OpenWrt Forum Archive

Topic: How to connect OpenWRT behind another router

The content of this topic has been archived on 30 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
eone
11 Jun 2013, 09:14

Hi

I am new to OpenWRT. My environment:

OpenWrt Backfire 10.03.1

A Dlink DIR 655 Router is connected to the internet.The Dlink router is connected to an internal network: 192.168.0.0/24 with ip address 192.168.0.1

I connected OpenWRT to Dlink via (OpenWrt's WAN port to Dlink's LAN port)

OpenWRT's /etc/config/network is as follows:

#### VLAN configuration
config switch eth0
        option enable   1

config switch_vlan eth0_0
        option device   "eth0"
        option vlan     0
        option ports    "1 2 3 4 5"

config switch_vlan eth0_1
        option device   "eth0"
        option vlan     1
        option ports    "0 5"

#### Loopback configuration
config interface loopback
        option ifname   "lo"
        option proto    static
        option ipaddr   127.0.0.1
        option netmask  255.0.0.0
#### LAN configuration           
config interface lan             
        option type     bridge   
        option ifname   "eth0.0"
        option proto    static   
        option ipaddr   192.168.1.1
        option netmask  255.255.255.0
                                     
                                     
#### WAN configuration               
config interface        wan         
        option ifname   "eth0.1"     
        option proto    static       
        option ipaddr   192.168.0.54
        option netmask  255.255.255.0
        option gateway  192.168.0.1 
 

The Dlink router  is configured with a static route to 192.168.1.0/24 via 192.168.0.54

I have a machine (192.168.0.22) connected to Dlink router via LAN port

I have a second machine (192.168.1.4) connected to OpenWrt router via LAN port.

The firewall at  machine (192.168.1.4) is disabled.

The firewall at   machine (192.168.0.22) is disabled.

In the /etc/config/firewall, the wan interface's option masq setting is set to 0 (off)

Problem:

1. Machine (192.168.0.22) can ping machine (192.168.1.4) but machine(192.168.1.4) failed to ping Machine (192.168.0.22).

2. Machine (192.168.0.22) failed to ssh Machine (192.168.1.4).

Thank you in advance for help extended.

Regards,

Post #2
lizby
11 Jun 2013, 13:05

Can't speak to why your existing configuration doesn't work, but since your connections are wired, is there a reason why you don't have all the ips on the same subnet, for example 192.168.0.x, with the gateway router plugged into a lan port on the openWrt router?  This works for me.

Post #3
eone
11 Jun 2013, 15:01

Hi

The OpenWrt router is a linksys WRT54Gv2.2 hardware. Previously, with the linksys supplied firmware, I could have 2 different network id by configuring the linksys to act as a router and not a gateway(NAT) and it worked. So I am trying to preserve that setup. I am also doing it as an experiment.

Regards,

Post #4
mazilo
11 Jun 2013, 16:08

Pardon me, I got lost reading your explanation. Perhaps, if you were to use a diagram that shows the connections between the devices, it would probably clear up some confusion.

Post #5
eone
11 Jun 2013, 17:38

Hi

Here is the diagram of my setup

PunBB bbcode test

Regards

Post #6
esters
11 Jun 2013, 18:23

Bumping this thread, because the problem is actual in my case too. I am trying to set up a guest router (WRT54GL with 10.03.1 "Backfire") with exact same setup as member eone. In my case i am unable to connect to internet via the guest router, BUT, i am able to successfully ping an external address from it e.g google.com.
I have tried to disable the firewall on both routers, tried to adjust the route tables but without any success. Much help appreciated.

Post #7
mazilo
11 Jun 2013, 20:19

Unless you can access to the DLink DIR-655 router to make the necessary changes, I would recommend that you put the OpenWRT router as your main router. Once you have your OpenWRT as your main router, you can edit the /etc/config/network file (on your OpenWRT router) to furnish it with the additional route as follows:

config route
        option 'interface' 'lan'
        option 'target'    '192.168.0.0'  # your DLink DIR-655 subnet
        option 'gateway'   '192.168.1.x'  # your DLink DIR-655 WAN IP 
                                          # Address assigned by your
                                          # main (OpenWRT) router
        option 'netmask'   '255.255.255.0'
Post #8
kirschwasser
11 Jun 2013, 23:45

You have three choices:
you enter some static routers on your  D-Link 655, then you can disable the NAT on your OpenWrt-router and everything will work as it should.

or you keep the NAT but work with portforwards on your OpenWrt-Router.

or you switch the two routers and enter static routes on your OpenWrt-Router. Mazilo showed you how.

Post #9
eone
12 Jun 2013, 04:31

Hi kirschwasser

kirschwasser wrote:

you enter some static routers on your  D-Link 655, then you can disable the NAT on your OpenWrt-router and everything will work as it should.

I have access to Dlink Router and have configured the static route to network 192.168.1.0/24 in the Dlink router. So that explains how I am able to ping to machine(192.168.1.4) from machine(192.168.0.22).

esters wrote:

In my case i am unable to connect to internet via the guest router, BUT, i am able to successfully ping an external address from it e.g google.com.

I experience the same thing as esters.

When I was using the Linksys supplied firmware, It was just a matter of changing the mode from gateway to router. I do not have to add any static route in Linksys router. The only static route I added was in the Dlink router that was connected to the internet.

The main question is: How to tell OpenWrt to change from gateway to router mode.

So far I have done the following:

1. Disable Masquerading on WAN interface.

2. Configure the firewall(INPUT,OUTPUT,FORWARD chains) to accept every packets.

Regards,

Post #10
eone
18 Jun 2013, 14:43

Hi

Here is an update after 2 days of trouble-shooting and sniffing packets.

Problem 1:
1. Machine (192.168.0.22) can ping machine (192.168.1.4) but machine(192.168.1.4) failed to ping Machine (192.168.0.22).

Solved

The static route in the Dlink router  clearly did not work. However after I add a static route in Machine (192.168.0.22) itself,  machine(192.168.1.4) was able to ping Machine (192.168.0.22).

Problem 2. Machine (192.168.0.22) failed to ssh Machine (192.168.1.4).

Solved. Adding the static route in Machine(192.168.0.22) itself also solved this problem.

Problem 3. Unable to connect to internet via the OpenWRT router, BUT, i am able to successfully ping an external address from it e.g google.com. (Actually, this problem was brought up by member esters)

Solved. The problem lies in the Dlink DIR-655's NAT function. DIR-655 Version A1 can NAT any source ip from its subnet or external subnet(192.168.1.0/255). However, last week I RMA the version A1 to exchange for version B1. DIR-655 version B1 will only NAT source IP from its own subnet. It will not NAT ip packets with source address from external subnet(192.168.1.0/255). So to access the internet behind OpenWRT, enable Masquerade from OpenWRT if you have DIR-655 version B1 connected to Internet. This is effectively Double NATing. To mitigate the double NAT, add a rule in OpenWRT to only masquerade packets bound for Internet and not masquerade packed bound for internal LAN.

The discussion might have continued from here.