WAN to LAN Loopback? (For imperfect Boat/Marina IRL scenario)

BikeHelmet

Regular Contributor
Howdy,

I have a very specific use case, which I have always used Tomato routers for. I'm trying to figure out if there's a way to do it for Merlin routers as well (maybe a simple IPTables command or something?), as they are much newer and better supported. When I try to do it with Merlin routers, I get messages like "WAN and LAN cannot be same subnet", etc.; is there a way to get around that and have the router be 192.168.10.1 for example, and the gateway/booster be 192.168.10.2?

On Boats in Marinas without in-place WiFi on the docks, you often need a wireless booster to connect to a WiFi network on-shore. Most of the boosters are either not very intuitive, or have quirks that limit their functionality. (Like maybe it's impossible to turn off DHCP, and they only support static WAN, not DHCP WAN. Oh, and the DHCP crashes if there are two many client devices, because the booster was designed with 4MB of RAM. Dumb limitations.) Finding the right mix of equipment and settings can be an exercise. Many people don't want to buy new equipment, so you do what you can to get theirs working. And most people in that scenario have no clue about networking or rewiring WAN and LAN cables - they want simple. Bookmark the config page, they punch in WiFi settings and/or click Scan, then click Save. Done. If it requires unplugging stuff, they will forget and phone for help, and complain.

I'm currently dealing with an ornery booster on a boat, that has two defective modes. The only two that working are Router mode or Repeater mode. Wireless bridge mode requires identical equipment on the other end - not going to happen, since the boat owner does not control the marina. So it runs Router mode instead - the booster gets an IP from the onshore router (Who knows what subnet - 192.168.67.x, 192.168.1,x, 192.168.100.x, 10.0.0.x, etc.), hands out an IP to any devices that it sees, like the boat router - and then the boat router hands out IPs to all other devices. Great. But when the boat moves, it needs to be reprogrammed to new WiFi settings - the booster is inaccessible when plugged in through the WAN port unless you do a WAN to LAN Loopback. On Tomato that works fine, but on Merlin firmware it doesn't work at all? (Internet drops, no DNS.) Most lone boat owners have limited computer skills to say the least, so even with instructions, mistakes will be made swapping these cables around. The solution is likely a command saved somewhere over Putty or WinSCP? Any ideas? For Tomato a jerry rigged 1ft cable did the job. This is IRL and needs to be foolproof. Any ideas?

This is what I mean with WAN to LAN Loopback. It makes the WAN device part of the LAN. It works fine on Tomato as long as you don't have overlapping DHCP zones. (Overlapping DHCP is fine, just not the IPs that they hand out.) It does technically work on Merlin, in the sense that the booster is reprogrammable in a web browser, but it doesn't route internet traffic through the booster to the shore.
1651815148383.jpeg


I am aware that this is not exactly prim and proper networking. :p

In this example with a Tomato router, the boat router might be 192.168.10.1 on 255.255.255.0 and hand out IPs in 192.168.10.50 - 149 range, with numbers under that allocated staticly. It handles WiFi on the boat, plus some other services - makes a printer accessible over WiFi, handles security cameras, etc.; the booster might be at 192.168.10.2 on 255.255.255.0, and hand out IPs in the 192.168.10.150 - 249 range. Its DHCP cannot be turned off, it cannot broadcast WiFi locally for the boat (hence the need for the router), and it tends to randomly stop responding to DHCP requests when too many devices are connected, or it's busy reconnecting to a wireless WAN gateway. You might think, why not just have it be the router and plug in an access point? Well, because its router features suck and destabilize and stop working very often. Anyway, because they are both on the same LAN and subnet in this scenario, it doesn't matter which "router" allocates an IP to a device. All devices can see each other. When the booster's DHCP fails (because, cruddy finicky equipment), the boat router handles it all. And since it has Static WAN IP settings, that part doesn't break down at all.

This cludgy work-around to an IRL problem is pretty much flawless in how well it functions, and only requires adding an $80 router - rather than replacing a pile of equipment, being more complicated to reconfigure, and having reduced uptime. Anyone know a command that would accomplish a similar result in Merlin? I'm willing to experiment if anyone has ideas. (Or suggestions on better ways to do this.)

Cheers, and I hope I didn't break anyone's brain.
 

Ranger802004

Very Senior Member
Howdy,

I have a very specific use case, which I have always used Tomato routers for. I'm trying to figure out if there's a way to do it for Merlin routers as well (maybe a simple IPTables command or something?), as they are much newer and better supported. When I try to do it with Merlin routers, I get messages like "WAN and LAN cannot be same subnet", etc.; is there a way to get around that and have the router be 192.168.10.1 for example, and the gateway/booster be 192.168.10.2?

On Boats in Marinas without in-place WiFi on the docks, you often need a wireless booster to connect to a WiFi network on-shore. Most of the boosters are either not very intuitive, or have quirks that limit their functionality. (Like maybe it's impossible to turn off DHCP, and they only support static WAN, not DHCP WAN. Oh, and the DHCP crashes if there are two many client devices, because the booster was designed with 4MB of RAM. Dumb limitations.) Finding the right mix of equipment and settings can be an exercise. Many people don't want to buy new equipment, so you do what you can to get theirs working. And most people in that scenario have no clue about networking or rewiring WAN and LAN cables - they want simple. Bookmark the config page, they punch in WiFi settings and/or click Scan, then click Save. Done. If it requires unplugging stuff, they will forget and phone for help, and complain.

I'm currently dealing with an ornery booster on a boat, that has two defective modes. The only two that working are Router mode or Repeater mode. Wireless bridge mode requires identical equipment on the other end - not going to happen, since the boat owner does not control the marina. So it runs Router mode instead - the booster gets an IP from the onshore router (Who knows what subnet - 192.168.67.x, 192.168.1,x, 192.168.100.x, 10.0.0.x, etc.), hands out an IP to any devices that it sees, like the boat router - and then the boat router hands out IPs to all other devices. Great. But when the boat moves, it needs to be reprogrammed to new WiFi settings - the booster is inaccessible when plugged in through the WAN port unless you do a WAN to LAN Loopback. On Tomato that works fine, but on Merlin firmware it doesn't work at all? (Internet drops, no DNS.) Most lone boat owners have limited computer skills to say the least, so even with instructions, mistakes will be made swapping these cables around. The solution is likely a command saved somewhere over Putty or WinSCP? Any ideas? For Tomato a jerry rigged 1ft cable did the job. This is IRL and needs to be foolproof. Any ideas?

This is what I mean with WAN to LAN Loopback. It makes the WAN device part of the LAN. It works fine on Tomato as long as you don't have overlapping DHCP zones. (Overlapping DHCP is fine, just not the IPs that they hand out.) It does technically work on Merlin, in the sense that the booster is reprogrammable in a web browser, but it doesn't route internet traffic through the booster to the shore.
View attachment 41126

I am aware that this is not exactly prim and proper networking. :p

In this example with a Tomato router, the boat router might be 192.168.10.1 on 255.255.255.0 and hand out IPs in 192.168.10.50 - 149 range, with numbers under that allocated staticly. It handles WiFi on the boat, plus some other services - makes a printer accessible over WiFi, handles security cameras, etc.; the booster might be at 192.168.10.2 on 255.255.255.0, and hand out IPs in the 192.168.10.150 - 249 range. Its DHCP cannot be turned off, it cannot broadcast WiFi locally for the boat (hence the need for the router), and it tends to randomly stop responding to DHCP requests when too many devices are connected, or it's busy reconnecting to a wireless WAN gateway. You might think, why not just have it be the router and plug in an access point? Well, because its router features suck and destabilize and stop working very often. Anyway, because they are both on the same LAN and subnet in this scenario, it doesn't matter which "router" allocates an IP to a device. All devices can see each other. When the booster's DHCP fails (because, cruddy finicky equipment), the boat router handles it all. And since it has Static WAN IP settings, that part doesn't break down at all.

This cludgy work-around to an IRL problem is pretty much flawless in how well it functions, and only requires adding an $80 router - rather than replacing a pile of equipment, being more complicated to reconfigure, and having reduced uptime. Anyone know a command that would accomplish a similar result in Merlin? I'm willing to experiment if anyone has ideas. (Or suggestions on better ways to do this.)

Cheers, and I hope I didn't break anyone's brain.
I’m a little confused by your request, but I’m thinking what you need is the WAN device Address mapped to a private subnet address?
 

BikeHelmet

Regular Contributor
That would do the trick. Is there a command that'll accomplish that? It's really just to simplify the wiring process for boat owners, and avoid them having to buy a bunch of new equipment. Flipping WAN to LAN is liable to result in messups, and with the loopback cable there's no proper WAN connection to the gateway device with Merlin, even though its control panel can be accessed.

If you know a possible command, fire it over and I'll try it out. :)
 

drinkingbird

Senior Member
Howdy,
.
.

As long as the LAN subnet doesn't overlap with the WAN one you should be able to access the repeater when it is plugged into the WAN port of the asus.

Set booster lan and router wan up as static and make sure to use a different subnet on the LAN. In order to prevent it from conflicting with booster WAN subnet that might change, you could use a subnet like 100.64.0.0/30 or /24 for that link, unlikely that any marina is using the CGNAT space. Your LAN can be whatever you want since it will get NAT'd before leaving, then NATd again by the booster. Now the boat owner can bookmark 100.64.0.2 or whatever IP you choose to get to the booster config and that will never change.

