OpenWrt Forum Archive

Topic: 2x OpenWRT, two Subnets and Internet

The content of this topic has been archived on 11 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
finalius
1 Sep 2012, 13:22

Hi all

I'm trying to setup a network with two subnets sharing one internet connection. for the routing between the subnets, I have an NetGear WNDR3700 - the same router is used for routing one subnet to the internet. Both routers running OpenWRT

For better Understanding, I've created this scetch:

         (client)                 router 2
|---------------------|     |---------------------|
|  eth0               |-----|  eth1               |
|  192.168.1.100/32   |     |  192.168.1.1/24     |       router internet
|---------------------|     |---------------------|    |---------------------|
                            |  eth0 (br-lan)      |----|  eth0 (br-lan)      |
                            |  192.168.0.2/24     |    |  192.168.0.1/24     |       THE INTERNET
                            |---------------------|    |---------------------|    |---------------------|
                                                       |  eth1 (dhcp-client) |----|  ethALL             |
                                                       |  12.345.678.901/22  |    |                     |
                                                       |---------------------|    |---------------------|

Those are the requirements.
- 192.168.1.0/24 and 192.168.0.0/24 should be routed using no NAT (straight routing)
- 192.168.1.0/24 clients should be able to access 192.168.0.0/24 clients and the internet - their standard gateway is 192.168.1.1
- 192.168.0.0/24 clients should be able to access 192.168.1.0/24 clients and the internet - their standard gateway is 192.168.0.1
- router internet should NAT every client (both 192.168.1.0/24 and 192.168.0.0/24) to the internet.

Once I have this routing set up, I'll add restrictions on the separate iptables of each router, but I'm already struggling here - however, I'm already struggling here.

I've managed to let router2 behave as I like it to by clearing out every iptables rule and add the following two:
-I FORWARD -i br-lan -o eth1 -s 192.168.0.0/24 -d 192.168.1.0/24 -j ACCEPT
-I FORWARD -i eth1 -o br-lan -s 192.168.1.0/24 -d 192.168.0.0/24 -j ACCEPT

On the internet router, I've added the following route:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     192.168.0.2     255.255.255.0   UG    0      0        0 br-lan

With this setup, clients in 192.168.0.0/24 can both access the internet and 192.168.1.0/24. clients in 192.168.1.0/24 can access 192.168.0.0/24, but not the internet.

any ideas (or proposals how to implement this differently?)

thanks in advance!

Post #2
jow
1 Sep 2012, 17:22

"router internet" needs a static route to 192.168.1.0/24 via 192.168.0.2 on br-lan

Post #3
vmark
14 Sep 2012, 06:10

I had the same problem (exept the fact my "router internet" is not OpenWRT based (too weak for that) - but it is not relevant.

My WORKING config:

In /etc/config/firewall, use in

config zone
        option name               wan
        option masq               1
        option masq_dest    !192.168.0.0/24

This asks router 2 to masquerade data which is going to internet, but do not masqueade for your "outer" LAN.
It worked for me (after many-many hours of trials to config "router internet").

(Last edited by vmark on 14 Sep 2012, 07:16)

The discussion might have continued from here.