You are here

Mesh + local network

6 posts / 0 new
Last post
4X5DL
Mesh + local network
I've 2 units of Ubiquiti M2 units here that I was able to mesh together on a short distance (5km)
I've connected my home side to my home network and wanted to reach from inside the network the Rocket M2 unit.

While I can attach my laptop directly to the unit and have access,
no matter what I did - thru the home network when I connect the LAN side of my POE to the router I just can't reach it.

I've tried to use NAT with static IP (192.168.1.20) where my router's scope is 192.168.1.0/24
and I also tried to have WAN with IP 192.168.1.20 with subnet 255.255.255.0 and GW 192.168.1.1

Any suggestions on how to achieve that?

Thanks and 73,
Yaniv
4X5DL
 
AE6XE
AE6XE's picture
Yanlv, 
Yanlv, 

Connecting your home network to the node's WAN side, the mesh node's firewall blocks the incoming traffic from access to the AREDN network.     

If you merge together your home network LAN and the mesh node LAN, then review to make sure there are not conflicting IP addresses for any 2 devices.   Also, make sure there aren't 2 DHCP servers on this 192.168.1.x network.     Then make sure your computer has a route to send 10.x.x.x addresses to the mesh node.  it could be using a default route going to your home router, rather than the mesh node.

Joe AE6XE 
w6abj
Joe,
Joe,

What is the easiest way to unblock the node's firewall to allow incoming traffic..

Rich W6ABJ
AE6XE
AE6XE's picture
Rich,  There will be more
Rich,  There will be more settings necessary beyond unlocking the firewall.  My comments are in context to traffic coming in on the WAN interface of the node, which is coming from a home network or internet.   

The design is a NAT (address translation) and commonly used on home wifi-router between the internet and your home network.    The problem is, the internet has no way to route to your internal  home network, typically 192.168.x.x.  This is "unroutable" by definition.  Same for the AREDN node, 10.x.x.x is unroutable on the internet.    Now in your case, you could add a route on all devices on your home network so that "10.x.x.x" addresses are routed to the mesh node, which has a single IP address from and on your home network.   This would take care of this issue. 

But then, we run into the problem that a device on the mesh can't get back to your home network address of 192.168.x.x.  This is a ''default" route on the mesh.  Thus, a mesh node will pick the closest advertised gateway to route this traffic back, which might find a way to someone else's home network and fail.  You'd also have to advertise your mesh node as a mesh gateway.   This starts becoming a can of worms.  

It is better, clean, and working solution, to put a device on the LAN of mesh node, then you can access both the mesh and devices on your home network.  This is like a device on your home network accessing the internet.  This is how the design was intended.  The architecture intends to block the internet reaching your home network, and subsequently also blocking the home network from reaching the mesh network.  There's aren't simple settings to work around, rather it has to be redesigned. To have a full solution, you'd need routable IP addresses everywhere.

With the design in use, it is common to do port forwards from internet -> home network, and same on mesh home network -> mesh network.

Joe AE6XE
w6abj
Thank You
Thank You
KC5LIO
Browsing mesh from regular LAN

Yaniv,
I was never able to get the NAT mode to work properly on the mesh node.  Perhaps my solution will help you or at least give you some ideas.
https://www.arednmesh.org/content/integrating-aredn-node-my-home-network
 

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer