Routing between br0 and br1 (LAN -> VPN TAP)
Hello,
This is my first post on this forum, I have problem with routing between two bridges
I'm using tomato by shibby v124EN on WNR3500l
I have one problem with routing between two VLANs my configuration is:
LAN
Bridge STP IP Address Netmask DHCP IP Range (first/last) Lease Time (mins)
br0 Disabled 192.168.254.1 255.255.255.0 Enabled 192.168.254.10 - 100 1440
br1 Disabled 192.168.0.200 255.255.255.0 Disabled -
OpenVPN Client:
Interface Type TAP
Bridge TAP with LAN1 (br1)
Server is on the same subnet YES
VLAN
VLAN VID Port 1 Tagged Port 2 Tagged Port 3 Tagged Port 4 Tagged WAN Port Tagged Default Bridge
1 1 Yes Yes Yes * LAN (br0)
2 2 Yes WAN
3 3 Yes LAN1 (br1)
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.254 * 255.255.255.255 UH 0 0 0 vlan2
192.168.1.0 * 255.255.255.0 U 0 0 0 vlan2
192.168.254.0 * 255.255.255.0 U 0 0 0 br0
192.168.0.0 * 255.255.255.0 U 0 0 0 br1
192.168.0.0 * 255.255.255.0 U 0 0 0 tap11
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 192.168.1.254 0.0.0.0 UG 0 0 0 vlan2
LAN Access
On Src Src Address Dst Dst Address Description
On LAN LAN1
On LAN1 LAN
$ iptables -vnL
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- tap11 * 0.0.0.0/0 0.0.0.0/0
53 2712 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
417K 180M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
1755 109K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
1647 136K ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0
322 20392 ACCEPT all -- br1 * 0.0.0.0/0 0.0.0.0/0
156 23609 logdrop all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- tap11 * 0.0.0.0/0 0.0.0.0/0
23834 8145K all -- * * 0.0.0.0/0 0.0.0.0/0 account: network/netmask: 192.168.254.0/255.255.255.0 name: lan
67 3412 all -- * * 0.0.0.0/0 0.0.0.0/0 account: network/netmask: 192.168.0.0/255.255.255.0 name: lan1
0 0 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- br1 br1 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
987 51480 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
22354 8036K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 wanin all -- vlan2 * 0.0.0.0/0 0.0.0.0/0
1413 106K wanout all -- * vlan2 0.0.0.0/0 0.0.0.0/0
1413 106K ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- br1 * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 546K packets, 627M bytes)
pkts bytes target prot opt in out source destination
Chain logdrop (2 references)
pkts bytes target prot opt in out source destination
156 23609 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW LOG flags 39 level 4 prefix `DROP '
156 23609 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 39 level 4 prefix `REJECT '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
Chain shlimit (1 references)
pkts bytes target prot opt in out source destination
2 104 all -- * * 0.0.0.0/0 0.0.0.0/0 recent: SET name: shlimit side: source
0 0 logdrop all -- * * 0.0.0.0/0 0.0.0.0/0 recent: UPDATE seconds: 360 hit_count: 3 name: shlimit side: source
Chain wanin (1 references)
pkts bytes target prot opt in out source destination
Chain wanout (1 references)
pkts bytes target prot opt in out source destination
I would like to have access from my LAN (br0 192.168.254.0) to LAN1 (br1 192.168.0.1), but also this one port (4) have to be completly in VPN network (but this work correctly).
From my LAN I'm able to pinging 192.168.0.200 (this is router's VPN IP) but I can't ping another IP from this network.
Please help me..
