OpenWrt Forum Archive

Topic: forwarding between vlan and bridged lans

The content of this topic has been archived on 27 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Hallo,

I have a Asus WL500gP running Openwrt, and a separate dsl modem.
So far everything works, all boxes except the dsl modem get ip addresses from 192.168.11.0/24.
The dsl modem is normally also a router, but i disabled its routing functionality, allowing only dsl passthrough (to have openwrt call my provider with pppoe).
But, the dsl modem also has an ip address of 192.168.10.1. To connect from openwrt i just use the same virtual device, eth0.1, which is also used for the dsl passthrough. This works perfect, i can telnet from openwrt to this modem management interface.

Now my question is: How can i configure the openwrt firewall, to forward clients from the openwrt network (192.168.11.1) to get access to the modem?

I guess for some iptables guruz it's just a second of a thought, but i'm now trying for 1.5 hours and still no luck...


Thanks in advance for your help!

max

ps: except this "ifconfig eth0.1 192.168.10.55" i didn't configure anything different from the default so far...

(Last edited by max2k5 on 27 Sep 2007, 17:01)

not sure that the rest of the iptables rules look like but you would need something like

iptables -{I|A} FORWARD -s 192.168.11.0/24 -i <locallan interface> -d 192.168.10.1/32 -o eth0.1 -j ACCEPT

I think I have found a solution, though I have to check in the evening if it's really working.

I really didn't understand why it isn't working how it is now setup.

modem          |    router                 | client
-------------      -----------------------  ------------------
192.168.10.1  | 192.168.10.55        |
                     | 192.168.11.1          | 192.168.11.77
-------------------------------------------------------------

When I ping from the client the modem, I get no reply. I thought, the router isn't forwarding the packet.
But in fact the problem is, that most likely the modem doesn't know how to send packets to the 192.168.11.0/24 network, because it doesn't have a default route set to the 192.168.10.55 address of the router.

So I think, I have to just enable NAT/Masquerading for the vlan address 192.168.10.55 on the router, so that all packets from my client to the modem will be seen at the modem as origination from 192.168.10.55.
This can be done by
iptables -t nat -A POSTROUTING -o eth0.1 -j MASQUERADE

Right?

I will check later...


Thanks!
max


Edit: Yup, this is it! Working!

(Last edited by max2k5 on 28 Sep 2007, 17:32)

I can't get this to fully work in Kamikaze 7.06. I can ping the modem from the router after setting the WAN port IP on the router to match the modem's network. However, I can't find a proper masquerading iptables command. I tried:

# iptables -t nat -I postrouting_rule -i eth0.1 -j MASQUERADE

I just guessed that POSTROUTING is replaced with postrouting_rule in kamikaze.

100% of my LAN machine's ping packets get lost, and the following shows that the rule isn't even being matched:

# iptables -t nat -L postrouting_rule -v
Chain postrouting_rule (1 references)
pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  eth0.1 any     anywhere             anywhere

Please let me know if you can tell what I need to know in order to be able to make this work.

Oh, apparently, I had to do some forwarding too:
iptables -A forwarding_rule -d $MODEMIP -j ACCEPT
for example.

The discussion might have continued from here.