Subnetting Assistance

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
usaf-lt-g
DD-WRT Novice


Joined: 16 Mar 2012
Posts: 49

PostPosted: Wed Nov 06, 2024 19:03    Post subject: Subnetting Assistance Reply with quote
I'm really not an expert on setting up subnets, I took some CCNA certification wayyyyyyy back in the day (like early 90s) and haven't touched subnetting since and am looking for a little help.

My main network (only network really, other than some remote VPN point to points I have setup between 2 other remote dd-wrt routers) is the only network i currently have setup. This is on the X.X.3 subnet.

I have a pretty elaborate Christmas Light show setup that utilizes multiple wireless controllers (circa 30 some individual controllers. Rough math, 500 lights per controller, 15,000 addressable lights). Each controller needs it's own IP.

I'd like to setup another DD-WRT based router / Wireless AP outside, but I want it on it's own subnet, but I need to be able to access all controllers from the X.X.3 subnet. The main server that will control the lightshow itself, will be on the .3 Subnet.

I don't believe the new subnet will need access to the internet, only the LAN to access the server, and for .3 devices to access whatever the new subnet is.

Would someone be able to help walk me through how I set this up on both routers so that communication / traffic is flowing correctly as I outlined?

EDIT: - I Will need the new subnet (.10) to be able to access the internet


Last edited by usaf-lt-g on Sun Nov 24, 2024 15:28; edited 1 time in total
Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9357

PostPosted: Thu Nov 07, 2024 16:29    Post subject: Reply with quote
Daisy chain the new DD-WRT router to the existing primary router (presumably DD-WRT as well), WAN to LAN respectively.

Now add the following to the firewall script on the new DD-WRT router.

Code:
WAN_NET="$(nvram get wan_ipaddr)/$(nvram get wan_netmask)"
WAN_IF="$(ip route | awk '/^default/{print $NF}')"

iptables -I FORWARD -i br+ -o $WAN_IF -j REJECT
iptables -I FORWARD -i br+ -o $WAN_IF -d $WAN_NET -j ACCEPT
iptables -I FORWARD -i $WAN_IF -j ACCEPT
iptables -I INPUT   -i $WAN_IF -j ACCEPT


Finally, add a static route to the primary router that points to the WAN ip of the new DD-WRT router as the gateway to the IP network behind it.

_________________
ddwrt-bind-static-routes-to-wan.sh (UPDATED! 11/12/24) * ddwrt-blacklist-domains.sh * ddwrt-dns-monitor.sh * ddwrt-ovpn-client-backup.sh * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-server-watchdog.sh * ddwrt-ovpn-split-advanced.sh * ddwrt-ovpn-split-basic.sh * ddwrt-mount-usb-drives.sh * ddwrt-wol-port-forward.sh
usaf-lt-g
DD-WRT Novice


Joined: 16 Mar 2012
Posts: 49

PostPosted: Sun Nov 24, 2024 4:30    Post subject: Reply with quote
eibgrad wrote:
Daisy chain the new DD-WRT router to the existing primary router (presumably DD-WRT as well), WAN to LAN respectively.

Now add the following to the firewall script on the new DD-WRT router.

Code:
WAN_NET="$(nvram get wan_ipaddr)/$(nvram get wan_netmask)"
WAN_IF="$(ip route | awk '/^default/{print $NF}')"

iptables -I FORWARD -i br+ -o $WAN_IF -j REJECT
iptables -I FORWARD -i br+ -o $WAN_IF -d $WAN_NET -j ACCEPT
iptables -I FORWARD -i $WAN_IF -j ACCEPT
iptables -I INPUT   -i $WAN_IF -j ACCEPT


Finally, add a static route to the primary router that points to the WAN ip of the new DD-WRT router as the gateway to the IP network behind it.


Hmmm.... did all this but seem to be having no luck. In fact, I can't even get the new router to be able to hit anything on the internet (i.e. can't even get to www.google.com) let alone locally.

