An Accepted Solution is available for this post.
Cascaded routers: no internet access when second router not use NAT
puravida3
Newbie
‎07-30-2014 08:20 AM

Cascaded routers: no internet access when second router not use NAT

Here is my setup:

[pre]

WAN

|

-------------------------------

| 74.96.170.x (WAN IP)         |

| Router1(Verizon FiOS Router) |

| Model: MI424WR-GEN2 (Rev F)  |

| Firmware: 20.21.0.2          |

| Def router: 74.96.170.1      |

| 192.168.1.1 (Local IP)       |

-------------------------------

|

---------------------------

|  192.168.1.22 (WAN IP)   |

|  Router2(Linksys)        |

|  Model: WRT54GL v1.1     |

|  Firmware: v4.30.16      |

|  Def Router: 192.168.1.1 |

|  192.168.2.1 (Local IP)  |

---------------------------

|

----------------------------

| Computer 192.168.2.160   |

| Def Router: 192.168.2.1  |

"q.route" 120L, 4441C written

[m.wang@m-wang-ltm2:/Users/m.wang/m/Network]

$ more q.route 

Cascaded routers: no internet access when second router not use NAT

Here is my setup:

[pre]

WAN 

-------------------------------

| 74.96.170.x (WAN IP)         | 

| Router1(Verizon FiOS Router) | 

| Model: MI424WR-GEN2 (Rev F)  | 

| Firmware: 20.21.0.2          |

| Def router: 74.96.170.1      |

| 192.168.1.1 (Local IP)       | 

-------------------------------

|

---------------------------

|  192.168.1.22 (WAN IP)   | 

|  Router2(Linksys)        | 

|  Model: WRT54GL v1.1     |

|  Firmware: v4.30.16      |

|  Def Router: 192.168.1.1 |

|  192.168.2.1 (Local IP)  |

---------------------------

|

---------------------------- 

| Computer 192.168.2.160   | 

| Def Router: 192.168.2.1  | 

| NO iptables, basic setup |

----------------------------

[/pre]

On computer, I have:

[pre]

# route

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

default         192.168.2.1     0.0.0.0         UG    2      0        0 enp2s0

loopback        localhost       255.0.0.0       UG    0      0        0 lo

192.168.2.0     *               255.255.255.0   U     0      0        0 enp2s0

[/pre]

On Router2, I have:

[pre]

Routing Table Entry List

Destination LAN IP | Subnet Mask   | Gateway   | Hop Count | Interface

192.168.2.0          255.255.255.0   0.0.0.0     1           LAN & Wireless

192.168.1.0          255.255.255.0   0.0.0.0     1           WAN (Internet)

0.0.0.0              0.0.0.0         192.168.1.1 1           WAN (Internet)

[/pre]

Router2's Operating Mode is Gateway. On Router1, I have: 

[pre]

[Router1] Routing Table

Name                  Destination Gateway      Netmask       Metric   Status

Network (Home/Office) 192.168.2.0 192.168.1.22 255.255.255.0 0        Applied 

Network (Home/Office) 192.168.1.0 192.168.1.1  255.255.255.0 0        Applied 

Routing Protocol: Internet Group Management Protocol (IGMP)

Default Gateway: 74.96.170.1

[/pre]

On computer, I can run tcptraceroute to yahoo.com OK:

[pre]

# tcptraceroute yahoo.com

Selected device enp2s0, address 192.168.2.160, port 46596 for outgoing packets

Tracing the path to yahoo.com (206.190.36.45) on TCP port 80 (http), 30 hops max

 1  192.168.2.1  0.610 ms  0.729 ms  0.735 ms

 2  192.168.1.1  1.843 ms  1.378 ms  1.363 ms

 3  l100.washdc-vfttp-107.verizon-gni.net (96.241.146.1)  13.620 ms * *

... /* It reached the destination. */

[/pre]

I want to change Router2's Operating Mode from "Gateway" to "Router" because I

want to turn off NAT on Router2 so that I can access all computers attached to

Router2 by their individual IP instead of using port forwarding at Router2.

