2 subnets with one FIOS router
dcybnrmal
Newbie

I am using the FIOS router for home and sometimes need to test certain situations for my work.  I have set up a virtual lab that uses the 192.188.1.x subnet from the router.  I have also set up a second virtual network that uses the 192.168.2.x subnet and have the two networks routed (virtually) between them.  When it comes to accessing the internet, all of my .1 hosts, physical and virtual can connect with no problem, but none of my .2 hosts can do this.  DNS resolution works, but actual outbound traffic is somehow being blocked.  I set up a network object that contains all the IP addresses of my 192.168.2.x subnet and created a new input and output rule in Firewall > Advanced Filtering that allows all outbound and inbound traffic to/from the other subnet.  It still doesn't work, but I think I'm close.  I can't see anything else that would block this and the firewall logging doesn't really help either.  Has anyone been able to successful do this?  Just to clarify, I do not have and additional physical routers in the mix, all virtual using Windows routing and Hyper-V virtualization.

Any help is appreciated.

Thanks

Labels (1)
Tags (3)
0 Likes
1 Solution

Correct answers
Re: 2 subnets with one FIOS router
Jin356b
Enthusiast - Level 1

I figured out a way to get these P0S routers to NAT all my internal networks, WITHOUT having to add a secondary NAT router in between. Say for instance my default internal network is 192.168.1.0/24, and the verizon router's internal IP is 192.168.1.1. Then I have 2 internally routed networks: 192.168.2.0/24 and 192.168.3.0/24. To get the verizon router to NAT the 192.168.2.0/24 and 192.168.3.0/24 nets, you have to trick it into thinking that these networks are part of it's default internal network.

1. Go the router's My Network -> Network Connections -> edit LAN

2. Click the Settings button

3. Scroll down to Routing Table and click New Route

4. Enter the routes to your internal networks. Ensure you leave the metric at 0.

5. Repeat steps 3 & 4 for all your internal networks

6. Apply the settings.

7. At this point all your internal networks should be able to communicate with one another (provided you setup each device's default gateway correctly).

8. Go back into the LAN connection settings page

9. Scroll down until you see the IP Address and Subnet Mask fields. The IP Address should already be set to 192.168.1.1. Change the subnet mask to 255.255.0.0.

10. Apply the settings.

This will trick the router into NATing all 192.168.x.x networks. And the static routes you entered in step 4 will ensure the 'incorrect' subnet mask doesn't break internal routing. I Hope this helps all you Enterprise Network admins that are stuck using this crap... 

View solution in original post

0 Likes
Re: 2 subnets with one FIOS router
lasagna
Community Leader
Community Leader

The issue is that the ActionTec appears to only apply the NAT for the inside segment that's the address of it's inside address.  So, while you might have routing working internally and with the router, any traffic which flows from the .2 network toward the internet passes thru without the NAT being applied.  If you were to have your FiOS router provisioned on the WAN side to use ethernet, you could see this with a packet sniffer.

I have not yet found a place to make a rule adjustment to also NAT the secondary network -- so I've just resort to building my tests behind a second NAT router and NAT everything leaving my .2 and .3 networks first onto .1 and then out to the internet.

0 Likes
Re: 2 subnets with one FIOS router
dcybnrmal
Newbie

Thanks for the reply.  Can you explain what you mean by

so I've just resort to building my tests behind a second NAT router and NAT everything leaving my .2 and .3 networks first onto .1 and then out to the internet

Thanks

0 Likes
Re: 2 subnets with one FIOS router
lasagna
Community Leader
Community Leader

My home network is on 192.168.1.x (attached to the actiontec)

I have a secondary NAT router (Cisco Linksys) running in the standard internet configuration with it's WAN interface connected to the ActionTec (and getting a 192.168.1.x address) and the private LAN addressed as 192.168.2.x (it's running in NAT/Firewall mode so everything which passes thru it get's assigned the 192.168.1.x address of the WAN interface of the Linksys).

Behind the Linksys, I have a router and some switches running various configurations with VLAN's and additional networks -- such 192.168.3.x and 192.168.4.x) and these are all routed internally on that network and defined to the Cisco Linksys.  Anything from these networks that get routed to the Linksys NAT to the 192.168.1.x address on their way to the internet (the linksys can handle multiple networks).

Re: 2 subnets with one FIOS router
dcybnrmal
Newbie

Ok, I see that now, but is it possible to acheive the same thing without using a seperate (physical) router?  I'm wondering if I dedicate on my server's NICs and dedicate one of the Actiontec's router ports for a seperate VLAN?

0 Likes
Re: 2 subnets with one FIOS router
prisaz
Legend

Do you have an old PC sitting around? I have the Actiontec as my primary router, and IP-Cop as my secondary router. It will run on a low power PC, 60gig HD AMD 2400 CPU 515meg of ram. But I have mine running on something with a little more horse power. I also have Dan's Guardian K-12 Proxy filter installed. The PC has 3 nics and 2 subnets. It does allot, and shows the active connections on the NATs. So if you are looking to learn a bit about Linux or just need a more powerful router, look here. Easy to install and also manage through a web interface once the setup of the  hardware is complete, you remove the keyboard, mouse, and monitor. 

http://ipcop.org/index.php

0 Likes
Re: 2 subnets with one FIOS router
Bill165
Newbie

I am attempeting to setup a second router for the purpose of having my personal equipment on one network and some work equipment on another.  Since I managed to lockup the Actiontec with a couple of failed attempts, I was hoping someone could walk me through the config settings on the Actiontec router.

I have the following settings available on the Actiontec, but step #3 could have resulted in the lock up when adding a new route:

1) Advanced
2) Routing  (IGMP is Checked ; Domain Routing is unchecked)
3) Route Settings as follows:
Name Options:  (What is the intent of the "Name Options" setting?)

- Network (Home/Office)
- Broadband Connection (Ethernet)
- Broadband Connection (Coax)
- Network (Home Office) Wireless 802.11g Access Point
- WANPPoE
- WAN PPoE2
Destination: 0.0.0.0 -- can this be more specific? Can I point this to the 192.168.1.1 (default) or other subnets for example?
Netmask: 255.255.255.0 assuming a /24 subnet
Gateway: 192.168.2.1
Metric ?

I'm open to any other know working solutions.  I'm not concerned about supporting wifi on the second router.  I would like to eventually allow limited external access from the public internet either via public web address or perhaps a VPN client.  Also, I plan to keep all my other family equipment on the Actiontec since I want a supported setup should something happen when I'm on the road and my wife needs to call Verizon for support.

Actiotec hardware info:

-----------------

Firmware Version: 20.19.8

Model Name: MI424WR-GEN2

Hardware Version: F

Thanks

Bill

0 Likes
Re: 2 subnets with one FIOS router
andybackus
Newbie

I have the same issuewith a work lab behind routers with multiple 10.x.x.x private networks.  As you stated, none of these subnets can connect to the Internet due to the limitation that the Vz router will only NAT the directly connected 192.168.1.0 subnet.  And yes, I can ping the Vz router 192.168.1.1 from these 10.x subnets.

2 different techs had no idea what I was describing, but the 2nd escalated me to the vendor who Vz oems the router from, Actiontec.  The Actiontec engineer said all routes behind the device should get NAT'd and no settings are required.  Unfortuanetly, they (actiontec)  do not do direct customer support and he would only answer that one question after a lot of pleading on my part - I was unable to tell him he was incorrect.

I recalled that I had a previous Vz model on which I corrected this with a simple configuration setting. Since a hardware  upgrade, I cannot seem to find the same configurtation option.

0 Likes
Re: 2 subnets with one FIOS router
PointyStick
Newbie

Thanks to this thread, I was able to fix this issue on my own network

My network is simple, an Actiontec router with a 192.168.0.0/24 subnet for the "untrusted" home network and a second internal router with a 192.168.1.0/24 subnet for my trusted network. To get this set up to work, I first added a static route for 192.168.1.0/24 on the actiontec router to the gateway (the 2nd router). From inside the 2nd subnet I could then ping the actiontec router, but nothing on the internet. The issue was the actiontec's broadband connection subnet mask. By setting it to 255.255.254.0, it included the 2nd subnet and the NAT started working. I can do this without changing the DHCP.

For reference, the setting is not in the advanced page, it is in My Network -> Network Connections -> Network (Home/Office) -> Settings -> Subnet Mask (the first one, not the DHCP one)

If you have more complicated internal networks, you could try reducing the mask further.

0 Likes
Re: 2 subnets with one FIOS router
jumpin68ny
Master - Level 2

@PointyStick wrote:

Thanks to this thread, I was able to fix this issue on my own network

My network is simple, an Actiontec router with a 192.168.0.0/24 subnet for the "untrusted" home network and a second internal router with a 192.168.1.0/24 subnet for my trusted network. To get this set up to work, I first added a static route for 192.168.1.0/24 on the actiontec router to the gateway (the 2nd router). From inside the 2nd subnet I could then ping the actiontec router, but nothing on the internet. The issue was the actiontec's broadband connection subnet mask. By setting it to 255.255.254.0, it included the 2nd subnet and the NAT started working. I can do this without changing the DHCP.

For reference, the setting is not in the advanced page, it is in My Network -> Network Connections -> Network (Home/Office) -> Settings -> Subnet Mask (the first one, not the DHCP one)

If you have more complicated internal networks, you could try reducing the mask further.


PointyStick, you say something that contradicts I just want clarity.  You say the issue was with actiontecs broadband connection subnet mask but then you say to go to network (Home/office).  Those are to different connections (WAN vs LAN)  

Also just so you are aware of what you did, by changing the subnet mask from 255.255.255.0 to 255.255.254.0 means that 192.168.0.0 and 192.168.1.0 are on the same network.  The 255.255.254.0 means 512 hosts which 192.168.0.1-192.168.1.254 is the subnet range.  See IP calc below.

 

image

0 Likes