Guys, see the attached network diagram. I foolishly changed some settings trying to solve one issue and created another.
As you can see, I have a Linksys running DD-WRT "inside" of my Asus 3200 running Merlin. (Linksys on static IP: 192.168.1.254)
So originally I had the Linksys running as "Gateway" and using access restrictions in DD-WRT to keep some clients from the internet. ALL WAS WELL, except for one problem: one of the clients (a camera) needed daily NTP updates or it would stop putting a DTG stamp on the recorded video. Well, and my main computer (on Asus) couldn't directly access my RPi (on the Linksys).
So my original goal for today was "let port 123 through the no-internet."
On the DD-WRT/Linksys I've set up [ Setup ] -> [ Advanced Routing ] for Static Routing to send traffic bound for 192.168.1.0/24 through 192.168.1.254 as gateway.
On the Asus I've set up [ LAN ] -> [ Route ] for a static route to send traffic bound for 192.168.2.0/24 through 192.168.1.254 as gateway.
After MUCH fiddling I switched the Linksys from Gateway to Router mode and futzed with iptables some in DD-WRT.
iptables -A FORWARD -p udp --dport 123 -j ACCEPT
iptables -A FORWARD -p tcp --dport 8123 -j ACCEPT
I also made some edits to the Asus settings.
At THIS POINT clients on either network can access each other as required. WIN!!
UNFORTUNATELY now NONE of the clients on the Linksys have internet access.
Everyone on 192.168.2.0/24 can ping the Asus, but nothing beyond.
I assume Asus/Unbound is providing DNS to the Linksys, because when I (on Linksys) tcpdump -i eth1 icmp and ping 8.8.8.8 from my RPi on Linksys, I see:
IP raspberrypi > dns.google: ICMP echo request, id 5378, seq 96, length 64
IP Netgear-DD-WRT > raspberrypi: ICMP host dns.google unreachable, length 92
I'd like to tcpdump on the Asus now to see if I can figure out where it's going but that's not part of Asus/Merlin.
So my brain is dead. Seems like (obviously) the Linksys traffic is hitting the Asus network, but it also seems like I have some kind of access restrictions. But if I go to (Asus) [ AiProtection ] -> [ Parental Controls ] I certainly don't have the Linksys in there. Is there anywhere ELSE that would turn off the Internet for a client? AAAAAAAAARRRRRGH
As you can see, I have a Linksys running DD-WRT "inside" of my Asus 3200 running Merlin. (Linksys on static IP: 192.168.1.254)
So originally I had the Linksys running as "Gateway" and using access restrictions in DD-WRT to keep some clients from the internet. ALL WAS WELL, except for one problem: one of the clients (a camera) needed daily NTP updates or it would stop putting a DTG stamp on the recorded video. Well, and my main computer (on Asus) couldn't directly access my RPi (on the Linksys).
So my original goal for today was "let port 123 through the no-internet."
On the DD-WRT/Linksys I've set up [ Setup ] -> [ Advanced Routing ] for Static Routing to send traffic bound for 192.168.1.0/24 through 192.168.1.254 as gateway.
On the Asus I've set up [ LAN ] -> [ Route ] for a static route to send traffic bound for 192.168.2.0/24 through 192.168.1.254 as gateway.
After MUCH fiddling I switched the Linksys from Gateway to Router mode and futzed with iptables some in DD-WRT.
iptables -A FORWARD -p udp --dport 123 -j ACCEPT
iptables -A FORWARD -p tcp --dport 8123 -j ACCEPT
I also made some edits to the Asus settings.
At THIS POINT clients on either network can access each other as required. WIN!!
UNFORTUNATELY now NONE of the clients on the Linksys have internet access.
Everyone on 192.168.2.0/24 can ping the Asus, but nothing beyond.
I assume Asus/Unbound is providing DNS to the Linksys, because when I (on Linksys) tcpdump -i eth1 icmp and ping 8.8.8.8 from my RPi on Linksys, I see:
IP raspberrypi > dns.google: ICMP echo request, id 5378, seq 96, length 64
IP Netgear-DD-WRT > raspberrypi: ICMP host dns.google unreachable, length 92
I'd like to tcpdump on the Asus now to see if I can figure out where it's going but that's not part of Asus/Merlin.
So my brain is dead. Seems like (obviously) the Linksys traffic is hitting the Asus network, but it also seems like I have some kind of access restrictions. But if I go to (Asus) [ AiProtection ] -> [ Parental Controls ] I certainly don't have the Linksys in there. Is there anywhere ELSE that would turn off the Internet for a client? AAAAAAAAARRRRRGH
Attachments
Last edited:
