I recently acquired the Opal router and I’m quite happy with it. However I’m having troubles figuring out how to access devices (or the router web interface at 192.168.8.1) from a computer located in the “main” subnetwork on my LAN (a device connected to the ISP router).
Here is a simplified diagram of my local network:
I would like to access everything behind the Opal router from Computer 1. With access I mean to be able to enter the Opal router configuration or to connect via SSH to Computer 2 for example.
Inside the router’s configuration I saw the LAN IP configuration settings, where I can set a different range or subnet:
In addition to Opal firewall config to allow incoming from the laptop, should there be a 192.168.1.x WAN address specified for the Opal, and on the laptop configure the Opal WAN interface as gateway to 192.168.8.0/24 ?
Can you expand on your suggestion? I already changed the Firewall part on the Opal but as it doesn’t seem to work yet.
You are proposing some changes on the laptop itself? Please keep in mind that the diagram I used is a simplified version on my network. In the real network there are several devices in both sides (behind the Opal router and in my “main” subnet.
If I disable masquerading I lose access to the WAN entirely (no Internet or access to the upper router)
Maybe I’m missing some config on the upper router as you suggest? I’m going to investigate that. Any hint on what I should be looking for in order to set the routing?
Sure @Tlobo. Maybe @admon can check my thinking on this and correct me if I am mistaken. Can I assume that the ISP router is using DHCP to assign IP addresses on the 192.168.1.0/24 network, and that it also advertises itself (192.168.1.1) as the default gateway? So all traffic sent to addresses outside 192.168.1.0/24 will be picked up by the router and forwarded to the internet. We don’t want that to happen for destinations in 192.168.8.0/24. We want the ISP router to ignore traffic on its LAN and instead we want 192.168.1.11 (or whatever Opal WAN IP address). So don’t we need the configure something, a gateway or static route so that the ISP router does not act on traffic with source 192.168.1.0/24 and destination 192.168.8.0/24? Otherwise won’t this traffic also be forwarded to the internet?
The process of how I got it working is documented in the different messages of this post, but I’m gonna do a summary of what I did in case it helps someone:
1.- Go to LuCI (the web interface of OpenWrt, on my Opal router is under More settings -> Advanced)
2.- In the top menu go to Network -> Firewall. Here, in the Zones you’ll have the wan zone restricting traffic to everything behind your Opal router, you need to accept traffic to the lan interface and uncheck the Masquerading and MSS clamping
3.- On your ISP router, go to Routing section (this will be different depending on your model) and add a destination to your Opal router subnet 192.168.8.0. As an example this is how it looks on mine:
maybe I’m missing something?
thanks a lot!!!
