You are here

Routing between node subnet and local subnet

8 posts / 0 new
Last post
WB6YOK
Routing between node subnet and local subnet

A good while back, with a previous version of the firmware, I was able to put a freepbx system on my local subnet and and another freepbx freepbx system on my 2.4 GHz node's subnet.

At the time I created trunks between the two freepbx systems and could dial extensions from one system to the other without issue. In fact I had a trunk going using the mesh from my freepbx mesh system to another ham's system. All worked great!

Now, I cannot get the lashup to work. This seems to be concurrent with a firmware upgrade in the recent past.

I can ping from the freepbx system on the node (10.212.71.71) to the local freepbx system (10.1.10.83) without any issues. I CANNOT ping the other way. This is a new behavior.

A friend of mine who is very knowledgeable about such things did some poking about at the layer 2 level and thinks that the node is rejecting packets from any subnet other than it's own. Anyway, it's rejecting the packets from 10.1.10.83.

Has something changed or am I missing something? Very frustrating as this setup worked fine for a couple of years and now we have bupkus.

Appreciate your help and guidance.

I have attached a network diagram. I hope that will prove helpful.

Chuck...
WB6YOK
 

WB6YOK
I should add we have added
I should add we have added static routes and so on to get as far as we have.

What I am after is detailed engine room level on how routing works between nodes and external networks.

Chuck...
WB6YOK
AA7AU
AA7AU's picture
As an aside, I have noted

As an aside, I have noted that with the lastest stable release, DHCP does NOT seem to issue a gateway IP to local LAN devices when assigning device IP, and uses the restricted LAN mask, when the "Prevent LAN devices from accessing WAN" toggle is set. Discovered this while trouble-shooting VOIP IP-based phone connection problems. Symptom: IP-based phone will properly register with mesh-based FreePBX on different node with local node toggle set OFF, does not with toggle set ON.

Just another data point, I'm very interested in what comes of this discussion. It is my contention that the latest incorporated OpenWRT possibly changed some low-level stuff, the effects of which may just now be surfacing.

Thanks to all who work to support AREDN,
- Don - AA7AU


edited to add: BTW, one quick workaround for this while keeping toggle ON for primary node is to add a DtD secondary node and put the phone on that second non-toggled node side.

AE6XE
AE6XE's picture
If I understand correctly,
If I understand correctly, the 10.1.10.83 pbx is on a non-AREDN network, your home network.  The 2.4GHz mesh node is connected to your home network on its WAN interface or vlan 1, correct?  

If so, then all ports are blocked from the 10.1.10.83 freepbxLocal device to connect to the 2.4GHz Mesh node.   This is no different than a device on the internet trying to access a device on your home network through your home router-wifi device.   If you want any device on your local network to access the 2.4GHz's LAN devices, then go into the port forwarding in the setup options in AREDN to add these port forwards. 

Joe AE6XE 
WB6YOK
Thank you!
Thank you!

Your answer is obvious once you say it. 

BTW, is it possible to specify port ranges for port forwarding?

Chuck...
WB6YOK
AE6XE
AE6XE's picture
ranges for port forwarding
If you want to forward a range of ports, the Outside Port will accept a range in the form "2000-3000".

Joe AE6XE
K6CCC
K6CCC's picture
Your network drawing does not
Your network drawing does not show anything that is routing between the different VLANs (although based on your description I am suspecting that there is more than you are showing).  I am assuming that the notes in black at the bottom are giving some indication of what a router that is not shown is allowing, but that description is rather nebulous without further explanation.
 
WB6YOK
Fair points.

Fair points.

That diagram was created prior to us messing with routing other than the VLAN configuration.

I use a Cisco 3750 managed switch. There are five VLANs configured as follows.

VLAN1 - default, always there, unless configured into another VLAN all ports live here.

VLAN2 - Device to device (DTD) interconnect, all nodes "allow" traffic to this VLAN, a backbone if you will

VLAN24 - 2.4 GHz node

VLAN39 - 3.9 GHz node

VLAN58 - 5.8 GHz node

The upshot of all of this that all nodes can "talk" to each other via VLAN2 and all VLANs are allowed on VLAN1 so they have access to the internet.

The VLAN configuration was derived from this post in the forum. Thanks to KX5DX.

https://www.arednmesh.org/content/cisco-switch

I hope this clarifies and thanks for your interest.

Chuck...
WB6YOK
 

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer