What's new

LAN->WAN access issue

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

cjgarmar

New Around Here
Hi all!

I can't access (e.g. ping or HTTP) to my WANRouter from LAN clients. My infrastructure is:

LAN<->ASUSRouter<->WANRouter
LAN IP: 192.168.0.0/24
ASUSRouter LAN-IP: 192.168.0.1
ASUSRouter WAN-IP: 192.168.1.2
WANRouter LAN-IP: 192.168.1.1

I'm using Merlin 374.40 firmware on ASUSRouter and pinging from ASUSRouter to WANRouter is working.

I've tried to update the firmware, but the problem persists. And the problem dissapears if I change to dd-wrt firmware, that is, pinging works.

So, I don't know what may be happening. Please, can anyone lend a hand?

Thank you very much,

Cristian.

Additional information:

Routing table on ASUSRouter
192.168.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0

Routing table on LAN clients
default 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0
192.168.0.0 * 255.255.255.0 U 9 0 0 wlan0
 
Without looking over your question in depth, it looks like you are using inconsistent subnets (the 192.168.x. nnn) the number where the X is should be the same if your subnet mask is 255.255.255.0 and you plan to have only one subnet. I have no experience with Merlin's software so I don't completely understand all of your references.

Perhaps a reset to default settings would permit the router to sort itself out automatically.
 
Last edited:
Hi AdvHomeServer,

Thanks for replying, but net configuration is correct. AsusRouter (AC56U) act as a router, so it has two nets: one side (LAN) with 192.168.0.0/24 addresses and other side (WAN) with 192.168.1.0/24 addresses. As I said in the last post, if I change the firmware to dd-wrt all works fine, of course with the same net configuration. After changing to dd-wrt, I came back to Merlin-asusWRT (default settings) and it doesn't work.

I believe it is a issue of some filter or restriction, but I don't know where to look. I flush iptables (mangle, nat, raw and filter tables), and it still doesn't work.

Some more help, please. Thanks!
 
...don't k now why this isn't working for you...it should.
I am using the same kind of setup and never run into trouble....no manual tweaks applied...only using the GUI and default settings.
 
...don't know why this isn't working for you...it should.
I agree, the routing looks perfectly correct. It should "just work" after a factory reset and the only thing changed being the router's LAN IP Address to 192.168.0.1.

Can you ping the WANRouter from the ASUSRouter?

I see the LAN client is wireless. Have you tried with wired client connections and different kinds of client?
 
Thanks all of you for your responses,

@wasdanou. Your network configuration is not the same as mine. Your router is on AP mode, but my router is on Router mode.

@ColinTaylor. I can ping the WANRouter from the ASUSRouter and viceversa. I also tested with wired connections and with pc, mobile and laptop devices, with the same negative result.

I still believe it is an issue regarding to some hidden filter or restriction.

Any idea?
 
I still believe it is an issue regarding to some hidden filter or restriction.
That seems likely. Can you post the output of the following command (after you have rebooted the router to clear out any UPNP entries):
Code:
# iptables-save

If your router doesn't have iptables-save try:
Code:
# iptables -t nat -L -n -v
# iptables -t mangle -L -n -v
# iptables -L -n -v
I'll try and compare it with my settings although I have an RT-N66U so it might not be exactly the same.
 
Thank you all! I really appreciate your help.

Finally, I found a solution. Somehow iptables doesn't masquerade (nat) WANRouter addressing.

So I flush all iptables entries, create forward&masquerade rules, reboot the router and all works.

As I am working on a vpnc stable&easy connection, when I solve all the problems, I'll post a howto message in the forum.

Thanks again!
 
Strange, must be a bug. The nat should look something like this:
Code:
# cat /tmp/nat_rules
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:VSERVER - [0:0]
:LOCALSRV - [0:0]
:VUPNP - [0:0]
:DNSFILTER - [0:0]
-A PREROUTING -d your_wan_address -j VSERVER
-A VSERVER -j VUPNP
[B]-A POSTROUTING  -o eth0 ! -s your_wan_address -j MASQUERADE[/B]
-A POSTROUTING  -m mark --mark 0xd001 -j MASQUERADE
COMMIT
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top