The new router is in operating mode: Router
the router that's connected to the internet is in operating mode: Gateway

The new router has the following settings:
Local IP Address: 192.168.10.1 / 24
Gateway - Blanked to 0.0.0.0
Local DNS - Blanked to 0.0.0.0

Under Advanced Routing, only the operating mode was changed to Router

Under Administration Commands --> Firewall. It is input as you have suggested above.

This router is receiving a WAN IP of: 192.168.3.198

The primary router has the following settings:
Local IP Address: 192.168.3.1 / 24
Gateway - Blanked to 0.0.0.0
Local DNS - Blanked to 0.0.0.0

Under Advanced Routing:

Operating Mode - Gateway
Dynamic Routing Interface - Disable
Routing Tables:
Route Name: GarageRouter
Destination LAN NET: 192.168.10.0 / 24
Gateway: 192.168.3.198
Interface: LAN & WLAN
Metric: 0
Masquerade Route (NAT) - Checked

Everything else underneath Masquerade Route (NAT) is unchecked

Under Administration Commands --> Firewall
Nothing changed here. I already have 3 rules in there for some VPN traffic that are all working just fine, I haven't modified anything else.

I can access locally both the .10 subnet and .3 subnet from either router. But when on the .10 subnet, I can not access the internet.
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6968
Location: Romerike, Norway

PostPosted: Sun Nov 24, 2024 9:15    Post subject: Reply with quote
NAT shall not be checked.

Enter this on Internet facing router:

iptables -t nat -A POSTROUTING -o `get_wanface` -j
usaf-lt-g
DD-WRT Novice


Joined: 16 Mar 2012
Posts: 49

PostPosted: Sun Nov 24, 2024 15:12    Post subject: Reply with quote
Per Yngve Berg wrote:
NAT shall not be checked.

Enter this on Internet facing router:

iptables -t nat -A POSTROUTING -o `get_wanface` -j


Removed the nat check, copied and pasted the above to Router 1, however, still no internet access on the .10 subnet.

Also just for clarification. Both routers are R9000s, on DD-WRT v3.0-r58694 std (11/18/24).
usaf-lt-g
DD-WRT Novice


Joined: 16 Mar 2012
Posts: 49

PostPosted: Sun Nov 24, 2024 15:20    Post subject: Reply with quote
Not sure if this helps, But I've attached the routing Table entry list for both the main router, and the secondary router:
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6968
Location: Romerike, Norway

PostPosted: Sun Nov 24, 2024 17:36    Post subject: Reply with quote
The routing look correct.

Can you access 192.168.3.1 and 192.168.4.1 from 192.168.10.0?
usaf-lt-g
DD-WRT Novice


Joined: 16 Mar 2012
Posts: 49

PostPosted: Sun Nov 24, 2024 18:05    Post subject: Reply with quote
Per Yngve Berg wrote:
The routing look correct.

Can you access 192.168.3.1 and 192.168.4.1 from 192.168.10.0?


The .10 Subnet (192.168.10.1) can access the .3 and .10 subnet which is what I want. But it cannot access the internet, which is on the .3. I can also get to 192.168.10.1 from any device on the .3.

The .3 is the only Gateway in the network and hosts the internet. But any device that gets added to the .10 can't get out to the internet.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 13445
Location: Netherlands

PostPosted: Sun Nov 24, 2024 18:15    Post subject: Reply with quote
You have to open up the firewall of the downstream router for traffic from the upstream router.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
usaf-lt-g
DD-WRT Novice


Joined: 16 Mar 2012
Posts: 49

PostPosted: Sun Nov 24, 2024 19:43    Post subject: Reply with quote
egc wrote:
You have to open up the firewall of the downstream router for traffic from the upstream router.


Not entirely sure what you mean / how to do this. Can you provide an example?

Downstream router is Router 2 (.10), Upstream is Router 1, Gateway Router (.3)?
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6968
Location: Romerike, Norway

PostPosted: Sun Nov 24, 2024 20:09    Post subject: Reply with quote
iptables -I FORWARD -i `get_wanface` -j ACCEPT
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum