4

In the network shown below, the Netgear router has a LAN interface address of 192.168.1.1 and its DHCP assigns addresses starting at 1.201.

The Linksys router's LAN interface address is 192.168.0.1 and its DHCP assigns addresses starting at 0.101. Its WAN interface is attached to the Netgear router at a static address of 192.168.1.10.

The problem is that computers on the .1.201 subnet cannot reach computers on the .0.101 subnet, even after disabling NAT and SPI firewall on the Linksys router, and adding a static route at the Netgear router as follows:

Destination IP: 192.168.0.0
Mask: 255.255.255.0
Gateway IP: 192.168.1.10

A tracert gets as far as 192.168.1.10 (192.168.0.1) then dies.

I wondered if the problem might be the return trip, but the existing route table at the Linksys router shown below already has an entry for 192.168.1.0 as follows, and won't let me add another route (complains about invalid static route):

Destination IP: 192.168.1.0
Mask: 255.255.255.0
Gateway: 0.0.0.0
Interface: WAN

Computers on the .0.101 subnet can reach computers on the .1.201 subnet - it is the reverse which is the problem.

Incidentally, the Netgear router is connected to the internet via its WAN port, and all computers on both networks can reach the internet.

My ultimate goal is to limit access from .1.201 to .0.101 to certain computers only, via static route(s).

Network diagram at http://flymike.dreamhosters.com/Static%20Route%20Problem.jpg

Improve this question

3 Answers 3

Reset to default
0

Do you have a specific reason why you want some devices to be on a different IP subnet than other devices? If not, then make "Router B" be just a bridge. Turn off its NAT, Router, Firewall, and DHCP server features. Let it get its own IP address via its built-in DHCP client just like any other device.

If you have a router that doesn't let you turn off NAT gatewaying or IP forwarding/routing, you can just stop using its WAN port. Just plug one of its LAN ports into the other router's LAN port. If you have a router that doesn't let you turn off its DHCP service, try setting its DHCP IP address lease pool to zero (i.e. give it a zero-length range of IP addresses to serve out via DHCP).

By the way, if you really do have a good reason to keep "Router B" as an IP-forwarding router instead of just a bridge, your problem is probably with the static route you put on Router A. You needed to point Router A that the upstream/WAN/.1.x subnet IP address of Router B. That's the only interface that Router A can "see" of Router B. But it looks from your Question like you tried to point Router A and the "downstream/LAN/0.x subnet IP address of Router B, which still doesn't tell Router A how to reach that subnet.

Improve this answer
1
  • 1
    My ultimate goal is to limit access from .1.201 to .0.101 to certain computers only, via static route(s). I had already tried the static route configuration you suggest, and have now edited the question to reflect that.
    – flymike
    Commented Jul 3, 2013 at 5:30
0

Its a bit complex to answer the question meaningfully without more information. (A diagram, OS's and more information about the setup of each client might be usefull, as would what happens on a traceroute in the reverse direction. Also copies of the routing tables on each router, and the IP addresses assigned to each interface on the routers are really required).

From the limited information provided to me I suspect the gateway on router B might be wrong, or it is missing a static route.

In general terms, and where I suspect your problem lies -

The WAN interface on router B needs to be in the range of the LAN interface on A (eg 192.168.1.253), and needs to be static. Router A in term needs a route specified for 192.168.0.0/24 vi 192.168.1.253 (assuming 192.168.1.253 is the address of the LAN interface on A)

Similarly, Router B needs a static route to router A (192.168.1.1) for 192.168.1.0/24.

Improve this answer
2
  • I have shown the routing table of router B (Linksys). That router won't let me add more routes destined to 192.168.1.0 (complains invalid route). But (successful) traceroutes from 0.101 to 1.201 go through that router.
    – flymike
    Commented Jul 3, 2013 at 5:39
  • I dont see route table, only interface details. A route is generally invalid because it was entered wrongly (normally with a gateway which can't be reached). Again, difficult to advise the cause without the details I requested. I'm guessing that router A is performing NAT/translation as that would explain the 1-way connectivity working. To do things "properly" (and making assumptions about the networks external connectivity because of no diagram) you need to remove NAT and add static routes between the 192.168.0 and 192.168.1 gateway on the opposite routers.
    – davidgo
    Commented Jul 3, 2013 at 18:46
0

Change your subnet mask from 255.255.255.0 to 255.255.0.0

...or any value in the second position, that's less than .255, if you're only dealing with one subnet, .254 should work.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .