Posted: Sat Jan 12, 2019 5:17 Post subject: DD-WRT Subnet Static Routes
Hello All, I'm a bit defeated right now, banging my head trying to get my setup working.
Use case:
I live with a few other people. We have an ASUS router for everyone. I however would prefer to use DD-WRT and have my own network for devices. Additionally I want to eventually create a vlan with an additional setup for VMs and such, but not until I resolve the main issue.
Our main router is a ASUS RT-AC31000, my router is a ASUS RT-N66U running dd-wrt.
I think this problem really is down to network config and not router specific, or else I'd post to one of the other forums.
Physical setup:
I have an Ethernet cable running from one of the lan ports on the main AC31000 to the wan port on the N66U, that should be correct.
N66U my dd-wrt secondary router is currently running in Operating Mode: Router
I will try to replicate diagram from the linked guide above:
Code:
+----------+ +--------------------------+ +-------------------------+
| Internet | ---> | Router 1: AC31000 | ---> | Router 2: N66U |
+----------+ | WAN IP: ISP Provided | | WAN IP: 10.1.1.241 |
| WAN Subnet: ISP Provided | | WAN Sub: 10.1.1.0/24 |
| LAN IP: 10.1.1.1 | | LAN IP: 192.168.1.1 |
| LAN Subnet: 10.1.1.0/24 | | LAN Sub: 192.168.1.0/24 |
+--------------------------+ +-------------------------+
FWIW to show the router 1 to router 2 static route I've attached a picture of what it looks like in the ASUS router tools.
Finally as part of the guide I ran the following IP tables rules on Router 2, I didn't change anything on the ASUS router, but when I fully disabled the firewall nothing changed.
Code:
iptables -I FORWARD -s 10.1.1.0/24 -j ACCEPT
Debugging:
I'm pretty awful at networking so here is just some basic info, maybe it helps:
Code:
➜ ~ sudo traceroute -I 192.168.1.4 # Connected to router 1 trying to route to RasPi.
traceroute to 192.168.1.4 (192.168.1.4), 30 hops max, 60 byte packets
1 router.asus.com (10.1.1.1) 1.800 ms 1.727 ms 1.719 ms
2 * * *
3 *^C
➜ ~ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default router.asus.com 0.0.0.0 UG 20600 0 0 wlp2s0
10.1.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp2s0
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 wlp2s0 │··
Code:
➜ ~ sudo ip route add 192.168.1.0/24 via 10.1.1.241 dev wlp2s0 # It didn't work so I thought I should try a static route from my laptop.
➜ ~ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default router.asus.com 0.0.0.0 UG 600 0 0 wlp2s0
10.1.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp2s0
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 virbr0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.1.0 bifrost 255.255.255.0 UG 0 0 0 wlp2s0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
➜ ~ sudo traceroute -I 192.168.1.4
traceroute to 192.168.1.4 (192.168.1.4), 30 hops max, 60 byte packets
1 bifrost (10.1.1.241) 303.633 ms 303.629 ms 303.732 ms # Not sure this was any better
2 * * *
3 *^C
Code:
root@bifrost:~# route # SSH-ed into dd-wrt
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.1.1.1 0.0.0.0 UG 0 0 0 vlan2
10.1.1.0 * 255.255.255.0 U 0 0 0 vlan2
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
root@bifrost:~# Connection to 192.168.1.1 closed.
➜ ~ sudo traceroute -I 10.1.1.53 # Trying to get from RasPi to device on router 1
traceroute to 10.1.1.53 (10.1.1.53), 30 hops max, 60 byte packets
1 _gateway (192.168.1.1) 1.142 ms 1.243 ms 1.363 ms
2 * * *
3 * * *
4 * *^C
Wrapping up
I yield to the experts here, I appreciate any help, this is sort of a frustrating situation. If you believe this is caused by how the ASUS router 1 (no dd-wrt) then I will try to talk to their support.
Joined: 18 Mar 2014 Posts: 12839 Location: Netherlands
Posted: Sat Jan 12, 2019 9:33 Post subject:
To get it working you only have to reset the N66 to defaults and plug in the cable on its WAN port.
You will have access from clients on the N66 to internet and to clients on the AC3100, but not the other way around.
If you want to have access from AC3100 to N66 then you have to tweak the settings on the N66 (opening the firewall) and set a static route to the N66 on the AC3100.
I attach my notes how I do this (hint: do not set the N66 in router mode but keep it in gateway mode)
It was a good recommendation to reset the router back to the base DDWRT.
After doing that I replayed the steps you provided to me. It didn't work right away as I anticipated.
Unlike prior attempts this time I wasn't given a WAN IP on router2, something must have went wrong and I had to flip the WAN bridge on and off LAN in the VLAN section. It is now back to being Assigned to Bridge None and as expected the LAN IP from subnet1 router1 for router2 shows as WAN IP in router2's config.
After that hiccup resolved, I was able to go from router2 to internet no problem. From router1 I could only ICMP ping to clients in router2, as I would expect.
I applied the iptables rules like you mentioned, this time from the web console rather than SSH.
Finally, after doing all that. I am up and running. Now time to setup my vlan for my VMs.