Posted: Thu May 02, 2019 7:13 Post subject: Routing between 2 subnet on the same router
I set up my router with 2 wireless subnets on my router following https://wiki.dd-wrt.com/wiki/index.php/Multiple_WLANs:
* 192.168.1.0/24 for my data server, laptop, subnet connected to LAN and WAN.
* 192.168.2.0/24 for a bunch of sensors platform using RaspberryPi or similar
I want to have my second subnet 192.168.2.0 connected to LAN and the first WLAN subnet 192.168.1.0, in order to access directly to the sensor (for example at 192.168.2.142) from my laptop (192.168.1.13).
I tried to bridge the interface without success (often I ended up to lose the separate subnet, or have the subnet gaining access to internet.
I tried to create a route in between the two subnets with:
* Destination LAN NET: 192.168.2.0
* Subnet Mask: 255:255:255:0
* Gateway: 192.168.1.1
Without success. When Pinging I got the following error "Redirect Host(New nexthop: 192.168.2.141)"
I supposed it was as easy as:
* tell Laptop that SUBNET1 is his default gateway (normally done through dhcp)
* tell Sensor that SUBNET2 is his default gateway (normally done through dhcp)
* tell SUBNET1 that "WAN"-router is his default gateway.
* tell SUBNET1 that requests to 192.168.2./24 will be routed through SUBNET2 (static route)
* tell SUBNET2 that SUBNET1 is his default gateway (via routing)
I am open to any suggestion to make this works, and if this is a stupid idea, just let me know.
Let's clarify a few things here before even getting into how to achieve your goals.
It makes no sense to bridge the primary and VAP networks. Once the two networks are assigned to the same bridge, any configuration you applied to the VAP becomes irrelevant. A bridge subsumes all the network interfaces assigned to it. The only thing configurable at that point is the bridge itself. IOW, it's the bridge that gets assigned an IP network, a DHCP server, etc. So we can put the whole notion of bridging these networks aside for the moment, since it makes no sense.
As far as adding a route, since the router is hosting all the IP networks being discussed, the router already knows how to route between them. You only need to add a route when the router does NOT know how to find a given network (e.g., it's being hosted on some other device (probably a router/gateway)). So adding routes is irrelevant in this case too.
When you created that second VAP and gave it an IP network (192.168.2.x), it then became possible to route between that VAP and the existing network (192.168.1.x). By default, there are no restrictions placed between those networks as to who can access whom. For that to happen, you need to use firewall rules. I prefer the old school method of just writing your own, if only because it gives you more flexibility. But the GUI does provide an all or nothing option via the Net Isolation option.