×

Switch Account

2 subnets with one FIOS router

2 subnets with one FIOS router

SOLVED
Reply
Highlighted
Contributor dcybnrmal
Contributor
Posts: 3
Registered: ‎05-06-2012
Message 1 of 14
(32,648 Views)

I am using the FIOS router for home and sometimes need to test certain situations for my work.  I have set up a virtual lab that uses the 192.188.1.x subnet from the router.  I have also set up a second virtual network that uses the 192.168.2.x subnet and have the two networks routed (virtually) between them.  When it comes to accessing the internet, all of my .1 hosts, physical and virtual can connect with no problem, but none of my .2 hosts can do this.  DNS resolution works, but actual outbound traffic is somehow being blocked.  I set up a network object that contains all the IP addresses of my 192.168.2.x subnet and created a new input and output rule in Firewall > Advanced Filtering that allows all outbound and inbound traffic to/from the other subnet.  It still doesn't work, but I think I'm close.  I can't see anything else that would block this and the firewall logging doesn't really help either.  Has anyone been able to successful do this?  Just to clarify, I do not have and additional physical routers in the mix, all virtual using Windows routing and Hyper-V virtualization.

Any help is appreciated.

Thanks

13 REPLIES 13
Gold Contributor VII Gold Contributor VII
Gold Contributor VII
Posts: 1,949
Registered: ‎05-27-2010
Message 2 of 14
(32,637 Views)

The issue is that the ActionTec appears to only apply the NAT for the inside segment that's the address of it's inside address.  So, while you might have routing working internally and with the router, any traffic which flows from the .2 network toward the internet passes thru without the NAT being applied.  If you were to have your FiOS router provisioned on the WAN side to use ethernet, you could see this with a packet sniffer.

 

I have not yet found a place to make a rule adjustment to also NAT the secondary network -- so I've just resort to building my tests behind a second NAT router and NAT everything leaving my .2 and .3 networks first onto .1 and then out to the internet.

Contributor dcybnrmal
Contributor
Posts: 3
Registered: ‎05-06-2012
Message 3 of 14
(32,633 Views)

Thanks for the reply.  Can you explain what you mean by

 

so I've just resort to building my tests behind a second NAT router and NAT everything leaving my .2 and .3 networks first onto .1 and then out to the internet

 

Thanks

Gold Contributor VII Gold Contributor VII
Gold Contributor VII
Posts: 1,949
Registered: ‎05-27-2010
Message 4 of 14
(32,623 Views)

My home network is on 192.168.1.x (attached to the actiontec)

I have a secondary NAT router (Cisco Linksys) running in the standard internet configuration with it's WAN interface connected to the ActionTec (and getting a 192.168.1.x address) and the private LAN addressed as 192.168.2.x (it's running in NAT/Firewall mode so everything which passes thru it get's assigned the 192.168.1.x address of the WAN interface of the Linksys).

 

Behind the Linksys, I have a router and some switches running various configurations with VLAN's and additional networks -- such 192.168.3.x and 192.168.4.x) and these are all routed internally on that network and defined to the Cisco Linksys.  Anything from these networks that get routed to the Linksys NAT to the 192.168.1.x address on their way to the internet (the linksys can handle multiple networks).

 

Contributor dcybnrmal
Contributor
Posts: 3
Registered: ‎05-06-2012
Message 5 of 14
(32,617 Views)

Ok, I see that now, but is it possible to acheive the same thing without using a seperate (physical) router?  I'm wondering if I dedicate on my server's NICs and dedicate one of the Actiontec's router ports for a seperate VLAN?

Platinum Contributor III
Platinum Contributor III
Posts: 6,819
Registered: ‎08-23-2008
Message 6 of 14
(32,530 Views)

Do you have an old PC sitting around? I have the Actiontec as my primary router, and IP-Cop as my secondary router. It will run on a low power PC, 60gig HD AMD 2400 CPU 515meg of ram. But I have mine running on something with a little more horse power. I also have Dan's Guardian K-12 Proxy filter installed. The PC has 3 nics and 2 subnets. It does allot, and shows the active connections on the NATs. So if you are looking to learn a bit about Linux or just need a more powerful router, look here. Easy to install and also manage through a web interface once the setup of the  hardware is complete, you remove the keyboard, mouse, and monitor. 

 

http://ipcop.org/index.php

Contributor Bill1
Contributor
Posts: 3
Registered: ‎09-05-2012
Message 7 of 14
(32,262 Views)

I am attempeting to setup a second router for the purpose of having my personal equipment on one network and some work equipment on another.  Since I managed to lockup the Actiontec with a couple of failed attempts, I was hoping someone could walk me through the config settings on the Actiontec router.

 

I have the following settings available on the Actiontec, but step #3 could have resulted in the lock up when adding a new route:

 

1) Advanced
2) Routing  (IGMP is Checked ; Domain Routing is unchecked)
3) Route Settings as follows:
Name Options:  (What is the intent of the "Name Options" setting?)

- Network (Home/Office)
- Broadband Connection (Ethernet)
- Broadband Connection (Coax)
- Network (Home Office) Wireless 802.11g Access Point
- WANPPoE
- WAN PPoE2
Destination: 0.0.0.0 -- can this be more specific? Can I point this to the 192.168.1.1 (default) or other subnets for example?
Netmask: 255.255.255.0 assuming a /24 subnet
Gateway: 192.168.2.1
Metric ?

 

I'm open to any other know working solutions.  I'm not concerned about supporting wifi on the second router.  I would like to eventually allow limited external access from the public internet either via public web address or perhaps a VPN client.  Also, I plan to keep all my other family equipment on the Actiontec since I want a supported setup should something happen when I'm on the road and my wife needs to call Verizon for support.

 

Actiotec hardware info:

-----------------

Firmware Version: 20.19.8

Model Name: MI424WR-GEN2

Hardware Version: F

 

Thanks

 

Bill

Contributor andybackus
Contributor
Posts: 1
Registered: ‎04-17-2013
Message 8 of 14
(31,141 Views)

I have the same issuewith a work lab behind routers with multiple 10.x.x.x private networks.  As you stated, none of these subnets can connect to the Internet due to the limitation that the Vz router will only NAT the directly connected 192.168.1.0 subnet.  And yes, I can ping the Vz router 192.168.1.1 from these 10.x subnets.

 

2 different techs had no idea what I was describing, but the 2nd escalated me to the vendor who Vz oems the router from, Actiontec.  The Actiontec engineer said all routes behind the device should get NAT'd and no settings are required.  Unfortuanetly, they (actiontec)  do not do direct customer support and he would only answer that one question after a lot of pleading on my part - I was unable to tell him he was incorrect.

 

I recalled that I had a previous Vz model on which I corrected this with a simple configuration setting. Since a hardware  upgrade, I cannot seem to find the same configurtation option.

 

 

Contributor PointyStick
Contributor
Posts: 1
Registered: ‎12-10-2013
Message 9 of 14
(29,288 Views)

Thanks to this thread, I was able to fix this issue on my own network

 

My network is simple, an Actiontec router with a 192.168.0.0/24 subnet for the "untrusted" home network and a second internal router with a 192.168.1.0/24 subnet for my trusted network. To get this set up to work, I first added a static route for 192.168.1.0/24 on the actiontec router to the gateway (the 2nd router). From inside the 2nd subnet I could then ping the actiontec router, but nothing on the internet. The issue was the actiontec's broadband connection subnet mask. By setting it to 255.255.254.0, it included the 2nd subnet and the NAT started working. I can do this without changing the DHCP.

For reference, the setting is not in the advanced page, it is in My Network -> Network Connections -> Network (Home/Office) -> Settings -> Subnet Mask (the first one, not the DHCP one)

 

If you have more complicated internal networks, you could try reducing the mask further.

Gold Contributor VII
Gold Contributor VII
Posts: 1,778
Registered: ‎05-14-2009
Message 10 of 14
(29,265 Views)

@PointyStick wrote:

Thanks to this thread, I was able to fix this issue on my own network

 

My network is simple, an Actiontec router with a 192.168.0.0/24 subnet for the "untrusted" home network and a second internal router with a 192.168.1.0/24 subnet for my trusted network. To get this set up to work, I first added a static route for 192.168.1.0/24 on the actiontec router to the gateway (the 2nd router). From inside the 2nd subnet I could then ping the actiontec router, but nothing on the internet. The issue was the actiontec's broadband connection subnet mask. By setting it to 255.255.254.0, it included the 2nd subnet and the NAT started working. I can do this without changing the DHCP.

For reference, the setting is not in the advanced page, it is in My Network -> Network Connections -> Network (Home/Office) -> Settings -> Subnet Mask (the first one, not the DHCP one)

 

If you have more complicated internal networks, you could try reducing the mask further.


 

PointyStick, you say something that contradicts I just want clarity.  You say the issue was with actiontecs broadband connection subnet mask but then you say to go to network (Home/office).  Those are to different connections (WAN vs LAN)  

 

Also just so you are aware of what you did, by changing the subnet mask from 255.255.255.0 to 255.255.254.0 means that 192.168.0.0 and 192.168.1.0 are on the same network.  The 255.255.254.0 means 512 hosts which 192.168.0.1-192.168.1.254 is the subnet range.  See IP calc below.

 

hosts.JPG

How-To Videos
 
The following videos were produced by users like you!
   
Videos are subject to the Verizon Fios Community Terms of Service and User Guidelines and contains content that is not created by Verizon.


Browse Categories
Categories:
Posts

Verizon Troubleshooters
Unable to find your answer here? Try searching Verizon Troubleshooters for more options.