From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qc0-x233.google.com (mail-qc0-x233.google.com [IPv6:2607:f8b0:400d:c01::233]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 110BE21F2D6 for ; Wed, 13 May 2015 06:36:38 -0700 (PDT) Received: by qcvo8 with SMTP id o8so22281379qcv.0 for ; Wed, 13 May 2015 06:36:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=35JQrKKeHb7MitUIrFS2ARKW2EW3VB9rsjZnOefEhxs=; b=OL+bAaxZg9W6mMedbm6MuVx7X8GZGnritubljl73mtUeWo/FDoLN6kiAimCUEMcam7 /N25at9VbfYjHg17D79WG9rrRhL9dWBMgOarz7aL4oku/TqO6DBghMmcK4PEB1npCT13 T0KX6vrnstbkIs3OzIDPaklz+T9YHQ7LsIr20Sf28xV6K1mx0oZJ3V1wMUYmPBFlC6Zj W7uc/dufuw4Vmp7VnPchAybqIcbtnZxYwlP91QXeAGyweReOXA+7v13wnb6up9BNC2Gc nsMrI8ubzb5yqf5IyFATkeEfMVd83XFuVK6HdZrJhw+fjoWNjC5q8dlG12m+FaOfcof5 CxNQ== X-Received: by 10.55.50.198 with SMTP id y189mr3931734qky.52.1431524196880; Wed, 13 May 2015 06:36:36 -0700 (PDT) Received: from richs-mbp-12839.lan (pool-70-16-105-76.port.east.myfairpoint.net. [70.16.105.76]) by mx.google.com with ESMTPSA id 200sm15557217qhr.13.2015.05.13.06.36.35 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 13 May 2015 06:36:36 -0700 (PDT) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: Rich Brown In-Reply-To: <5553062B.1090204@gmail.com> Date: Wed, 13 May 2015 09:36:34 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: References: <5553062B.1090204@gmail.com> To: cerowrt-devel X-Mailer: Apple Mail (2.1878.6) Subject: Re: [Cerowrt-devel] Replacing CeroWrt with OpenWrt - Routing X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 May 2015 13:37:17 -0000 I was close. I had the proper subnetting (CeroWrt router different from = the OpenWrt...). I had tried turning off NAT, and accepting forwarded = packets in the ge00 firewall, but that wasn't enough.=20 Alan was right. The missing piece was: - set a static IP for ge00 on CeroWrt (secondary router) - add static routes in the OpenWrt (primary) router for the = CeroWrt subnet(s) using that static IP for ge00=20 One other setting needed a tweak. I was not able to access the CeroWrt = web GUI when connected to the OpenWrt (primary) router's wifi. I needed = to turn off the 'blockconfig' rule in the Network -> Firewall -> = TrafficRules to allow configuration traffic in through the "wan" link = that connects the secondary router to the primary. Thanks all! Rich PS My next quest is subnetting/routing in OpenWrt instead of bridging = everything on the LAN side... On May 13, 2015, at 4:07 AM, Alan Jenkins = wrote: > On 13/05/15 02:19, Rich Brown wrote: >> I am working to restore the functionality of my CeroWrt 3.10.50-1 >> router with an OpenWrt BB image. >>=20 >> Things are going pretty well, but I have run into a problem. In the >> past, I frequently used two CeroWrt routers at my home: one was my >> primary, and connected via PPPoE to my DSL link; the other was the >> secondary, and used DHCP on ge00 to get an address from the LAN side >> of the primary router. >>=20 >> My memory is that everything worked fine - I could connect to either >> router's wifi, and get to things that were on the other router's >> Wifi. (Bonjour/mDNS naming for example). >>=20 >> With OpenWrt as my primary router and CeroWrt as the secondary, I am >> able to connect to the CeroWrt wifi and get anywhere - either the >> OpenWrt subnets or to the Internet. >>=20 >> But connecting to the OpenWrt wifi, I cannot ping or telnet to any >> addresses on the CeroWrt... What am I missing? (This is probably not >> a deep question: I really don't understand linux routing >> configuration...) >=20 > I can start with really basic :). >=20 > AIUI CeroWrt can do this using the babel mesh routing daemon. That = might be what you had working. >=20 > I don't know routing daemons, but I'm quite familiar with static = routing, so in your shoes that's probably what I'd attempt first. It at = least gives you an idea what's going on at the IP level. This would = require... as a vague checklist, and being unhelpfully vague about = wireless... >=20 > Second router: >=20 > 1) Make sure the LAN subnet (and IP address) doesn't conflict with the = first. I think CeroWrt already uses different addresses to OpenWrt. But = for this example I use 192.168.16.0, netmask 255.255.255.0, and = 192.168.16.1. >=20 > Wiki explanation of netmask: > = https://en.wikipedia.org/wiki/Subnetwork#Determining_the_network_prefix >=20 >=20 > 2) a) Configure it with a WAN IP address that belongs to the first = LAN. Usually a static address, which is outside the DHCP pool. Keep a = note of all the static addresses you configure, to avoid conflicts. b) = Set default route to the first router. OR make it a DHCP client which = picks up the address and default route automatically. >=20 > You seem to have this part working, or CeroWrt wouldn't access the = internet. >=20 >=20 > 3) First router: set a static route for the subnet belonging to LAN2, = which points at the LAN1 IP address of the second router. >=20 > You don't have this bit. >=20 > To add a separate routed wireless network on the second AP (as opposed = to a more seamless one which allows roaming between the two APs): try = configuring the wireless subnet adjacent to the wired one & use a single = aggregated route for simplicity. >=20 > wireless lan: 192.168.17.0, 255.255.255.0 >=20 > aggregated route for wlan + lan: 192.168.16.0/23, i.e. netmask = 255.255.254.0 >=20 > It could be extended to guest wireless as well. Widen the route by = another bit, and don't worry if you're not actually using the fourth = subnet (192.168.19.0/24) >=20 >=20 > 4) *** Make sure NAT is disabled on the second router. *** >=20 > I think you have NAT enabled on CeroWrt, because otherwise, without = doing part 3), computers on CeroWrt network wouldn't get any packets = _back_ from the internet. >=20 >=20 > 5) Configure the firewall on the second router to accept all packets = from the WAN interface / unknown networks. You rely on the first router = to do that instead. >=20 >=20 > Alan