DD-WRT Subnet Static Routes

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
Author Message
vkl3
DD-WRT Novice


Joined: 12 Jan 2019
Posts: 2

PostPosted: Sat Jan 12, 2019 5:17    Post subject: DD-WRT Subnet Static Routes Reply with quote
Hello All, I'm a bit defeated right now, banging my head trying to get my setup working.

Use case:

I live with a few other people. We have an ASUS router for everyone. I however would prefer to use DD-WRT and have my own network for devices. Additionally I want to eventually create a vlan with an additional setup for VMs and such, but not until I resolve the main issue.

Our main router is a ASUS RT-AC31000, my router is a ASUS RT-N66U running dd-wrt.

I think this problem really is down to network config and not router specific, or else I'd post to one of the other forums.

Physical setup:

I have an Ethernet cable running from one of the lan ports on the main AC31000 to the wan port on the N66U, that should be correct.

Software/Network configs:

Might be worth pointing out I tried best to follow this guide (I wish all my routers were running dd-wrt..): https://wiki.dd-wrt.com/wiki/index.php/Linking_Subnets_with_Static_Routes

N66U my dd-wrt secondary router is currently running in Operating Mode: Router

I will try to replicate diagram from the linked guide above:

Code:

+----------+       +--------------------------+       +-------------------------+
| Internet |  ---> | Router 1: AC31000        |  ---> | Router 2: N66U          |
+----------+       | WAN IP: ISP Provided     |       | WAN IP: 10.1.1.241      |
                   | WAN Subnet: ISP Provided |       | WAN Sub: 10.1.1.0/24    |
                   | LAN IP: 10.1.1.1         |       | LAN IP: 192.168.1.1     |
                   | LAN Subnet: 10.1.1.0/24  |       | LAN Sub: 192.168.1.0/24 |
                   +--------------------------+       +-------------------------+


FWIW to show the router 1 to router 2 static route I've attached a picture of what it looks like in the ASUS router tools.

Finally as part of the guide I ran the following IP tables rules on Router 2, I didn't change anything on the ASUS router, but when I fully disabled the firewall nothing changed.

Code:

iptables -I FORWARD -s 10.1.1.0/24 -j ACCEPT


Debugging:

I'm pretty awful at networking so here is just some basic info, maybe it helps:

Code:

➜  ~ sudo traceroute -I 192.168.1.4 # Connected to router 1 trying to route to RasPi.
traceroute to 192.168.1.4 (192.168.1.4), 30 hops max, 60 byte packets
 1  router.asus.com (10.1.1.1)  1.800 ms  1.727 ms  1.719 ms
 2  * * *
 3  *^C
➜  ~ route                                                                     
Kernel IP routing table                                                         
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface   
default         router.asus.com 0.0.0.0         UG    20600  0        0 wlp2s0 
10.1.1.0        0.0.0.0         255.255.255.0   U     600    0        0 wlp2s0 
link-local      0.0.0.0         255.255.0.0     U     1000   0        0 wlp2s0  │··


Code:

➜  ~ sudo ip route add 192.168.1.0/24 via 10.1.1.241 dev wlp2s0 # It didn't work so I thought I should try a static route from my laptop.
➜  ~ route 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         router.asus.com 0.0.0.0         UG    600    0        0 wlp2s0
10.1.1.0        0.0.0.0         255.255.255.0   U     600    0        0 wlp2s0
link-local      0.0.0.0         255.255.0.0     U     1000   0        0 virbr0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.1.0     bifrost         255.255.255.0   UG    0      0        0 wlp2s0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
➜  ~ sudo traceroute -I 192.168.1.4
traceroute to 192.168.1.4 (192.168.1.4), 30 hops max, 60 byte packets
 1  bifrost (10.1.1.241)  303.633 ms  303.629 ms  303.732 ms # Not sure this was any better
 2  * * *
 3  *^C


Code:

root@bifrost:~# route # SSH-ed into dd-wrt
Kernel IP routing table
Destination  Gateway  Genmask        Flags Metric Ref Use Iface
default      10.1.1.1 0.0.0.0        UG 0 0 0 vlan2
10.1.1.0     *         255.255.255.0 U 0 0 0 vlan2
127.0.0.0    *         255.0.0.0     U 0 0 0 lo
169.254.0.0  *         255.255.0.0   U 0 0 0 br0
192.168.1.0  *         255.255.255.0 U 0 0 0 br0
root@bifrost:~# Connection to 192.168.1.1 closed.
➜ ~ sudo traceroute -I 10.1.1.53 # Trying to get from RasPi to device on router 1
traceroute to 10.1.1.53 (10.1.1.53), 30 hops max, 60 byte packets
1 _gateway (192.168.1.1) 1.142 ms 1.243 ms 1.363 ms
2 * * *
3 * * *
4 * *^C


Wrapping up

I yield to the experts here, I appreciate any help, this is sort of a frustrating situation. If you believe this is caused by how the ASUS router 1 (no dd-wrt) then I will try to talk to their support.

Thanks!



Screenshot from 2019-01-11 22-16-55.png
 Description:
 Filesize:  28.25 KB
 Viewed:  4524 Time(s)

Screenshot from 2019-01-11 22-16-55.png


Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12839
Location: Netherlands

PostPosted: Sat Jan 12, 2019 9:33    Post subject: Reply with quote
To get it working you only have to reset the N66 to defaults and plug in the cable on its WAN port.
You will have access from clients on the N66 to internet and to clients on the AC3100, but not the other way around.

If you want to have access from AC3100 to N66 then you have to tweak the settings on the N66 (opening the firewall) and set a static route to the N66 on the AC3100.
I attach my notes how I do this (hint: do not set the N66 in router mode but keep it in gateway mode)



DDWRT Multiple subnets Public.doc
 Description:

Download
 Filename:  DDWRT Multiple subnets Public.doc
 Filesize:  97 KB
 Downloaded:  167 Time(s)


_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
vkl3
DD-WRT Novice


Joined: 12 Jan 2019
Posts: 2

PostPosted: Sun Jan 13, 2019 0:47    Post subject: Reply with quote
Thanks I appreciate the notes.

It was a good recommendation to reset the router back to the base DDWRT.

After doing that I replayed the steps you provided to me. It didn't work right away as I anticipated.

Unlike prior attempts this time I wasn't given a WAN IP on router2, something must have went wrong and I had to flip the WAN bridge on and off LAN in the VLAN section. It is now back to being Assigned to Bridge None and as expected the LAN IP from subnet1 router1 for router2 shows as WAN IP in router2's config.

After that hiccup resolved, I was able to go from router2 to internet no problem. From router1 I could only ICMP ping to clients in router2, as I would expect.

I applied the iptables rules like you mentioned, this time from the web console rather than SSH.

Finally, after doing all that. I am up and running. Now time to setup my vlan for my VMs.

Thank you so much.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum