0

I have two routers: (A) an "N300" Netgear wireless ADSL (model DGN2200) and (B) an FVS318 Netgear VPN firewall.

Router A LAN address = 192.168.0.1
Router B WAN address = 192.168.0.2 (connected to router A's LAN)
Router B LAN address = 192.168.0.3
Router B gateway = 192.168.0.1 (router A)
All netmasks 255.255.255.0

webserver = 192.168.0.31 is on router A's LAN.

Setup 1:

computer (192.168.0.32) connected to router B's LAN port.
computer gateway set to 192.168.0.3
computer cannot see anything but router B.

Setup 2:

Router B connected to router A's LAN via router B LAN port rather than the WAN port.
computer gateway set to 192.168.0.1
computer can see router A and webserver, but pinging 8.8.8.8 yields "network unreachable".

Setup 3:

computer by-passing router B and connecting directly to router A's LAN
computer gateway set to 192.168.0.1
All is good.

All addresses are static.

So, what have I missed?

Improve this question

1 Answer 1

Reset to default
0

Note that when I say "dumb switch", I just mean an unmanaged switch. It is a common technical term, and I'm not trying to be insulting.

Problem with setup #1:

The typical assumption is that a router's LAN and WAN ports are on different subnets. The addresses you gave, 192.168.0.2 and 192.168.0.3, are not on different subnets. That may violate some sort of assumptions in some routing rules.

Solutions include:

  • Place your LAN on a different subnet. e.g., 192.168.1.###

    • If you go through the effort to do this, you may be doing some more proper subnetting, causing the firewall to be able to actually perform its designed process (doing you some actual good by providing some protection).
    • Note: This may lead to some other complications. For instance, you end up using double-NAT (at least for IPv4). You might want to set settings like port forwarding, or setting a DMZ. Such complications might, or might not, also provide some useful benefits. (In some cases, opinions vary.) If you don't double-NAT, router A will need to know about the 192.168.1.xxx subnet, which may require that an additional route gets configured. (Manually assigning a static route would be the common approach.)
  • Place the connection between router A and router B on one of your router's LAN ports.
    • This is likely to make your router treat the devices like they are on the same subnet, and to not try to perform "routing". Routing basically means moving traffic from one subnet to another. By using all LAN ports, most router default configurations will end up causing all those LAN ports to be treated like one subnet. The end result is that your router may essentially act much like a dumb switch, and not even really "route" at all. Which might be just fine for you. Unless/until you have a firm grasp of subnetting, routing might just end up being an unnecessary complication for you. So this might be perfectly acceptable for you.
    • Basically, this describes your "Setup 2". With many routers, that will work fine. (Firewalls are routers; they are enhanced routers.) However, some devices (perhaps especially firewalls) may be more prone to be protective. They might be intelligent enough to realize that 8.8.8.8 doesn't belong on the LAN port. So instead of acting like a dumb switch, it may be trying to provide protection (which is, after all, what firewalls a basically marketed to do.) The solution is to adjust the firewall's configuration. Easy way to prove this: try borrowing a dumb switch, and using that in place of the firewall. You'll likely fine everything works. (Like setup #3.)
      • This might sound good in theory. You might find that it is more challenging to actually do, than to say. Firewall configurations can be rather easy, or rather difficult. Trying to get your firewall to act (not like a firewall, nor as a router, but just) like a dumb switch might actually be a bit more challenging than doing things the "right way".

If you have questions, please ask. (There's lots more I could tell you, but I see no point in overwhelming you with even more information, which might be quite unnecessary. So, if you want to know something about networking, just ask.)

Improve this answer
4
  • I have tried 192.168.1.### as a subnet under router B and the results are pretty much the same. (computer 192.168.1.32 gateway 192.168.1.1 router gateway 192.168.0.1 LAN 192.168.1.1) That was my second guess. I'm currently running Setup 3 while I sort things out.
    – Experienced n00b
    Commented Sep 6, 2016 at 7:51
  • Feel free to overwhelm me. No offense taken.
    – Experienced n00b
    Commented Sep 6, 2016 at 7:58
  • RIP is currently disabled.
    – Experienced n00b
    Commented Sep 6, 2016 at 8:13
  • double-NAT may well be the problem. Don't bother responding, unless I come up with "double-NAT solution doesn't work".
    – Experienced n00b
    Commented Sep 6, 2016 at 8:34

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .