Posted: Sun Jan 01, 2023 17:23 Post subject: [SOLVED] How to see devices on guest network?
I have home setup with Opwnwrt as a DHCP server and DD-WRT as an AP.
In DD-WRT I have configured guest network for all my smart home devices which are NET-, AP-isolated.
I need to see smart devices in guest (192.168.2.X) network from my main (192.168.1.X) network. How to?
Everything else is working as expected - guests can't see each other nor devices in main network (192.168.1.X), but are able to access internet.
Code:
+-----------------------+
| Openwrt (DHCP Server) |
| 192.168.1.1 |
+-----------------------+
|
|
|
+----------------------------------------------------+
| DD-WRT |
| 192.168.1.2 |
| |
| WAN Disabled |
| Gateway 192.168.1.1 |
| Type DHCP Server |
| DHCP Server Disabled |
| |
| |
| +-----------------+ +-----------------------------+|
| | AP wl0 | | Guest VLAN wl0.1 ||
| | | | ||
| | | | Unbridged ||
| | | | Net Isolation: Yes ||
| | | | Forced DNS Redirection: Yes ||
| | | | Optional DNS Target 1.1.1.1 ||
| | | | IP Address 192.168.2.1/24 ||
| | | | AP Isolation: Yes ||
| +-----------------+ +-----------------------------+|
+---------|--------------------------------|---------+
| |
| |
+---------------+ +-------------+
| ClientA | |ClientB |
| 192.168.1.195 |---------------> |192.168.2.30 |
+---------------+ How to access +-------------+
B from A?
Firewalll:
Code:
iptables -I FORWARD -i wl0.1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
DD-WRT being used: v3.0-r49212 std (06/16/22) on Netgear Nighthawk R7000P
I appreciate explaining simple - I may be missing basic networking concepts.
Last edited by hasselmuf on Mon Jan 02, 2023 15:41; edited 1 time in total
Joined: 15 Aug 2016 Posts: 223 Location: Melbourne, Australia
Posted: Mon Jan 02, 2023 3:02 Post subject:
I am not familiar with those specific commands.
But for a start, i assume you executed those commands at the OpenWRT router? Not at the DDWRT router. _________________ Life is a journey; travel alone makes it less enjoyable and lonely.
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Mon Jan 02, 2023 10:24 Post subject:
There are a number of things you have to take into account
One is if there are iptables rules blocking it (aka net isolation). You do have a rule blocking acces from your guest wifi to your main router but it is state new so you should have access the other way around.
Joined: 15 Aug 2016 Posts: 223 Location: Melbourne, Australia
Posted: Mon Jan 02, 2023 10:52 Post subject:
A clarification.
As the DDWRT router's WAN is disabled (i.e. it's connected to OpenWRT via a LAN port and therefore functions as a switch), the commands have to be run at the OpenWRT router for traffic to cross network boundaries.
Therefore, the query should be with OpenWRT forum. So to speak.
But I am sure he is still welcomed here.
Cheers _________________ Life is a journey; travel alone makes it less enjoyable and lonely.
Another thing is if there is a route to your guest wifi from the main net work and I think that could be missing.
On your main router (the openwrt router) you have to add a route, from the CLI (telnet/SSH/Putty), something like:
ip route add 192.168.2.0/24 via 192.168.1.2
Exactly this! All configuration and firewall comands were done on DD-WRT. But adding a route in Openwrt router solved the problem.
Thank you and DWCruiser too for pointing in right direction.