Static routes not working over WiFi - Archer c2600 - 17.01.5

Installing and Using OpenWrt Network and Wireless Configuration
1

As the title suggests...Static routes are not working for me ATM over WiFi, however they are over the WAN interface. I'm using:

  • TP-LINK Archer c2600v1.1 router
  • LEDE Reboot 17.01.5 r3919-38e704be71 / LuCI lede-17.01 branch (git-18.180.55366-b78664c)
  • Kernel Version 4.4.140

It's my belief that if I create a static route like the below graphic that...
I shouldn't be able to ping the address I have set up the static route for?

s

e.g using the 8.8.8.8 target above, pings do reply. In the interim I have setup a firewall rule(s) like:

iptables -I FORWARD -d 8.8.8.8/255.255.255.255 -j REJECT
iptables -I FORWARD -d 45.57.0.0/255.255.128.0 -j REJECT

These custom firewall rules, are they the same as setting up similar static routes?

The firewall rules seems to do the job for the moment (working on WifI & WAN), but I'd want to get my head around why the static routes are not working over WiFi.

I have tested static routes on a TP-LINK mr3420v2 running 17.01.4, it seems to work, but not on the TP-LINK Archer c2600v1.1.

Anyone got any ideas?

2

You mentioned your routes are working on the WAN interface, and that leads me to think that you have an unusual configuration over there. I think you should provide us the whole picture.

3

Your graphic says that Google DNS is on LAN via the router 192.168.2.1.

Usually, this should be WAN, via your ISP's gateway...unless you're spoofing the IP 8.8.8.8 and the other subnet locally.

The firewall rule is to drop the traffic...so I'm a little confused. Can you describe what you want to accomplish?

Then you should set the route to unreachable, prohibit or blackhole.

4

Hi @eduperez @lleachii, thanks for helping out...

My aim is to setup static routes so I can watch US Netflix from Australia. Since Netflix have updated their PS3 app (using a Playstation 3 to view Netflix) I'm required to implement static routes otherwise I'm presented with a 'proxy error', therefore unable to view US Netflix content.

My setup:
Devices =>LEDE router (VPN) 192.168.2.1 =>ISP modem/router 192.168.10.1 =>internet

I've done some more troubleshooting since my original post and have found that whenever I stop assigning a static IP address, the static route works.

I think it stems from /etc/rc.local where I reserved 5x IP's (192.168.2.250-254) to route through 192.168.10.1 (ISP modem/router) instead of the (LEDE router), so some devices appear to have the ISP assigned IP address.

Nevertheless, I won't set a static IP address for the PS3 and continue setting up the static routes as intended.

Oh BTW, if I setup these iptables below, is it the same as setting up the the static routes as shown in the graphic in my first post?

iptables -I FORWARD -d 8.8.8.8/255.255.255.255 -j REJECT
iptables -I FORWARD -d 45.57.0.0/255.255.128.0 -j REJECT
5

Sorry, buy I'm even more confused now... I just hope someone else can help you.

6

See:

7

Thanks, I'll need to take good look at what you put forward regarding WireGuard.

ATM I'm using Openvpn for all clients as the default, and can selectively assign them a static IP whenever I need to route any through my ISP gateway, which works.

It's just that I totally forgot I assigned my laptop WiFi a static IP (for testing) therefore bypassing the static routes altogether!

8

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.