How is the booster WAN static? Does the boat owner know how to find the right IP range to use and change that IP when they move? Seems pretty complex to do. I would think that would have to be DHCP.

Also confused when you say the booster routing stops working. No matter what you do, a router that stops routing is going to kill your internet.
 
Last edited:

Ranger802004

Very Senior Member
That would do the trick. Is there a command that'll accomplish that? It's really just to simplify the wiring process for boat owners, and avoid them having to buy a bunch of new equipment. Flipping WAN to LAN is liable to result in messups, and with the loopback cable there's no proper WAN connection to the gateway device with Merlin, even though its control panel can be accessed.

If you know a possible command, fire it over and I'll try it out. :)
Are you needing this for a specific port or protocol or is this for routing purposes? On one hand creating a NAT rule would easy for this however routing might cause you some issues. Give me a diagram example of the network and a technical demonstration of what you need. I have some ideas but need a little more clarity. Thanks
 

BikeHelmet

Regular Contributor
As long as the LAN subnet doesn't overlap with the WAN one you should be able to access the repeater when it is plugged into the WAN port of the asus.

Set booster lan and router wan up as static and make sure to use a different subnet on the LAN. In order to prevent it from conflicting with booster WAN subnet that might change, you could use a subnet like 100.64.0.0/30 or /24 for that link, unlikely that any marina is using the CGNAT space. Your LAN can be whatever you want since it will get NAT'd before leaving, then NATd again by the booster. Now the boat owner can bookmark 100.64.0.2 or whatever IP you choose to get to the booster config and that will never change.

How is the booster WAN static? Does the boat owner know how to find the right IP range to use and change that IP when they move? Seems pretty complex to do. I would think that would have to be DHCP.

Also confused when you say the booster routing stops working. No matter what you do, a router that stops routing is going to kill your internet.
1) I seem to recall that the WAN device was inaccessible in a web browser when I tried it with different subnets, but I will confirm when next out there.
2) I will try that and report back later this week. I love the idea of using the CGNAT range to avoid subnet conflicts. Even if a Marina is powered by Telus (typically uses those 100.x.x.x IPs), it probably won't matter, since there's a normal Marina router as a link in the chain, in between.
3) Defective DHCP that doesn't pull all the IP/gateway details. Weird stuff like it has 192.168.xx.104 as IP, 255.255.255.0 as mask, 0.0.0.0 (or blank) as gateway, blank DNS. You can change to static, but all details must be entered, which implies having an understanding of how to look them up. No, most boat owners would not readily grasp out to do that after moving.
4) The booster will still have internet, and it'll be responding to requests on the LAN, but traffic exiting Merlin's WAN port doesn't seem to reach or go beyond the booster.

I'll report back once I try a few of your suggestions.
 

drinkingbird

Senior Member
1) I seem to recall that the WAN device was inaccessible in a web browser when I tried it with different subnets, but I will confirm when next out there.
2) I will try that and report back later this week. I love the idea of using the CGNAT range to avoid subnet conflicts. Even if a Marina is powered by Telus (typically uses those 100.x.x.x IPs), it probably won't matter, since there's a normal Marina router as a link in the chain, in between.
3) Defective DHCP that doesn't pull all the IP/gateway details. Weird stuff like it has 192.168.xx.104 as IP, 255.255.255.0 as mask, 0.0.0.0 (or blank) as gateway, blank DNS. You can change to static, but all details must be entered, which implies having an understanding of how to look them up. No, most boat owners would not readily grasp out to do that after moving.
4) The booster will still have internet, and it'll be responding to requests on the LAN, but traffic exiting Merlin's WAN port doesn't seem to reach or go beyond the booster.

I'll report back once I try a few of your suggestions.

Can't think of any reason why the booster (I'm assuming just an access point/router with high gain antenna for WAN and ethernet for LAN) wouldn't be accessible from the LAN. As far as the asus is concerened, it is just another site on the internet. You can reach your cable modem 192.168.100.1 through it so it isn't blocking private IPs or anything. Should work. Perhaps there was an IP overlap or conflict when you tried, which would cause routing issues.

So basically the boat owner is first getting an IP via DHCP then going in and filling in the gateway and DNS? That's what's confusing me you say static WAN IP on the booster but it seems they wouldn't have the knowledge on how to do that. The blank DNS isn't necessarily an issue you can tell the asus to use google DNS or whatever you want but obviously it needs to know its gateway if running in router mode. My guess is years of salt air and not the cleanest AC power just do these things in after a while. Maybe they need to know to reboot the thing every time they pull into a new marina then go in and join the wifi.

