How do I configure routing in this mesh scenario?

Question

I've setup the following scenario

Routing Scenario

All the routers are openwrt routers, and they are connected either via cable (Rout1 <> Rout2), or via wireless (Rout2 <> Rout4)

I would like to be able to connect to each router from each router via SSH. Now if I'm connected to Router 2, I can connect to Router 1 (upstream), but not to router 3 (downstream).

Since each router has its own subnet, I guess the best solution would be to setup static routing rules, but I havent succeeded.

I tried to add this rule on router 2, to be able to talk with router 3, but it doesnt work:

Static Routing Openwrt.

What am I doing wrong?

Some more info, these commands are run out of Router II:

root@OpenWrt:~# ifconfig
br-lan    Link encap:Ethernet  HWaddr E8:DE:27:D6:88:7E  
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fd95:ccb3:25d1:4::1/62 Scope:Global
          inet6 addr: fe80::eade:27ff:fed6:887e/64 Scope:Link
          inet6 addr: fd55:9df8:d56e::1/60 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1457082 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2115340 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:150498460 (143.5 MiB)  TX bytes:2840823770 (2.6 GiB)

eth0      Link encap:Ethernet  HWaddr E8:DE:27:D6:88:7F  
          inet addr:192.168.1.185  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fd95:ccb3:25d1:0:eade:27ff:fed6:887f/64 Scope:Global
          inet6 addr: fd95:ccb3:25d1::953/128 Scope:Global
          inet6 addr: fe80::eade:27ff:fed6:887f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2108975 errors:0 dropped:0 overruns:3 frame:0
          TX packets:1440391 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2841103470 (2.6 GiB)  TX bytes:169610036 (161.7 MiB)
          Interrupt:4 

eth1      Link encap:Ethernet  HWaddr E8:DE:27:D6:88:7E  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1418715 errors:0 dropped:8 overruns:1 frame:0
          TX packets:2078193 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:163820177 (156.2 MiB)  TX bytes:2836974076 (2.6 GiB)
          Interrupt:5 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:237 errors:0 dropped:0 overruns:0 frame:0
          TX packets:237 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:11404 (11.1 KiB)  TX bytes:11404 (11.1 KiB)

wlan0     Link encap:Ethernet  HWaddr E8:DE:27:D6:88:7C  
          inet6 addr: fe80::eade:27ff:fed6:887c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:17781 errors:0 dropped:0 overruns:0 frame:0
          TX packets:32439 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:817883 (798.7 KiB)  TX bytes:2345307 (2.2 MiB)

wlan1     Link encap:Ethernet  HWaddr E8:DE:27:D6:88:7D  
          inet6 addr: fe80::eade:27ff:fed6:887d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:22619 errors:0 dropped:0 overruns:0 frame:0
          TX packets:35299 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:6555917 (6.2 MiB)  TX bytes:4818415 (4.5 MiB)



root@OpenWrt:~# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 br-lan
192.168.3.0     192.168.2.1     255.255.255.0   UG        0 0          0 br-lan

Consider that now I've the wrong static routing rule in the config, the one you see in the attached image.

In your schema you associate an IP address to the router, while IP addresses are (commonly) related to phisical interfaces. If router 2, router 3 and router 4 are connected to the same switch (as it seems, based on your schema) they should have assigned, to related interface, IP addresses belonging to the same subnet. Please, elaborate on this providing us proper details. — Damiano Verzulli, Dec 21 '14 at 14:12
routers are daisy chained. Router II connects via ethernet to router I. Router III connect via ethernet to Router II. Router IV connect via wireless to router II, on a dedicated 5 ghz link. The actual setup is made of 17 routers, with a mixed wireless/wired network. — Mascarpone, Dec 21 '14 at 14:22
Please say how your routers are configured. Did you disable NAT? Did you unbridge the LAN interfaces? Did you disable the WAN zone and put all interfaces in the LAN zone? — jch, Dec 21 '14 at 14:55
I configured as per latest openwrt default. Incoming interfaces (ethernet or wifi) are in the WAN or WWAN zone, outgoing interfaces are all in the LAN zone. I dont think I disabled NAT, if it was on by default, if you want I can type some commands and print the output to you — Mascarpone, Dec 21 '14 at 15:00
@Mascarpone: "if you want I can type some commands". Please type "ifconfig" and "netstat -rn" in all the four routers and give us the output. That's the only chance, for us, to better understand your setup. — Damiano Verzulli, Dec 21 '14 at 16:25
This is not at all a "simple" scenario! And you absolutely need to disable NAT. — Michael Hampton, Dec 21 '14 at 16:32
I added the asked commands. I also edited the title, now it's not a simple configuration anymore :P I thought it was simple, because I had no idea about what I was doing :P thanks guys :) — Mascarpone, Dec 21 '14 at 18:45
@Mascarpone: "...I had no idea about what I was doing...". Actually, I guessed it ;-) — Damiano Verzulli, Dec 21 '14 at 22:58
@DamianoVerzulli TVB. Ti voglio bene. I cant stop laughing :P — Mascarpone, Dec 21 '14 at 23:05
@Mascarpone: things are getting definitely complex: the router you used for your "ifconfig" and "netstat -rn" is dual-band (and, as such, as _TWO_ wireless interfaces) and has _TWO_ ethernet interfaces. So, 1 router and 4 interfaces. Furthermore you've a bridge interfaces (...not clear on top of which interfaces). And all of this only for ONE of your FOUR routers. If this is not enough... in your title I see the word "mesh" and... in mesh-wireless-networking things are even more complex. Sorry, but without an absolutely clearly defined problem (with related details) I really cannot help :-( — Damiano Verzulli, Dec 21 '14 at 23:09
Damiano, I actually had no idea IP networking was so complex. Think that I have 17 routers in the real configuration, with MultiWAN, Port Aggregation and PtP SCTP tunnels. I greatly simplified the setup to recreate a thing I could understand and work with easily. Tomorrow I will try to rewrite the question from zero. Is there any other command I can type to help you understand the situation? — Mascarpone, Dec 21 '14 at 23:16
p.s.: Router 2 does not have multiwan, Port Aggregation or other exotic configuration. It's configured as per default. — Mascarpone, Dec 21 '14 at 23:17

score 2 · Answer 1 · answered Dec 22 '14 at 01:27

OpenWRT is configured by default to split the Internet into a "WAN" zone, a "LAN" zone, and perform NAT-ing between the two. So on all routers except Router 1, you will want to modify the firewall configuration to put all interfaces into the LAN zone:

remove the whole config zone for wan from /etc/config/firewall;
add list network wan to the config zone for lan.

Reboot, and your router should no longer be NAT-ing between the interfaces, and allow unrestricted routing.

In order to improve performance, you'll probably also want to unbridge the lan interface from the wifi. In /etc/config/firewall, remove type bridge, and create a new interface entry for each of your wireless interfaces. Don't forget to add them to the lan zone in your firewall config.

I think that's all. Let me know if I've forgotten something.

I think this might be half of the solution? when I removed the wan from firewall and added it to lan, internet connection was lost. How do I restore it? — Mascarpone, Dec 23 '14 at 10:42
You've configured static addressing, right? Or are you relying on DHCP? — jch, Dec 25 '14 at 17:30

How do I configure routing in this mesh scenario?

1 Answers1