bridging DD-WRT leads to un-routable ip addresses

wireless-networking router wireless-router dd-wrt
5,027

It turns out that I did miss one step. The last step of the instructions says

Set your computer back to auto IP and auto DNS.

{This refers to the computer wired directly to the secondary router, i.e. the computer earlier set to 192.168.1.9, which I couldn't ping}.

As soon as I set this to DHCP, I was able to ping from a machine connected to the primary router. The only thing that I can think of is that the primary couldn't see the MAC address of the machine on the secondary router until it made an ARP request, which it wouldn't have done while it had a static Ip... and yet, I had full network access on that box, so all of its packets would have gone through the primary...

I dunno. I'm going to chalk it up to some strange layer 2 nonsense. If someone can give me a clearer answer, I'll accept it. I want to set up dhcp and dns caching on the secondary router, because DD-WRT has dnsmasq, which is beautiful on home networks... so if ip addresses are only routable after having been registered with the primary router's dhcp server, I'm going to be coming back around to this...

Edit:

The answer, such as it is, came when I was trying to capture the MAC addresses of all the machines on my network (I was going to use these to set up dnsmasq).

$ sudo nmap -sP 192.168.1.0/24 | egrep '^(Nmap scan|MAC)'
Nmap scan report for 192.168.1.1
MAC Address: 00:18:39:08:1D:14 (Cisco-Linksys) # Primary
Nmap scan report for 192.168.1.2
MAC Address: 00:12:17:12:96:22 (Cisco-Linksys) # Secondary
Nmap scan report for 192.168.1.100
MAC Address: 00:12:17:12:96:22 (Cisco-Linksys) # Connected to secondary
Nmap scan report for 192.168.1.101
MAC Address: 90:18:7C:2A:21:C4 (Unknown)
Nmap scan report for 192.168.1.103
Nmap scan report for 192.168.1.123
MAC Address: 00:12:17:12:96:22 (Cisco-Linksys) # Connected to secondary

The kicker here is that all of the machines connecting through the secondary share the MAC Address of the secondary.

If I had a true bridge, the two routers would essentially be acting as a single switch (a layer 2 device). Packets from a given device on the subnet would be delivered to another via MAC Address.

That's not what's happening here. Instead, I have two interleaved subnets that have the same IP address space. Ordinarily, this would be a bad idea; if you're not careful, it could lead to IP address conflicts. In this case, it's not so bad, because all of the DHCP requests are handled by the primary router (I have DHCP forwarding set up on the secondary)

Packets from the primary are delivered to the secondary via MAC address. The machines beyond the router are on a second network segment, and therefore do not share MAC addresses with the primary network.

I mentioned that I had previously had the DD-WRT bridged with a different router. This was a true bridge, set up through WDS (Wireless Distribution System). The caveat with WDS is that both routers must use the same chip-set.

At the time that I set it up, I couldn't figure out why that mattered, but once I started thinking about it, it made sense. If I create a bridge between two routers, I'm essentially creating one big switch -- a layer 2 device. A switch has the 'smarts' to deliver packets via MAC address, rather than broadcasting packets and letting each device on the network sort out whether or not to accept them (that would be a hub, rather than a switch). The specifics about how the switch actually delivers packets is a layer 1 (i.e. hardware) decision. Generally, you don't have to worry about the hardware layer, because all of the decisions are made within the same physical machine. You can treat it as a black box. That doesn't work with WDS, because at that point you're trying to mix two boxes at the layer 1 -- i.e. hardware level, and at that level, chip-sets matter.

Share:
5,027
Barton Chittenden
Author by

Barton Chittenden

Juggler, Bash jockey, Perl scripter, Linuxhead, code janitor.

Updated on September 18, 2022

Comments

  • Barton Chittenden
    Barton Chittenden over 1 year

    I'm bridging two routers. The primary (attached to the internet) is a stock Linksys WRV200 running Firmware Version: 1.0.39. The secondary is a Linksys WRT-54g running Firmware: DD-WRT v24-sp2 (10/10/09) mini.

    I followed the instructions here, trying to create a wireless bridge: http://www.dd-wrt.com/wiki/index.php/Client_Bridged

    Both routers sit on 192.168.1.0/24 -- primary is 192.168.1.1, secondary 192.168.1.2.

    I have a Linux box connected by cat5 to the secondary with a static IP address of 192.168.1.9. This can connect outbound (I can ping the primary, and I have internet access on that box). However, when I try to ping from a laptop with a wireless connection to the primary (IP address 192.168.1.103), I get the following:

    $ ping 192.168.1.109
PING 192.168.1.109 (192.168.1.109) 56(84) bytes of data.
From 192.168.1.103 icmp_seq=1 Destination Host Unreachable
From 192.168.1.103 icmp_seq=2 Destination Host Unreachable
.
.
.

    I can ping from 192.168.1.103 to the secondary router itself -- just nothing beyond it.

    Here are the vital statistics of the primary:

    Local IP Address: 192.168.1.1
Subnet Mask: 255.255.255.0

Running as DHCP server
IP Address Range: 192.168.1.100 through 254

Destination LAN IP | Subnet Mask   | Gateway     | Interface
192.168.1.0        | 255.255.255.0 | 0.0.0.0     | LAN&Wireless
74.138.64.0        | 255.255.240.0 | 0.0.0.0     | WAN
Default Route (*)  | 0.0.0.0       | 74.138.64.1 | WAN
127.0.0.1          | 0.0.0.0       | 127.0.0.1   | LOOPBACK

    The secondary:

    Local IP Address: 192.168.1.2
Subnet Mask: 255.255.255.0
Gateway: 192.168.1.1
Local DNS: {not populated}

Routing table:

Destination LAN NET | Subnet Mask   | Gateway     | Interface
192.168.1.0         | 255.255.255.0 | 0.0.0.0     | LAN & WLAN
169.254.0.0         | 255.255.0.0   | 0.0.0.0     | LAN & WLAN
0.0.0.0             | 0.0.0.0       | 192.168.1.1 | LAN & WLAN

    So... if I'm reading this correctly, the routers aren't actually bridged... the secondary is actually acting as a router, and isn't allowing packets from the primary to reach other side of its network, even though they're on the same subnet.

    I did follow the instructions about disabling the firewall on the secondary. Here are the interesting parts of iptables -L (I've removed the empty chains).

    Chain INPUT (policy ACCEPT)
target     prot opt source               destination      

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination      
ACCEPT     0    --  anywhere             anywhere         
logdrop    0    --  anywhere             anywhere            state INVALID
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
lan2wan    0    --  anywhere             anywhere         
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     0    --  anywhere             anywhere            state NEW

.
.
.

Chain logaccept (0 references)
target     prot opt source               destination      
ACCEPT     0    --  anywhere             anywhere         

Chain logdrop (1 references)
target     prot opt source               destination      
DROP       0    --  anywhere             anywhere         

Chain logreject (0 references)
target     prot opt source               destination      
REJECT     tcp  --  anywhere             anywhere            tcp reject-with tcp-reset

    I assume that there's something simple that I'm missing here ... how do I set this up so that boxes connected to either router are routable?

    • hookenz
      hookenz about 11 years
      I've set this up before and it worked for me. Did you follow every single step? what router hardware are you using. I did once read that there were some issues with some chipsets working in client bridge mode.
    • Barton Chittenden
      Barton Chittenden about 11 years
      I don't think that it's a a hardware issue... I had the DD-WRT bridged with a different router this morning... I think that I just have something mis-configured.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

D-Link DIR-615 bricked. Power led stays orange, can't get into emergency flash mode
Back to original firmware on TP Link WR2543ND
How to fix Wrong firmware installed on router
Cannot Access Web GUI after changing to Router mode DD-WRT
DD-WRT: Cannot access web interface
How to provide free connection with usage caps (dd-wrt firmware)
Connect a wireless LAN to a WAN wirelessly
How to set up Asus RT-N66U in bridge mode with wired connection to main router?
Slow local network with brand new router and DD-WRT
Setting up a second router to be a separate network on a home networking router