What's new

Allow access from other subnets

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

BelerNaor

New Around Here
My RT-AC86U is in AP mode behind another router/firewall
My network at home uses several IP ranges for various uses: 192.168.10.x, 192.168.20.x, etc...

The Asus router configuration:
Code:
Firmware Version: 386.2_4
Mode: AP
IP Address: 192.168.50.10
Subnet Mask: 255.255.0.0
Default Gateway: 192.168.50.1 (Other Router/Firewall)

How do I allow access to the RT-AC86U web UI and SMB-Share from other part of the network (say 192.168.10.x).
I can access the clients (e.g. 192.168.50.20) but not the RT-AC86U itself.

Note that since it is behind another router/firewall, it won't be accessible from internet even if I allow "access from everywhere".
 
Could be a bug. SSH into the AP and check the subnet mask is set correctly:
Code:
ifconfig br0
grep interfaces /etc/smb.conf
 
Thank you Colin.
The subnet mask seems ok:

Code:
ASUSWRT-Merlin RT-AC86U 386.2_4 Fri Apr 30 21:01:21 UTC 2021
admin@RT-AC86U-C3B0:/tmp/home/root# ifconfig br0
br0       Link encap:Ethernet  HWaddr 0C:9D:92:2C:C3:B0
          inet addr:192.168.50.10  Bcast:192.168.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:5864 errors:0 dropped:12 overruns:0 frame:0
          TX packets:5115 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:704258 (687.7 KiB)  TX bytes:6783920 (6.4 MiB)

admin@RT-AC86U-C3B0:/tmp/home/root# grep interfaces /etc/smb.conf
bind interfaces only = yes
interfaces = lo br0 192.168.50.10/255.255.0.0

Note that I can't even ping the AC86U from outside of 192.168.50.x (while other IPs in the range are ok)
 
Is it just access to the Asus itself that doesn't work properly? Can WiFi clients connected to the Asus communicate with devices in 192.168.10.x and vice versa?

Can you describe the physical path between a client in 192.168.10.x and the Asus. i.e. what cables, switches, etc. is it going through?

What devices are connected to the Asus' WAN and LAN ports?
 
Yes the clients of the Asus can communicate with devices in 192.168.10.x and vice versa without issues.

For some reason, when I set the mask to 255.255.255.0 on the Asus, everything works.
It also allows access to SMB shares from other subnets, which I didn't expect.
If I set the Asus on DHCP, I can ping the Asus but not access the SMB-Share.
I don't understand why (well, my knowledge is limited).

To answer your question:
PC1 <-> (LAN) MikroTik Router (LAN) <-> (LAN) Asus (WiFi) <-> PC2

So I will leave it like that for now, and maybe one day I'll understand what is happening.
 
It also allows access to SMB shares from other subnets, which I didn't expect.
Just to confirm; you don't really mean "other subnets" do you? All your devices are part of the same single subnet (192.168.0.0/16) without any intermediate routers.
 
Yes, that is right. I am not sure what the correct wording is.
With the netmask set to 255.255.255.0 (so 192.168.50.0/24), I thought it should believe that 192.168.10.x is another subnet.
 
With the netmask set to 255.255.255.0 (so 192.168.50.0/24), I thought it should believe that 192.168.10.x is another subnet.
Yes, setting the Asus's netmask to /24 is technically wrong because it will think 192.168.10.x is on a different subnet and try to "route" to it via the default gateway (192.168.50.1), which I presume goes to the internet. All the devices on your LAN should have the same /16 netmask with no need to route between them, because a device with address 192.168.10.123 is no different than a device with address 192.168.99.111.

Are you sure you haven't created separate subnets on the MikroTik for your 192.168.10.x, 192.168.20.x, etc. devices?
 
Are you sure you haven't created separate subnets on the MikroTik for your 192.168.10.x, 192.168.20.x, etc. devices?
Yes, that must be the core of the problem. On the MicroTik I have several VLANs for various purposes: PCs, Guests, IOT with access to internet but not other VLANs, IOT without access to anything, etc....

I wanted the Asus to be accessible from other subnets (e.g. people on the "guests" VLAN) so I though setting the mask to /16 would do that automatically, but by doing so I realize the Asus must think it can skip the routing part, which is why it doesn't work.

Thanks a lot for your patience and explanations.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top