0

I have two home routers. Router A is a TP-Link AX1500 and Router B is a TP-Link AX1800. Router A is downstairs with its WAN interface connected to my modem. Router B's WAN interface is connected to Router A's LAN interface.

Router A's default gateway is assigned to the IP address of 192.168.0.1/24, and I have a DHCP reservation in Router A assigned for Router B as 192.168.0.100. Router B's default gateway is 192.168.1.0/24. Router B is currently running with DHCP enabled as I have a Raspberry Pi connected with a static IP of 192.168.1.101. The firewall is disabled on Router B.

From the Raspberry Pi, I can ping both Router B and Router A (192.168.1.1 and 192.168.0.1), however; from any device connected directly to Router A, I cannot ping my Pi. I attempted to configure the routing table of Router A with route 192.168.1.0/24 via 192.168.0.100, however; when I ping 192.168.1.101 I receive a host unreachable error. Therefore, I can ping upwards so to speak, but not downwards.

I am new to networking so I do not even know how to specify my problem, however; I think that I am trying to connect two subnets. I would like to make my Pi which is connected to Router B exposed to Router A such that I can configure port forwarding and make the device accessible over the internet. Of course, the easiest solution would be to relocate the Pi and directly connect it to Router A. This is unfortunately non-ideal for my setup for reasons I will not go into.

I have access to the configuration for both routers.

Improve this question
4
  • 3
    do you actually want to have two separate networks? Note that using consumer grade internet access routers, you won;t be able to easily connect from the outter network to the inner network. These devices wer'nt designed for this purpose, and have features that make them impractical as interior routers (NAT/SPF configuration which usually can't be disabled while still functioning as a router). if you only want one network, connect the outter router to the inter routers LAN instead of WAN, or put the inner router in bridge mode.
    – Frank Thomas
    Commented Apr 16 at 22:02
  • 1
    Note that your scenario on port forwarding from the public internet is still possible even if the outer network systems cannot reach the inner network. just as you port forward from the public address to your outer LAN, you would point the forwarding rule to the inner router, and create port forwarding rules on the inner router that lets the outer router (and network) to communicate with the server on the inner network. You won't have full bi-directional connectivity, but you should be able to access that one service from the outer network or the internet.
    – Frank Thomas
    Commented Apr 16 at 22:17
  • 1
    In addition make sure you just have ONE DHCP server. The second router should be on the same subnet as the first router
    – anon
    Commented Apr 16 at 22:17
  • @FrankThomas Your comment about port forwarding was appropriate for my use case by allowing me to continue to use both routers as access points. Please post it as an answer so I can accept it.
    – 777bpc
    Commented Apr 16 at 23:14

1 Answer 1

Reset to default
0

So, as discussed in the comments, Consumer-grade Internet access routers are devices designed with two basic purposes in mind; to allow all devices on a LAN to share a single public IP while being able to observe the entire Internet, while simultaneously preventing the Internet from seeing them. In essence, they let you gaze long into an abyss (but the abyss can't gaze back into you). This is enabled via a pair of technologies, Source Network Address Translation (SNAT), and Stateful Packet Filtering. These technologies are intrinsic to the device, and in the vast majority of cases cannot be disabled, without disabling routing entirely (which is typically called Bridge mode).

It is possible, as you know, to expose specific services to the Public Internet using a technology called Destination NAT (DNAT; aka Port Forwarding). There are obvious limitations to it (ever have two kids with their own PS4 trying to play games with their friends?), but its serviceable enough for simple applications.

Since you have two routers between your server and your public IP, your inner network is in what is called a Double NAT scenario. The term is somewhat dreaded, but as long as your not hearing teens complain about PSN Nat types (basically any use of UPNP to dynamically forward ports will fail in double NAT), its a tractable situation if static rules are appropriate to your usecase.

To make a Double/Triple/N-le NAT configuration work for static port rules, you need to create a chain of forwarding, such that the outermost router accepts new unsolicited connection attempts, forwards them to the next inner router, on a port which is configured to accept new connection attempts and ultimately forward them to the server:port a service is accepting connections on.

  1. Create a Port Forwarding rule on the outer router (and any required firewall rules). The destination IP should be the inner routers IP on the outer network. you can use any destination port you want really, especially if its above 1024. try to avoid common protocols.

  2. configure a port forwarding rule on the inner router, accepting traffic from the port you used in step 1, with the destination IP and port being the servers IP and the services port.

  3. Testing port forward rules can be difficult when using consumer-grade equipment. if your routers support Hairpin NAT you can enable it on both routers to test the port forwarding configuration from inside your LAN. if not, the easiest thing to do is go to a coffee shop (or a bar) to test it. Alternately, a VPN, VPS, or cloud-hosted system can help to test a port forwarding configuration.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .