Set up routing to forward requests to a subnet to a certain router
Here is how my home network is set up:
There is an ISP-provided gateway which does DHCP for 192.168.29.0/24
. I connected two routers to this gateway as clients, (R1 and R2, with respective IPs 192.168.29.2
, 192.168.29.3
).
The routers do DHCP under 192.168.0.0/24
and 192.168.1.0/24
.
As a client on, say, R2, (192.168.1.3
), I would like to reach a client on R1 (the printer, 192.168.0.2
). I set up a static route in R2 to let it forward 192.168.0.x
requests to 192.168.29.2
, which is R1:
However, it appears that R1 doesn't accept the request. I'm guessing it looks like a request from WAN to R1, (which it sort of is), and I have no idea what setting to even look for to let it accept this. And, accept what? What would I be trying to accept -- "packets from outside to inside"? I'm not sure how to even describe this.
Running a traceroute to a R1 client shows that it's hitting R1. Nothing happens then, it's a time-out.
joseph@MBA : ~
[130] % traceroute 192.168.0.5
traceroute to 192.168.0.5 (192.168.0.5), 64 hops max, 52 byte packets
1 r2 (192.168.1.1) 4.888 ms 4.537 ms 3.970 ms
2 192.168.29.2 (192.168.29.2) 5.185 ms 5.291 ms 7.068 ms
Where do I go from here?
networking routing
migrated from serverfault.com Dec 23 '18 at 18:39
This question came from our site for system and network administrators.
add a comment |
Here is how my home network is set up:
There is an ISP-provided gateway which does DHCP for 192.168.29.0/24
. I connected two routers to this gateway as clients, (R1 and R2, with respective IPs 192.168.29.2
, 192.168.29.3
).
The routers do DHCP under 192.168.0.0/24
and 192.168.1.0/24
.
As a client on, say, R2, (192.168.1.3
), I would like to reach a client on R1 (the printer, 192.168.0.2
). I set up a static route in R2 to let it forward 192.168.0.x
requests to 192.168.29.2
, which is R1:
However, it appears that R1 doesn't accept the request. I'm guessing it looks like a request from WAN to R1, (which it sort of is), and I have no idea what setting to even look for to let it accept this. And, accept what? What would I be trying to accept -- "packets from outside to inside"? I'm not sure how to even describe this.
Running a traceroute to a R1 client shows that it's hitting R1. Nothing happens then, it's a time-out.
joseph@MBA : ~
[130] % traceroute 192.168.0.5
traceroute to 192.168.0.5 (192.168.0.5), 64 hops max, 52 byte packets
1 r2 (192.168.1.1) 4.888 ms 4.537 ms 3.970 ms
2 192.168.29.2 (192.168.29.2) 5.185 ms 5.291 ms 7.068 ms
Where do I go from here?
networking routing
migrated from serverfault.com Dec 23 '18 at 18:39
This question came from our site for system and network administrators.
add a comment |
Here is how my home network is set up:
There is an ISP-provided gateway which does DHCP for 192.168.29.0/24
. I connected two routers to this gateway as clients, (R1 and R2, with respective IPs 192.168.29.2
, 192.168.29.3
).
The routers do DHCP under 192.168.0.0/24
and 192.168.1.0/24
.
As a client on, say, R2, (192.168.1.3
), I would like to reach a client on R1 (the printer, 192.168.0.2
). I set up a static route in R2 to let it forward 192.168.0.x
requests to 192.168.29.2
, which is R1:
However, it appears that R1 doesn't accept the request. I'm guessing it looks like a request from WAN to R1, (which it sort of is), and I have no idea what setting to even look for to let it accept this. And, accept what? What would I be trying to accept -- "packets from outside to inside"? I'm not sure how to even describe this.
Running a traceroute to a R1 client shows that it's hitting R1. Nothing happens then, it's a time-out.
joseph@MBA : ~
[130] % traceroute 192.168.0.5
traceroute to 192.168.0.5 (192.168.0.5), 64 hops max, 52 byte packets
1 r2 (192.168.1.1) 4.888 ms 4.537 ms 3.970 ms
2 192.168.29.2 (192.168.29.2) 5.185 ms 5.291 ms 7.068 ms
Where do I go from here?
networking routing
Here is how my home network is set up:
There is an ISP-provided gateway which does DHCP for 192.168.29.0/24
. I connected two routers to this gateway as clients, (R1 and R2, with respective IPs 192.168.29.2
, 192.168.29.3
).
The routers do DHCP under 192.168.0.0/24
and 192.168.1.0/24
.
As a client on, say, R2, (192.168.1.3
), I would like to reach a client on R1 (the printer, 192.168.0.2
). I set up a static route in R2 to let it forward 192.168.0.x
requests to 192.168.29.2
, which is R1:
However, it appears that R1 doesn't accept the request. I'm guessing it looks like a request from WAN to R1, (which it sort of is), and I have no idea what setting to even look for to let it accept this. And, accept what? What would I be trying to accept -- "packets from outside to inside"? I'm not sure how to even describe this.
Running a traceroute to a R1 client shows that it's hitting R1. Nothing happens then, it's a time-out.
joseph@MBA : ~
[130] % traceroute 192.168.0.5
traceroute to 192.168.0.5 (192.168.0.5), 64 hops max, 52 byte packets
1 r2 (192.168.1.1) 4.888 ms 4.537 ms 3.970 ms
2 192.168.29.2 (192.168.29.2) 5.185 ms 5.291 ms 7.068 ms
Where do I go from here?
networking routing
networking routing
asked Dec 23 '18 at 10:11
Joseph A.Joseph A.
9541819
9541819
migrated from serverfault.com Dec 23 '18 at 18:39
This question came from our site for system and network administrators.
migrated from serverfault.com Dec 23 '18 at 18:39
This question came from our site for system and network administrators.
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
The easiest option for you would be to have all your devices in 192.168.29.0/24 subnet. Don't use the WAN port on either R1 or R2, and connect all cables to the LAN ports.
You need to also disable DHCP server on R1
and R2
so that only the GW will provision IP addresses via DHCP.
This way you don't need to consider routing at all.
Original answer:
I assume that you don't have NAT enabled in R1 or R2, which must be the case.
In order for routing to work between two clients in different networks, both ends must have proper routing table entries set:
R2 must have the entry:
Route network 192.168.0.0/24 via 192.168.29.2
R1 must have the entry
Route network 192.168.1.0/24 via 192.168.29.3
You need to have these entries both ways, because IP packets are forwarded in a stateless fashion- Each router looks only at the IP packet destination address and consults the routing entry for that address.
So, if the other router does not have to proper entries, it will forward the reply packets to wrong router, in this case the GW, which is the default route assigned in the router.
Thanks for your reply. R2 has NAT enabled, actually, and R1's is enabled as well (I see no option to disable it there at all, while disabling it on R2 disabled the internet connection). How do I work with this?
– Joseph A.
Dec 23 '18 at 12:37
Actually you also need to set up routes from GW to both 192.168.0.0/24 and 192.168.1.0/24 via their respective routers. If you cannot disable NAT, then you need to use port forwarding on the routers, and then it gets real complicated.
– Tero Kilkanen
Dec 23 '18 at 17:28
I added a more simple way to work aroung the issue.
– Tero Kilkanen
Dec 23 '18 at 17:31
Update: now changed DHCP on both R1 and R2 to hand out IPs in the192.168.29.0/24
range, switched cables from WAN to LAN ports. One router is complaining about its LAN IP being "on the same subnet as its WAN IP" -- which is strange since it doesn't even have a WAN IP anymore -- the WAN cable is unplugged. Anyhow, this was sound advice, and I worked around it by setting the "WAN IP" to a nonsensical address outside the 192.168.29.0/24 range.
– Joseph A.
Dec 25 '18 at 6:48
I had to create a custom routing entry on the problematic router to something likeforward 1.0.0.0 subnet 255.0.0.0 to 192.168.29.1
, since it was trying to forward it to the nonsensical WAN IP (it refuses to forward internet traffic to the LAN gw). This feels like a hack -- I could not input 0.0.0.0 so I inputted 1.0.0.0. Will this have an effect on Internet access? Sort of feels like it will. The router in question is a TP-Link Archer C20V1.
– Joseph A.
Dec 25 '18 at 6:49
|
show 3 more comments
You didn't mention the brand and model of the routers so the answer can be just in general...
As you have mentioned in the comment for previous port and didn't mentioned in the original request there is NAT in place what is quite important part of the issue...
