Access devices behind GL-SFT1200 (Opal) from different local subnet

Hello there!!

I recently acquired the Opal router and I’m quite happy with it. However I’m having troubles figuring out how to access devices (or the router web interface at from a computer located in the “main” subnetwork on my LAN (a device connected to the ISP router).
Here is a simplified diagram of my local network:

I would like to access everything behind the Opal router from Computer 1. With access I mean to be able to enter the Opal router configuration or to connect via SSH to Computer 2 for example.

Inside the router’s configuration I saw the LAN IP configuration settings, where I can set a different range or subnet:

But I’m not sure if by setting this to the 192.168.1.X of my “main” subnet will cause any issues or is this the way to go?

Any help is highly appreciated.


It will kill the network, don’t do it.

You will need to utilize luci for changing the WAN zone:

In addition to Opal firewall config to allow incoming from the laptop, should there be a 192.168.1.x WAN address specified for the Opal, and on the laptop configure the Opal WAN interface as gateway to ?

Thanks for the answer @admon
I changed the WAN zone to allow access to the LAN:

But it doesn’t seem like I can access it :thinking: maybe I’m missing something?

Masquerading should be disabled, I would say.
And you must tell your upper router that there is a route to the network behind the GL-SFT

Thanks for the insight @steep01

Can you expand on your suggestion? I already changed the Firewall part on the Opal but as it doesn’t seem to work yet.
You are proposing some changes on the laptop itself? Please keep in mind that the diagram I used is a simplified version on my network. In the real network there are several devices in both sides (behind the Opal router and in my “main” subnet.

If I disable masquerading I lose access to the WAN entirely (no Internet or access to the upper router) :thinking:

Maybe I’m missing some config on the upper router as you suggest? I’m going to investigate that. Any hint on what I should be looking for in order to set the routing?


Static routing should be the name of the menu / settings page.
Maybe Routing in general.

1 Like

Yeees :tada::tada::tada:
It’s working now :slight_smile: thanks a lot!!!

EDIT: It looks like you figured it out.

Sure @Tlobo. Maybe @admon can check my thinking on this and correct me if I am mistaken. Can I assume that the ISP router is using DHCP to assign IP addresses on the network, and that it also advertises itself ( as the default gateway? So all traffic sent to addresses outside will be picked up by the router and forwarded to the internet. We don’t want that to happen for destinations in We want the ISP router to ignore traffic on its LAN and instead we want (or whatever Opal WAN IP address). So don’t we need the configure something, a gateway or static route so that the ISP router does not act on traffic with source and destination Otherwise won’t this traffic also be forwarded to the internet?

1 Like

Maybe just post screenshot of your settings.

Seems that setting static route only on SFT1200 will not affect anything on your your Computer 1. Unless you need port forward or drop-in gateway mode

It’s already working :wink:

I know. But I don’t understand how exactly.

The route on the main router wasn’t defined. So the main router wasn’t able to route traffic to the network behind the SFT.

The process of how I got it working is documented in the different messages of this post, but I’m gonna do a summary of what I did in case it helps someone:

1.- Go to LuCI (the web interface of OpenWrt, on my Opal router is under More settings -> Advanced)
2.- In the top menu go to Network -> Firewall. Here, in the Zones you’ll have the wan zone restricting traffic to everything behind your Opal router, you need to accept traffic to the lan interface and uncheck the Masquerading and MSS clamping
3.- On your ISP router, go to Routing section (this will be different depending on your model) and add a destination to your Opal router subnet As an example this is how it looks on mine:

And I think that’s all you need, now you can access the devices behind your Opal router from your “main” subnet.