You'd think these boat owners who will drop $1000 on gas in a day would be willing to swap out their old faulty hardware. The most expensive part of that setup is the antennas and the coax cable, you could get an old N access point or router with the same number of antenna (1 or 2 probably) and possibly an adapter for the cables (if it is an old cable with the big N connector, there is an N to RP-SMA adapter) all for under $100 easily. Then just plug that into the WAN of the Asus. Then all they need to do is join the wifi via the main AP's GUI and be good to go.
 

Ranger802004

Very Senior Member
1) I seem to recall that the WAN device was inaccessible in a web browser when I tried it with different subnets, but I will confirm when next out there.
2) I will try that and report back later this week. I love the idea of using the CGNAT range to avoid subnet conflicts. Even if a Marina is powered by Telus (typically uses those 100.x.x.x IPs), it probably won't matter, since there's a normal Marina router as a link in the chain, in between.
3) Defective DHCP that doesn't pull all the IP/gateway details. Weird stuff like it has 192.168.xx.104 as IP, 255.255.255.0 as mask, 0.0.0.0 (or blank) as gateway, blank DNS. You can change to static, but all details must be entered, which implies having an understanding of how to look them up. No, most boat owners would not readily grasp out to do that after moving.
4) The booster will still have internet, and it'll be responding to requests on the LAN, but traffic exiting Merlin's WAN port doesn't seem to reach or go beyond the booster.

I'll report back once I try a few of your suggestions.
Do me a favor when you get a chance?

Run these commands when your booster is connected and when it is not connected, I want to see if the router is seeing the WAN Gateway drop off when it disconnects and vice verse.
Code:
nvram get wan0_ipaddr
nvram get wan0_gateway
 
Last edited:

BikeHelmet

Regular Contributor
Can't think of any reason why the booster (I'm assuming just an access point/router with high gain antenna for WAN and ethernet for LAN) wouldn't be accessible from the LAN. As far as the asus is concerened, it is just another site on the internet. You can reach your cable modem 192.168.100.1 through it so it isn't blocking private IPs or anything. Should work. Perhaps there was an IP overlap or conflict when you tried, which would cause routing issues.
Pretty much - except with more limited/glitchy software.

Well, the mystery has been solved. The main computer in the boat had 255.255.0.0 hardcoded in. It was able to access the LAN subnet, but not the WAN subnet. After carefully checking every device I found out that it works using side by side subnets, non-overlapping, so long as nobody got bright and changed those subnet masks to be way too large. In Tomato, you use the Route Modem IP box. In Merlin, it just does it. No loopback cable required. As for the booster - it's still glitchy as heck and can't reliably pull WAN IP info using DHCP, so has to have gateway/dns/etc static.
So basically the boat owner is first getting an IP via DHCP then going in and filling in the gateway and DNS? That's what's confusing me you say static WAN IP on the booster but it seems they wouldn't have the knowledge on how to do that.
This is the big problem. They'll probably need a different booster. Or to write down all the settings at frequented marinas, and ignore the rest.
The blank DNS isn't necessarily an issue you can tell the asus to use google DNS or whatever you want but obviously it needs to know its gateway if running in router mode. My guess is years of salt air and not the cleanest AC power just do these things in after a while. Maybe they need to know to reboot the thing every time they pull into a new marina then go in and join the wifi.
Periodic rebooting does seem to help these things, but this particular one has very impaired software, and still won't pull WAN IP settings. All the others that I have dealt with at least did that.
You'd think these boat owners who will drop $1000 on gas in a day would be willing to swap out their old faulty hardware. The most expensive part of that setup is the antennas and the coax cable, you could get an old N access point or router with the same number of antenna (1 or 2 probably) and possibly an adapter for the cables (if it is an old cable with the big N connector, there is an N to RP-SMA adapter) all for under $100 easily. Then just plug that into the WAN of the Asus. Then all they need to do is join the wifi via the main AP's GUI and be good to go.
Haha - who knows? Maybe they only take it out once or twice per year? Plenty of people pay for things that they barely use.

Those adapters and high gain antenna are a little pricier in Canada - $200-250 would still cover it though.

Do me a favor when you get a chance?

Run these commands when your booster is connected and when it is not connected, I want to see if the router is seeing the WAN Gateway drop off when it disconnects and vice verse.
Code:
nvram get wan0_ipaddr
nvram get wan0_gateway
I ran the commands several times. It does not. Both are completely unchanged while disconnected.
 

drinkingbird

Senior Member
Those adapters and high gain antenna are a little pricier in Canada - $200-250 would still cover it though.

I'm saying to can keep the current antenna and coax wiring and just get an older N AP to replace the "booster". Depending what end is on the coax cable, may or may not need adapters.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top