Accessing device on different subnet while using different gateways. Is bridging necessary?

viragomann

@preposterous_story
So to nail this down run a packet capture on LAN3, while you try to access the homeserver from another subnet.

Specify the server IP and the port you access in the respective filter fields, start the capture and try to access it.
The check out if there are packets going to the server properly and if responses are coming back.

Uglybrian

Did you change your rules. On your rule sets for Destination you need to put LAN1 Address or what ever port addresses you want to go to.

You can see under your current rules that no states are being made. So those rules ere not being utilized for what for want to accomplish.

preposterous_story

@viragomann

Here it is:

20:24:11.001731 IP 192.168.100.10.52865 > 192.168.102.2.443: tcp 0
20:24:11.002123 IP 192.168.102.2.443 > 192.168.100.10.52865: tcp 0

192.168.100.10 is my computer's IP and there are multiple packets with changing ports trying to access the same IP. And then the home server tries to access my device.

viragomann

@preposterous_story
But this is now port 443, so probably TLS, which inserts an additional layer.
Are you able to access the server via HTTPS, when the client PC is on the same subnet as the server?

preposterous_story

@viragomann

Sorry for that. There's no issue with this, the server automatically changes from http to https, but I've written in the address bar "https://192.168.102.2" that's why.

Now I've realised there's no internet on the port where I want to have the server. I have to deal with this also.

preposterous_story

Are you able to access the server via HTTPS, when the client PC is on the same subnet as the server?

Yes, but this is when I use it on the router with all ports on the same subnet. And subnet is different.

But I want to be able to have VPN connection, but local access to my home server which is not connected to a VPN.

preposterous_story

@Uglybrian

I made a screenshot when I finished testing.

I tried now to see if I can access the home server on LAN2 because I have internet access there.
The rules are useful, they are passing traffic, but I get CLOSED:SYN_SENT state. I have no idea why is that so.

viragomann

@preposterous_story
Seems that the server is blocking the traffic anyhow.

@preposterous_story said in Accessing device on different subnet while using different gateways. Is bridging necessary?:

I tried now to see if I can access the home server on LAN2 because I have internet access there.

You'll have to add a rule to LAN2 to permit access.

Uglybrian

CLOSED:SYN_SENT- means nothing is replying.

preposterous_story

Thank you all for helping me.

In the end I've managed to make it work.

As you said, following rule(s) were necessary to access devices on OPT1 and OPT2 respectively.

There are some things that I learned along the way:

1. When spoofing MAC address, don't spoof it on the interface you are accessing the web GUI from.
2. Don't spoof WAN MAC address when connected to internet. Do it with WAN port disconnected. Also, clear DHCP leases on your upstream modem/router.
3. When you already have an enabled interface, but then want to spoof MAC address, delete the interface first and then recreate it with spoofed MAC address. Reenabling doesn't work properly.
4. Sometimes the device you're trying to access doesn't allow access from different subnet. This is the case with my OpenWRT router, but home server works flawlessly.