Static routes for a newbie

dneb · December 18, 2024, 10:18pm

Appologies - I know just enough to be dangerous. Please point me to something to read if you can see what I don't understand.

I have a TP-Link Omada with OpenWRT 23.05 installed, with LuCI and LUA, and everything is working great ("LAN A")

I have a second TP-Link Omada (it does not have OpenWRT) that is hanging off the first ("LAN B")

Computer B can get on the internet and even ping Computer A. What I can't figure out is how to get Computer A to be able to ping Computer B.

I thought if I added a static route on LAN A for 192.168.20.0/8 (LAN B subnet) pointing to 192.168.7.5 (outgoing from LAN A to LAN B) that it would work, but it does not (or I set it up wrong). The static route also doesn't show up in the list of static routes.

(sorry for the big image - new users can only post one image)

I've tried some variations on the settings (table, metric, on-link) but it hasn't made a difference.

Any pointers on what I am doing wrong? Do I need a static route setup on Computer A as well?

Nim · December 18, 2024, 10:29pm

LAN B should probably be 192.168.20.0/24

and LAN A should be 192.168.7.0/24

otherwise the subnets overlap and won't route correctly

I think the basic static routes will then work, no need to change the other settings (table, metric, on-link)

dneb · December 18, 2024, 10:43pm

Ahhh, I have my CIDR notation backwards. Thank you for that hint. Heading off to try now.

dneb · December 18, 2024, 10:51pm

OK, the actual subnets were 255.255.255.0 so actually /24, but when I setup the static route, I was using /8 so that was wrong.

Changing the static route to target 192.168.20.0/24 didn't help

However, the static route now shows up correctly. But the previous lan line now shows br-lan, and I'm wondering why it is 192.168.0.0/20. /20 seems too large and also overlapping.

Nim · December 18, 2024, 10:55pm

We need to see the config for the interfaces

the contents of

/etc/config/network

psherman · December 19, 2024, 12:02am

Router A

This device needs a static route so that it understands where to send traffic destined for hosts behind router B.
Assuming that router B's wan address is 192.168.7.5, the static route set on router A will look like this:

192.168.20.0/24 via 192.168.7.5

Router B

This one does not need any static routes. It will already have the default route via its wan.
- if any static routes have been added, please remove them.
The wan firewall zone must have masquerading disabled. This is found in the zone definition stanza (or in LuCI, you'll see the masquerading checkbox in the wan zone line
You will also need to allow traffic to flow from wan > lan (in part or in whole) via the firewall. For now, create a forward rule from wan > lan, just like the one that currently allows lan > wan.
- if you need tighter restrictions and/or more granular control, that is absolutely possible, but let's get this working in general first.
- NEVER allow forwarding from wan > lan if the wan is internet facing.
If computer B has a local firewall, especially Windows Firewall, you need to adjust it to allow incoming requests from other subnets. Otherwise it will reject that traffic at the host level.

All of that said, this is an excellent way to learn how to cascade routers with symmetric routing, but it is not actually totally necessary as the both OpenWrt and Omada system can setup multiple subnets on the single device (i.e. VLANs). This means you can have all the routing handled by the main router and not bother with router B. This is generally more efficient for management purposes. But, there are some situations where the two physical routers is desirable or useful, and it's certainly great to setup this way for educational purposes.