Wireless mesh router connected to green. How to I access clients from wired clients on green?

dwin64 · 3 September 2023 17:18

I have a small box with two cards running IPfire.
RED is connected to my cable box providing ethernet access.
GREEN is connected to other nic and all wired clients connect here.
I also have a wireless router (three actually, mesh)
The main mesh is connected to GREEN and gets 192.168.6.10)
The wiress router has a dhcp server which gives out IPs to the wireless clients. (192.168.5.X)
All my wireless devices (echos, nest, cameras. all work fine)

one of the clients (a 3d printer, dhcp client 192.168.5.161) connects successfully to the wireless router.

My main PC, 192.168.6.3 cannot ping the 192.168.5.161 device.
I cannot get to the web interface of the 3d printer.

does a route need to be set on PC or a route added to IPfire?

Thanks!!!

Dan

cfusco · 3 September 2023 18:19

Hello and welcome to our community.

In the scenario you described, the PC and the printer are on different subnets. The PC is on the 192.168.6.0/24 subnet, and the printer is on the 192.168.5.0/24 subnet. The PC therefore would not broadcast an ARP request for the printer’s IP address. ARP is a Layer 2 protocol and works only within the same local network or subnet. When the PC determines that the destination IP address is not in its local subnet, it will send the packet to its default gateway for routing to the destination subnet. The default gateway in this case would be the IPFire Router.

Here’s what would generally happen:

The PC would attempt to send a packet to the printer at 192.168.5.161.
The PC would recognize that the printer’s IP address is not in its own subnet (192.168.6.0/24).
The PC would then send the packet to its default gateway, which is presumably the IPFire Router, for further routing.
The IPFire Router would need to know how to route traffic to the 192.168.5.0/24 subnet. If it doesn’t have a route for that subnet, the packet will be dropped.
If the IPFire Router does know how to reach the 192.168.5.0/24 subnet (through a static route), it would forward the packet to the appropriate next hop, which would be the AP in this case.
The AP would receive the packet and forward it to the printer at 192.168.5.161.
The printer would send the response back through the same path in reverse.

For this to work, you would need to configure routing rules on the IPFire Router to know how to reach the 192.168.5.0/24 subnet. Additionally, the AP would need to be configured to allow traffic from the 192.168.6.0/24 subnet to the 192.168.5.0/24 subnet.

dwin64 · 3 September 2023 19:05

I did try a static route. I did not however change the wireless router.
I will try that next.
Thank you very much for the in-depth explanation.

Dan

dwin64 · 3 September 2023 19:21

I added a static route
host 192.168.5.0/24
gateway 192.168.6.10 (IP that wireless router received)
Is this correct? Or should .10 be 1 (192.168.6.1 is gateway address for ipfire)

cfusco · 3 September 2023 19:29

this is correct. This tells the IPFire Router that any traffic destined for the 192.168.5.0/24 network should be forwarded to the AP at 192.168.6.10. The AP would then handle distributing the traffic within its own subnet (192.168.5.0/24).

EDIT: to troubleshoot:

Use tcpdump to capture packets on the IPFire Router (and if possible in the AP) to see if packets destined for the printer are being routed correctly. You can also use it on the PC and printer to verify that packets are reaching their intended destinations.
Use traceroute from the PC to the printer’s IP to see the path the packets take. This can help confirm whether the packets are being routed through the IPFire Router and the AP as expected.

hvacguy · 3 September 2023 19:35

I’m assuming he will also need a port forward in the mesh AP / Router. To allow PC to talk to printer.

cfusco · 3 September 2023 19:41

Very good point (being the router also a mesh), but I do not think NAT is necessary here. It would only make routing worse. The IPFire Router and the AP should be configured to route traffic between the two subnets without NAT. The IPFire Router would need a static route to the 192.168.5.0/24 network via the AP (192.168.6.10), and the AP would need to allow traffic from the 192.168.6.0/24 network to the 192.168.5.0/24 network.

If the AP, being a mesh, is also acting as a router with its own separate NAT, I think NAT should be disabled to allow direct communication between the two subnets. The key principles remain the same: to set up proper routing rules allowing traffic to flow between the two subnets (192.168.6.0/24 and 192.168.5.0/24).

dwin64 · 3 September 2023 19:53

Here’s where I’m at…

C:\Windows\System32>tracert 192.168.5.161

Tracing route to 192.168.5.161 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  ipfire.localdomain [192.168.6.1]
  2     2 ms     1 ms     1 ms  192.168.6.10
  3  192.168.6.10  reports: Destination protocol unreachable.

Trace complete.

also, I can’t get to the web interface of the wireless router
(used to be 192.168.5.1, but now I think it would be 192.168.6.10)

I connected my wifi on the pc to the wireless router…
So it should still be 192.168.5.1

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : lan
   Description . . . . . . . . . . . : Intel(R) Wireless-AC 9260 160MHz
   Physical Address. . . . . . . . . : 
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.5.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, September 3, 2023 1:30:47 PM
   Lease Expires . . . . . . . . . . : Sunday, September 3, 2023 4:16:05 PM
   Default Gateway . . . . . . . . . : 192.168.5.1
   DHCP Server . . . . . . . . . . . : 192.168.5.1
   DHCPv6 IAID . . . . . . . . . . . : 278971785
   DNS Servers . . . . . . . . . . . : 192.168.5.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

The following error was encountered while trying to retrieve the URL: http://192.168.5.1/

Connection to 192.168.5.1 failed.

The system returned: (111) Connection refused

The remote host or network may be down. Please try the request again.

cfusco · 3 September 2023 19:56

The traceroute output suggests that the packet reached the AP at 192.168.6.10 but was unable to proceed further to the destination 192.168.5.161. The message “Destination protocol unreachable” typically indicates that the device (in this case, the AP at 192.168.6.10) could not route the packet to the specified destination.

This does could mean:

The AP does not have a route to the 192.168.5.0/24 network.
There is a firewall rule on the AP blocking the traffic.
The AP is misconfigured in some other way that prevents it from routing the packet to the 192.168.5.161 address.

You would need to check the AP’s routing table and firewall rules to determine the exact cause.

cfusco · 3 September 2023 20:02

that’s the gateway for 192.168.5.0/24, but for IPFire AP is 192.168.6.10. Your problem is in the configuration of the three routers. Make sure they do not do any NAT, and they allow the traffic to flow between the two networks. Watch for firewall rules as well.

hvacguy · 3 September 2023 20:51

This is a sadly missing feature in most
Mesh wifi systems. Like Google wifi.
If it is setup in bridge mode it works as a strait AP. No mesh.

dwin64 · 4 September 2023 01:38

solution (maybe there is a better one, but here’s what worked)

Added static route as suggested above on ipfire.
Host IP: 192.168.5.0/24 gateway: 192.168.6.10

then, I added a port forward on the wireless router
TCP 192.168.6.10 port 8081 → 192.168.5.161 port 80

Now if I go to web address 192.168.6.10:8180
I go directly to web page of 3d printer.

cfusco · 4 September 2023 10:13

well, congratulations to you and @hvacguy

NAT should not be employed here, but I guess we need to adapt to these non-free firmwares.