
config interface 'LAN2'
option proto 'static'
option device 'br-lan2'
option ipaddr '192.168.50.1'
option netmask '255.255.255.0'
dhcp:
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option ignore '1'
list ra_flags 'none'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'LAN2'
option interface 'LAN2'
option start '100'
option limit '150'
option leasetime '12h'
list ra_flags 'none'
firewall:
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option flow_offloading '1'
option flow_offloading_hw '1'
config include
option path '/etc/firewall.user'
config zone
option name 'LAN2'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'LAN2'
config zone
option name 'LAN'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config forwarding
option src 'LAN'
option dest 'LAN2'
config rule
option name 'LAN2_fwd_internet'
option src 'LAN2'
option dest '*'
list dest_ip '!192.168.1.0/24'
option target 'ACCEPT'
list proto 'all'
Routing asymmetry causes invalid packets due to statefull firewall.
If you check the network configuration that I posted you will see that it is not the case.
Routing asymmetry causes invalid packets due to statefull firewall.
If that were true then adding the route on my PC wouldn't work.
not sure if it is has always been there or not.
Is this new situation unique or could you say it has manifested since either the previously mention thread or since you changed IP range on this Interface?
Because not knowing, affects the trustworthiness of the wiki page you authored.
It's the other way around. By adding the route you bypass the main router and there is no routing asymmetry.
Is this new situation unique or could you say it has manifested since either the previously mention thread or since you changed IP range on this Interface?
Because not knowing, affects the trustworthiness of the wiki page you authored.
I remember it was working correctly; but I could be wrong. That wiki page is under my own user's home page and I just authored it yesterday as agreed with @WereCatf in the other thread; by walking back my steps I noticed that the static route was not working and opened this new thread. This thread is about fixing the problem, afterwards I can fix the wiki page if needed. But so far we do not know whether the wiki page steps are not incorrect or not. I think I provided enough information to troubleshoot the issue, let's go with analysis instead of trust, shall we?
It's the other way around. By adding the route you bypass the main router and there is no routing asymmetry.
Ok, so perhaps this static route never worked; what is the solution to do routing in this setup? Nobody mentioned it so far.
I don't think the secondary router can do anything about this because it is acting as a switch for the PC and the main router.
You can either setup a dedicated uplink. Or loosen up the firewall to ignore invalid packets.
This thread is about fixing the problem, afterwards I can fix the wiki page if needed. But so far we do not know whether the wiki page steps are not incorrect or not. I think I provided enough information to troubleshoot the issue, let's go with analysis instead of trust, shall we?
You are correct Viktor, it was less than amicable for me to post despairingly about your sincere contribution to our community. I am embarrassed and hope that I can work toward a sincere rapport for future projects.
From a similar case solved some time ago.
The first case fails because you have asymmetric routing. Echo request goes host2->fb4040->host1. Reply goes host1->fb6490 where it is blocked as invalid, because the firewall on 6490 never examined the initial packet. You need to find in the config of 6490 how to disable this. The third case is weird, but still it is not an issue of OpenWrt, if you can see the packet in tcpdump leaving wan6 with correct source and destination IPs.
You are correct Viktor, it was less than amicable for me to post despairingly about your sincere contribution to our community. I am embarrassed and hope that I can work toward a sincere rapport for future projects.
No problem, I think we both have good intentions; right now I consider it a draft, I would like to make that page much better before moving it to a non-personal section of the wiki. And surely if it contains incorrect steps it has to be amended/retracted. Unfortunately I hit this snag and due to my ignorance on routing I could not properly figure it out / fix it.
Thanks for the help so far!
From a similar case solved some time ago.
The first case fails because you have asymmetric routing. Echo request goes host2->fb4040->host1. Reply goes host1->fb6490 where it is blocked as invalid, because the firewall on 6490 never examined the initial packet. You need to find in the config of 6490 how to disable this. The third case is weird, but still it is not an issue of OpenWrt, if you can see the packet in tcpdump leaving wan6 with correct source and destination IPs.
I will check this thread, thanks; from the top of my head I could either:
- use DHCP to push the extra route to clients
- reconfigure this using separate VLANs (since both routers are OpenWRT)
The traffic flow atm:
Your pc->primary router lanint->secondary router lanint->server50 and backwards, server50->secondary router 50int->your pc.
Matti