W
W
WTPIX2016-03-24 11:34:39
Network administration
WTPIX, 2016-03-24 11:34:39

How to organize routing through OpenWRT?

dfc63b95a993431889e748704ab2cf75.png
The bottom line: I can reach OpenWRT from the VM without problems, and then plug it, I can’t forward a separate host. I encounter OpenWRT for the first time, until I found a way to solve the problem. On Mikrotik it was somehow easier to set up.
So, how can I throw this host onto the NeoRouter interface using OpenWRT?
Purpose: With VM to catch the Host.
UPD Why exactly neorouter and openwrt let's omit the question.

Answer the question

In order to leave comments, you need to log in

3 answer(s)
M
Melkij, 2016-03-24
@melkij

You didn't sign the default gateway on the nodes (or even the entire routing label), so I'm trying to guess.
Apparently, neorouter does not know where 192.168.1.212 is located and sends packets not to wrt, but to its default route.
add a static route 192.168.1.0/netmask via 10.1.5.3 to neorouter
If 10.0.2.2 is nested in 10.1.5.2, then no configuration is required on openwrt, it already knows where to send packets.
If I misunderstood according to the scheme what is going on here, then I will also need a static route on openwrt on 10.0.2.0/netmask via 10.1.5.2

S
solalex, 2016-03-24
@solalex

openwrt works for you as NAT or as a bridge? show ifconfig and firewall rules

W
WTPIX, 2016-03-24
@WTPIX

firewall sheet:

spoiler
Chain INPUT (policy ACCEPT 7417 packets, 493K bytes)
pkts bytes target prot opt in out source destination
117K 14M delegate_input all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
615K 437M delegate_forward all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
109K 8904K delegate_output all -- * * 0.0.0.0/0 0.0.0.0/0
Chain delegate_forward (1 references)
pkts bytes target prot opt in out source destination
615K 437M forwarding_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for forwarding */
586K 434M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
29121 3010K zone_lan_forward all -- br-lan * 0.0.0.0/0 0.0.0.0/0
0 0 zone_wan_forward all -- pppoe-wan * 0.0.0.0/0 0.0.0.0/0
0 0 zone_wan_forward all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 zone_wan_forward all -- wlan0 * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain delegate_input (1 references)
pkts bytes target prot opt in out source destination
180 15021 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
117K 14M input_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for input */
22510 7246K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
42618 2211K syn_flood tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
2444 190K zone_lan_input all -- br-lan * 0.0.0.0/0 0.0.0.0/0
80548 4461K zone_wan_input all -- pppoe-wan * 0.0.0.0/0 0.0.0.0/0
4190 1767K zone_wan_input all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 zone_wan_input all -- wlan0 * 0.0.0.0/0 0.0.0.0/0
Chain delegate_output (1 references)
pkts bytes target prot opt in out source destination
180 15021 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
108K 8889K output_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for output */
106K 8758K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
15 5011 zone_lan_output all -- * br-lan 0.0.0.0/0 0.0.0.0/0
1948 126K zone_wan_output all -- * pppoe-wan 0.0.0.0/0 0.0.0.0/0
0 0 zone_wan_output all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 zone_wan_output all -- * wlan0 0.0.0.0/0 0.0.0.0/0
Chain forwarding_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain reject (4 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain syn_flood (1 references)
pkts bytes target prot opt in out source destination
42610 2211K RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 25/sec burst 50
8 404 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_dest_ACCEPT (4 references)
pkts bytes target prot opt in out source destination
15 5011 ACCEPT all -- * br-lan 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_forward (1 references)
pkts bytes target prot opt in out source destination
29121 3010K forwarding_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for forwarding */
29121 3010K zone_wan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* forwarding lan -> wan */
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* Accept port forwards */
0 0 zone_lan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_input (1 references)
pkts bytes target prot opt in out source destination
2444 190K input_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for input */
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* Accept port redirections */
2444 190K zone_lan_src_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_output (1 references)
pkts bytes target prot opt in out source destination
15 5011 output_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for output */
15 5011 zone_lan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_src_ACCEPT (1 references)
pkts bytes target prot opt in out source destination
2444 190K ACCEPT all -- br-lan * 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_dest_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
31069 3137K ACCEPT all -- * pppoe-wan 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * wlan0 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_dest_REJECT (1 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * pppoe-wan 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * wlan0 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_forward (3 references)
pkts bytes target prot opt in out source destination
0 0 forwarding_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for forwarding */
0 0 zone_lan_dest_ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 /* @rule[7] */
0 0 zone_lan_dest_ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:500 /* @rule[8] */
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* Accept port forwards */
0 0 zone_wan_dest_REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_input (3 references)
pkts bytes target prot opt in out source destination
84738 6228K input_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for input */
501 244K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68 /* Allow-DHCP-Renew */
2 72 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 /* Allow-Ping */
98 2744 ACCEPT 2 -- * * 0.0.0.0/0 0.0.0.0/0 /* Allow-IGMP */
1 52 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22/* ssh */
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:22/* ssh */
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* Accept port redirections */
84136 5982K zone_wan_src_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_output (3 references)
pkts bytes target prot opt in out source destination
1948 126K output_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for output */
1948 126K zone_wan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_src_ACCEPT (1 references)
pkts bytes target prot opt in out source destination
80545 4461K ACCEPT all -- pppoe-wan * 0.0.0.0/0 0.0.0.0/0
3591 1521K ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- wlan0 * 0.0.0.0/0 0.0.0.0/0

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question