R1
route 192.169.1.0/24 via 192.168.29.3
R2
route 192.168.0.0/24 via 192.168.29.2
NAT
In general all the "cross network" traffic will come to the same interface as other (let say internet) traffic so for your last part of the question it will come to the "next" router into outside interface. Physically it will use the Switch device stated on the schema in original post - request. The most probably you will have to allow this traffic to not be blocked.
The firewall/NAT will have to be changed to reflect your expectation...
you can keep NAT for outgoing traffic without change so all traffic going from 192.169.1.0/24 will be sNATed to 192.168.29.3 (including traffic for destination in 192.168.0.0/24). You will not be able to differentiate between the source devices behind the R2. For allowing incoming traffic you would need to allow source IP 192.168.29.3 @R1.
you can exclude the traffic with destination 192.168.0.0/24 to be sNATed on R2 so on R1 (and on the devices on 192.168.0.0/24) you will see original source IP for the traffic. For allowing incoming traffic you would need to allow source IP 192.168.1.0/24 @R1 and in case you would like to allow traffic originated on R2 you would allow also source IP 192.168.29.3 @R1.
other option may be creating tunnel (e.g. ipsec) between R1 and R2 and in that case you can bypass this NAT / firewall "issue" using routing using virtual interface or by using crypto maps (in case of ipsec). In case of this option you can even static routes handle via crypto maps. But here it would be more brand specific to point out "correct" key words to search for more information or providing specific hints.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1387185%2fset-up-routing-to-forward-requests-to-a-subnet-to-a-certain-router%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
The easiest option for you would be to have all your devices in 192.168.29.0/24 subnet. Don't use the WAN port on either R1 or R2, and connect all cables to the LAN ports.
You need to also disable DHCP server on R1
and R2
so that only the GW will provision IP addresses via DHCP.
This way you don't need to consider routing at all.
Original answer:
I assume that you don't have NAT enabled in R1 or R2, which must be the case.
In order for routing to work between two clients in different networks, both ends must have proper routing table entries set:
R2 must have the entry:
Route network 192.168.0.0/24 via 192.168.29.2
R1 must have the entry
Route network 192.168.1.0/24 via 192.168.29.3
You need to have these entries both ways, because IP packets are forwarded in a stateless fashion- Each router looks only at the IP packet destination address and consults the routing entry for that address.
So, if the other router does not have to proper entries, it will forward the reply packets to wrong router, in this case the GW, which is the default route assigned in the router.
Thanks for your reply. R2 has NAT enabled, actually, and R1's is enabled as well (I see no option to disable it there at all, while disabling it on R2 disabled the internet connection). How do I work with this?
– Joseph A.
Dec 23 '18 at 12:37
Actually you also need to set up routes from GW to both 192.168.0.0/24 and 192.168.1.0/24 via their respective routers. If you cannot disable NAT, then you need to use port forwarding on the routers, and then it gets real complicated.
– Tero Kilkanen
Dec 23 '18 at 17:28
I added a more simple way to work aroung the issue.
– Tero Kilkanen
Dec 23 '18 at 17:31
Update: now changed DHCP on both R1 and R2 to hand out IPs in the192.168.29.0/24
range, switched cables from WAN to LAN ports. One router is complaining about its LAN IP being "on the same subnet as its WAN IP" -- which is strange since it doesn't even have a WAN IP anymore -- the WAN cable is unplugged. Anyhow, this was sound advice, and I worked around it by setting the "WAN IP" to a nonsensical address outside the 192.168.29.0/24 range.
– Joseph A.
Dec 25 '18 at 6:48
I had to create a custom routing entry on the problematic router to something likeforward 1.0.0.0 subnet 255.0.0.0 to 192.168.29.1
, since it was trying to forward it to the nonsensical WAN IP (it refuses to forward internet traffic to the LAN gw). This feels like a hack -- I could not input 0.0.0.0 so I inputted 1.0.0.0. Will this have an effect on Internet access? Sort of feels like it will. The router in question is a TP-Link Archer C20V1.
– Joseph A.
Dec 25 '18 at 6:49
|
show 3 more comments
The easiest option for you would be to have all your devices in 192.168.29.0/24 subnet. Don't use the WAN port on either R1 or R2, and connect all cables to the LAN ports.
You need to also disable DHCP server on R1
and R2
so that only the GW will provision IP addresses via DHCP.
This way you don't need to consider routing at all.
Original answer:
I assume that you don't have NAT enabled in R1 or R2, which must be the case.
In order for routing to work between two clients in different networks, both ends must have proper routing table entries set:
R2 must have the entry:
Route network 192.168.0.0/24 via 192.168.29.2
R1 must have the entry
Route network 192.168.1.0/24 via 192.168.29.3
You need to have these entries both ways, because IP packets are forwarded in a stateless fashion- Each router looks only at the IP packet destination address and consults the routing entry for that address.
So, if the other router does not have to proper entries, it will forward the reply packets to wrong router, in this case the GW, which is the default route assigned in the router.
Thanks for your reply. R2 has NAT enabled, actually, and R1's is enabled as well (I see no option to disable it there at all, while disabling it on R2 disabled the internet connection). How do I work with this?
– Joseph A.
Dec 23 '18 at 12:37
Actually you also need to set up routes from GW to both 192.168.0.0/24 and 192.168.1.0/24 via their respective routers. If you cannot disable NAT, then you need to use port forwarding on the routers, and then it gets real complicated.
– Tero Kilkanen
Dec 23 '18 at 17:28
I added a more simple way to work aroung the issue.
– Tero Kilkanen
Dec 23 '18 at 17:31
Update: now changed DHCP on both R1 and R2 to hand out IPs in the192.168.29.0/24
range, switched cables from WAN to LAN ports. One router is complaining about its LAN IP being "on the same subnet as its WAN IP" -- which is strange since it doesn't even have a WAN IP anymore -- the WAN cable is unplugged. Anyhow, this was sound advice, and I worked around it by setting the "WAN IP" to a nonsensical address outside the 192.168.29.0/24 range.
– Joseph A.
Dec 25 '18 at 6:48
I had to create a custom routing entry on the problematic router to something likeforward 1.0.0.0 subnet 255.0.0.0 to 192.168.29.1
, since it was trying to forward it to the nonsensical WAN IP (it refuses to forward internet traffic to the LAN gw). This feels like a hack -- I could not input 0.0.0.0 so I inputted 1.0.0.0. Will this have an effect on Internet access? Sort of feels like it will. The router in question is a TP-Link Archer C20V1.
– Joseph A.
Dec 25 '18 at 6:49
|
show 3 more comments
The easiest option for you would be to have all your devices in 192.168.29.0/24 subnet. Don't use the WAN port on either R1 or R2, and connect all cables to the LAN ports.
You need to also disable DHCP server on R1
and R2
so that only the GW will provision IP addresses via DHCP.
This way you don't need to consider routing at all.
Original answer:
I assume that you don't have NAT enabled in R1 or R2, which must be the case.
In order for routing to work between two clients in different networks, both ends must have proper routing table entries set:
R2 must have the entry:
Route network 192.168.0.0/24 via 192.168.29.2
R1 must have the entry
Route network 192.168.1.0/24 via 192.168.29.3
You need to have these entries both ways, because IP packets are forwarded in a stateless fashion- Each router looks only at the IP packet destination address and consults the routing entry for that address.
So, if the other router does not have to proper entries, it will forward the reply packets to wrong router, in this case the GW, which is the default route assigned in the router.
The easiest option for you would be to have all your devices in 192.168.29.0/24 subnet. Don't use the WAN port on either R1 or R2, and connect all cables to the LAN ports.
You need to also disable DHCP server on R1
and R2
so that only the GW will provision IP addresses via DHCP.
This way you don't need to consider routing at all.
Original answer:
I assume that you don't have NAT enabled in R1 or R2, which must be the case.
In order for routing to work between two clients in different networks, both ends must have proper routing table entries set:
R2 must have the entry:
Route network 192.168.0.0/24 via 192.168.29.2
R1 must have the entry
Route network 192.168.1.0/24 via 192.168.29.3
You need to have these entries both ways, because IP packets are forwarded in a stateless fashion- Each router looks only at the IP packet destination address and consults the routing entry for that address.
So, if the other router does not have to proper entries, it will forward the reply packets to wrong router, in this case the GW, which is the default route assigned in the router.
edited Dec 25 '18 at 11:43
answered Dec 23 '18 at 11:36
Tero KilkanenTero Kilkanen
1,38069
1,38069
Thanks for your reply. R2 has NAT enabled, actually, and R1's is enabled as well (I see no option to disable it there at all, while disabling it on R2 disabled the internet connection). How do I work with this?
– Joseph A.
Dec 23 '18 at 12:37
Actually you also need to set up routes from GW to both 192.168.0.0/24 and 192.168.1.0/24 via their respective routers. If you cannot disable NAT, then you need to use port forwarding on the routers, and then it gets real complicated.
– Tero Kilkanen
Dec 23 '18 at 17:28
I added a more simple way to work aroung the issue.
– Tero Kilkanen
Dec 23 '18 at 17:31
Update: now changed DHCP on both R1 and R2 to hand out IPs in the192.168.29.0/24
range, switched cables from WAN to LAN ports. One router is complaining about its LAN IP being "on the same subnet as its WAN IP" -- which is strange since it doesn't even have a WAN IP anymore -- the WAN cable is unplugged. Anyhow, this was sound advice, and I worked around it by setting the "WAN IP" to a nonsensical address outside the 192.168.29.0/24 range.
– Joseph A.
Dec 25 '18 at 6:48
I had to create a custom routing entry on the problematic router to something likeforward 1.0.0.0 subnet 255.0.0.0 to 192.168.29.1
, since it was trying to forward it to the nonsensical WAN IP (it refuses to forward internet traffic to the LAN gw). This feels like a hack -- I could not input 0.0.0.0 so I inputted 1.0.0.0. Will this have an effect on Internet access? Sort of feels like it will. The router in question is a TP-Link Archer C20V1.
– Joseph A.
Dec 25 '18 at 6:49
|
show 3 more comments
Thanks for your reply. R2 has NAT enabled, actually, and R1's is enabled as well (I see no option to disable it there at all, while disabling it on R2 disabled the internet connection). How do I work with this?
– Joseph A.
Dec 23 '18 at 12:37
Actually you also need to set up routes from GW to both 192.168.0.0/24 and 192.168.1.0/24 via their respective routers. If you cannot disable NAT, then you need to use port forwarding on the routers, and then it gets real complicated.
– Tero Kilkanen
Dec 23 '18 at 17:28
I added a more simple way to work aroung the issue.
– Tero Kilkanen
Dec 23 '18 at 17:31
Update: now changed DHCP on both R1 and R2 to hand out IPs in the192.168.29.0/24
range, switched cables from WAN to LAN ports. One router is complaining about its LAN IP being "on the same subnet as its WAN IP" -- which is strange since it doesn't even have a WAN IP anymore -- the WAN cable is unplugged. Anyhow, this was sound advice, and I worked around it by setting the "WAN IP" to a nonsensical address outside the 192.168.29.0/24 range.
– Joseph A.
Dec 25 '18 at 6:48
I had to create a custom routing entry on the problematic router to something likeforward 1.0.0.0 subnet 255.0.0.0 to 192.168.29.1
, since it was trying to forward it to the nonsensical WAN IP (it refuses to forward internet traffic to the LAN gw). This feels like a hack -- I could not input 0.0.0.0 so I inputted 1.0.0.0. Will this have an effect on Internet access? Sort of feels like it will. The router in question is a TP-Link Archer C20V1.
– Joseph A.
Dec 25 '18 at 6:49
Thanks for your reply. R2 has NAT enabled, actually, and R1's is enabled as well (I see no option to disable it there at all, while disabling it on R2 disabled the internet connection). How do I work with this?
– Joseph A.
Dec 23 '18 at 12:37
Thanks for your reply. R2 has NAT enabled, actually, and R1's is enabled as well (I see no option to disable it there at all, while disabling it on R2 disabled the internet connection). How do I work with this?
– Joseph A.
Dec 23 '18 at 12:37
Actually you also need to set up routes from GW to both 192.168.0.0/24 and 192.168.1.0/24 via their respective routers. If you cannot disable NAT, then you need to use port forwarding on the routers, and then it gets real complicated.
– Tero Kilkanen
Dec 23 '18 at 17:28
Actually you also need to set up routes from GW to both 192.168.0.0/24 and 192.168.1.0/24 via their respective routers. If you cannot disable NAT, then you need to use port forwarding on the routers, and then it gets real complicated.
– Tero Kilkanen
Dec 23 '18 at 17:28
I added a more simple way to work aroung the issue.
– Tero Kilkanen
Dec 23 '18 at 17:31
I added a more simple way to work aroung the issue.
– Tero Kilkanen
Dec 23 '18 at 17:31
Update: now changed DHCP on both R1 and R2 to hand out IPs in the
192.168.29.0/24
range, switched cables from WAN to LAN ports. One router is complaining about its LAN IP being "on the same subnet as its WAN IP" -- which is strange since it doesn't even have a WAN IP anymore -- the WAN cable is unplugged. Anyhow, this was sound advice, and I worked around it by setting the "WAN IP" to a nonsensical address outside the 192.168.29.0/24 range.– Joseph A.
Dec 25 '18 at 6:48
Update: now changed DHCP on both R1 and R2 to hand out IPs in the
192.168.29.0/24
range, switched cables from WAN to LAN ports. One router is complaining about its LAN IP being "on the same subnet as its WAN IP" -- which is strange since it doesn't even have a WAN IP anymore -- the WAN cable is unplugged. Anyhow, this was sound advice, and I worked around it by setting the "WAN IP" to a nonsensical address outside the 192.168.29.0/24 range.– Joseph A.
Dec 25 '18 at 6:48
I had to create a custom routing entry on the problematic router to something like
forward 1.0.0.0 subnet 255.0.0.0 to 192.168.29.1
, since it was trying to forward it to the nonsensical WAN IP (it refuses to forward internet traffic to the LAN gw). This feels like a hack -- I could not input 0.0.0.0 so I inputted 1.0.0.0. Will this have an effect on Internet access? Sort of feels like it will. The router in question is a TP-Link Archer C20V1.– Joseph A.
Dec 25 '18 at 6:49
I had to create a custom routing entry on the problematic router to something like
forward 1.0.0.0 subnet 255.0.0.0 to 192.168.29.1
, since it was trying to forward it to the nonsensical WAN IP (it refuses to forward internet traffic to the LAN gw). This feels like a hack -- I could not input 0.0.0.0 so I inputted 1.0.0.0. Will this have an effect on Internet access? Sort of feels like it will. The router in question is a TP-Link Archer C20V1.– Joseph A.
Dec 25 '18 at 6:49
|
show 3 more comments
You didn't mention the brand and model of the routers so the answer can be just in general...
As you have mentioned in the comment for previous port and didn't mentioned in the original request there is NAT in place what is quite important part of the issue...
R1
route 192.169.1.0/24 via 192.168.29.3
R2
route 192.168.0.0/24 via 192.168.29.2
NAT
In general all the "cross network" traffic will come to the same interface as other (let say internet) traffic so for your last part of the question it will come to the "next" router into outside interface. Physically it will use the Switch device stated on the schema in original post - request. The most probably you will have to allow this traffic to not be blocked.
The firewall/NAT will have to be changed to reflect your expectation...
you can keep NAT for outgoing traffic without change so all traffic going from 192.169.1.0/24 will be sNATed to 192.168.29.3 (including traffic for destination in 192.168.0.0/24). You will not be able to differentiate between the source devices behind the R2. For allowing incoming traffic you would need to allow source IP 192.168.29.3 @R1.
you can exclude the traffic with destination 192.168.0.0/24 to be sNATed on R2 so on R1 (and on the devices on 192.168.0.0/24) you will see original source IP for the traffic. For allowing incoming traffic you would need to allow source IP 192.168.1.0/24 @R1 and in case you would like to allow traffic originated on R2 you would allow also source IP 192.168.29.3 @R1.
other option may be creating tunnel (e.g. ipsec) between R1 and R2 and in that case you can bypass this NAT / firewall "issue" using routing using virtual interface or by using crypto maps (in case of ipsec). In case of this option you can even static routes handle via crypto maps. But here it would be more brand specific to point out "correct" key words to search for more information or providing specific hints.
add a comment |
You didn't mention the brand and model of the routers so the answer can be just in general...
As you have mentioned in the comment for previous port and didn't mentioned in the original request there is NAT in place what is quite important part of the issue...
R1
route 192.169.1.0/24 via 192.168.29.3
R2
route 192.168.0.0/24 via 192.168.29.2
NAT
In general all the "cross network" traffic will come to the same interface as other (let say internet) traffic so for your last part of the question it will come to the "next" router into outside interface. Physically it will use the Switch device stated on the schema in original post - request. The most probably you will have to allow this traffic to not be blocked.