The problem is after the mode change from "Gateway" to "Router", and regardless

whether I disable RIP or enable RIP, and on what interfaces it is enabled, computer

192.168.2.160 does not have internet connection. 

Observations:

[0] INTRAnet works as I can reach computer 192.168.2.160 from computer behind Router1

192.168.1.x and vice versa.

[1] ping and traceroute *work* on Router2 itself using the built-in dianostic tool.

[2] nslookup on computer 192.168.2.160 always works on new lookup. It uses

192.168.2.1 as the resolver.

[3] tcptraceroute stops after step 2:

[pre]

# tcptraceroute yahoo.com

Selected device enp2s0, address 192.168.2.160, port 45999 for outgoing packets

Tracing the path to yahoo.com (98.139.183.24) on TCP port 80 (http), 30 hops max

 1  192.168.2.1  2.553 ms  0.534 ms  0.638 ms

 2  192.168.1.1  1.342 ms  0.964 ms  0.867 ms

 3  * * *

[/pre]

[4] tcpdump shows that computer 192.168.2.160 tries to reach out and nothing is returned:

[pre]

13:34:03.172828 IP 192.168.2.160.45999 > 98.139.183.24.http: Flags [S], seq 1122548929, win 0, length 0

13:34:06.175786 IP 192.168.2.160.45999 > 98.139.183.24.http: Flags [S], seq 1122548929, win 0, length 0

13:34:09.178804 IP 192.168.2.160.45999 > 98.139.183.24.http: Flags [S], seq 1122548929, win 0, length 0

[/pre]

This is not expected because NAT to internet should still be done by Router1, no? Computer

behind Router1 with IP 192.168.1.x has internet connection.

[5] It looks like I cannot change the Routing Table Entry on Router2. I do not think I need to change anything,

just an observation.

[6] If I use LAN to LAN connection, then both intranet and internet works. [The internet IP of Router2 can be

anything not in the same subnet of the Router1, and DHCP on the local side should be disabled to avoid conflict

with the the DHCP on Router1].

0 Likes
Reply
2 Replies
An Accepted Solution is available for this post.
Re: Cascaded routers: no internet access when second router not use NAT
CaptainSTX
Contributor - Level 3
‎07-30-2014 08:37 AM

Do you have a question or is this supposed to be a tutorial?

A network can only have a single router in any subnet.   Using multiple routers is possible in a network, but they each need to be in their own subnet.  Otherwise cascade routers LAN - LAN and disable  DHCP on the downstream routers, which effectively turns them into APs and switches if you use the remaining three Ethernet ports.

Double NATing routers isn't difficult, but unless you know what you are doing or follow exact instructions you get a poorly or non functioning network.  I have three routers double NATed behing my Actiontec and they all work fine and I get 85/40 when using Ethernet.  (Still waiting for the upload boost to take effect.)

0 Likes
Reply
An Accepted Solution is available for this post.
Re: Cascaded routers: no internet access when second router not use NAT
puravida3
Newbie
‎07-30-2014 06:47 PM

I have a question. Unfortunately in order to ask my question, I have to have a lengthy description of my setup. Basically, I have a second Linksys router in "router" operating mode with NAT disabled connected to the Verizon router, and I have a computer which is in a different subnet (192.168.2.x) behind the Linksys router. This computer can communicate with computers behind Verizon router in subnet (192.168.1.x), but cannot reach internet. This is a simplified version of my question, full details are in the original post.

If I setup the Linksys router in "gateway" operating mode, which means with NAT enabled, then both intranet and internet works, but there is no easy way to setup port forwarding for 10 compueters in 192.168.2.x network to communicate with 10 computers in 192.168.1.x network.

If I setup the Linksys router in a LAN to LAN configuration with Verizon routers, but this way all computers are in the same subnet, I want them to be in different subnet for access control and things like that.

I hope this makes things a little clear.

Thanks.

0 Likes
Reply