The firewall/NAT will have to be changed to reflect your expectation...
you can keep NAT for outgoing traffic without change so all traffic going from 192.169.1.0/24 will be sNATed to 192.168.29.3 (including traffic for destination in 192.168.0.0/24). You will not be able to differentiate between the source devices behind the R2. For allowing incoming traffic you would need to allow source IP 192.168.29.3 @R1.
you can exclude the traffic with destination 192.168.0.0/24 to be sNATed on R2 so on R1 (and on the devices on 192.168.0.0/24) you will see original source IP for the traffic. For allowing incoming traffic you would need to allow source IP 192.168.1.0/24 @R1 and in case you would like to allow traffic originated on R2 you would allow also source IP 192.168.29.3 @R1.
other option may be creating tunnel (e.g. ipsec) between R1 and R2 and in that case you can bypass this NAT / firewall "issue" using routing using virtual interface or by using crypto maps (in case of ipsec). In case of this option you can even static routes handle via crypto maps. But here it would be more brand specific to point out "correct" key words to search for more information or providing specific hints.
add a comment |
You didn't mention the brand and model of the routers so the answer can be just in general...
As you have mentioned in the comment for previous port and didn't mentioned in the original request there is NAT in place what is quite important part of the issue...
R1
route 192.169.1.0/24 via 192.168.29.3
R2
route 192.168.0.0/24 via 192.168.29.2
NAT
In general all the "cross network" traffic will come to the same interface as other (let say internet) traffic so for your last part of the question it will come to the "next" router into outside interface. Physically it will use the Switch device stated on the schema in original post - request. The most probably you will have to allow this traffic to not be blocked.
The firewall/NAT will have to be changed to reflect your expectation...
you can keep NAT for outgoing traffic without change so all traffic going from 192.169.1.0/24 will be sNATed to 192.168.29.3 (including traffic for destination in 192.168.0.0/24). You will not be able to differentiate between the source devices behind the R2. For allowing incoming traffic you would need to allow source IP 192.168.29.3 @R1.
you can exclude the traffic with destination 192.168.0.0/24 to be sNATed on R2 so on R1 (and on the devices on 192.168.0.0/24) you will see original source IP for the traffic. For allowing incoming traffic you would need to allow source IP 192.168.1.0/24 @R1 and in case you would like to allow traffic originated on R2 you would allow also source IP 192.168.29.3 @R1.
other option may be creating tunnel (e.g. ipsec) between R1 and R2 and in that case you can bypass this NAT / firewall "issue" using routing using virtual interface or by using crypto maps (in case of ipsec). In case of this option you can even static routes handle via crypto maps. But here it would be more brand specific to point out "correct" key words to search for more information or providing specific hints.
You didn't mention the brand and model of the routers so the answer can be just in general...
As you have mentioned in the comment for previous port and didn't mentioned in the original request there is NAT in place what is quite important part of the issue...
R1
route 192.169.1.0/24 via 192.168.29.3
R2
route 192.168.0.0/24 via 192.168.29.2
NAT
In general all the "cross network" traffic will come to the same interface as other (let say internet) traffic so for your last part of the question it will come to the "next" router into outside interface. Physically it will use the Switch device stated on the schema in original post - request. The most probably you will have to allow this traffic to not be blocked.
The firewall/NAT will have to be changed to reflect your expectation...
you can keep NAT for outgoing traffic without change so all traffic going from 192.169.1.0/24 will be sNATed to 192.168.29.3 (including traffic for destination in 192.168.0.0/24). You will not be able to differentiate between the source devices behind the R2. For allowing incoming traffic you would need to allow source IP 192.168.29.3 @R1.
you can exclude the traffic with destination 192.168.0.0/24 to be sNATed on R2 so on R1 (and on the devices on 192.168.0.0/24) you will see original source IP for the traffic. For allowing incoming traffic you would need to allow source IP 192.168.1.0/24 @R1 and in case you would like to allow traffic originated on R2 you would allow also source IP 192.168.29.3 @R1.
other option may be creating tunnel (e.g. ipsec) between R1 and R2 and in that case you can bypass this NAT / firewall "issue" using routing using virtual interface or by using crypto maps (in case of ipsec). In case of this option you can even static routes handle via crypto maps. But here it would be more brand specific to point out "correct" key words to search for more information or providing specific hints.
answered Dec 24 '18 at 23:32
Kamil JKamil J
1213
1213
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1387185%2fset-up-routing-to-forward-requests-to-a-subnet-to-a-certain-router%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown