Why can't I reach subnet .0 from subnet .1 with this static route?












2















In the network shown below, the Netgear router has a LAN interface address of 192.168.1.1 and its DHCP assigns addresses starting at 1.201.



The Linksys router's LAN interface address is 192.168.0.1 and its DHCP assigns addresses starting at 0.101. Its WAN interface is attached to the Netgear router at a static address of 192.168.1.10.



The problem is that computers on the .1.201 subnet cannot reach computers on the .0.101 subnet, even after disabling NAT and SPI firewall on the Linksys router, and adding a static route at the Netgear router as follows:



Destination IP: 192.168.0.0
Mask: 255.255.255.0
Gateway IP: 192.168.1.10


A tracert gets as far as 192.168.1.10 (192.168.0.1) then dies.



I wondered if the problem might be the return trip, but the existing route table at the Linksys router shown below already has an entry for 192.168.1.0 as follows, and won't let me add another route (complains about invalid static route):



Destination IP: 192.168.1.0
Mask: 255.255.255.0
Gateway: 0.0.0.0
Interface: WAN


Computers on the .0.101 subnet can reach computers on the .1.201 subnet - it is the reverse which is the problem.



Incidentally, the Netgear router is connected to the internet via its WAN port, and all computers on both networks can reach the internet.



My ultimate goal is to limit access from .1.201 to .0.101 to certain computers only, via static route(s).



Network diagram at http://flymike.dreamhosters.com/Static%20Route%20Problem.jpg










share|improve this question





























    2















    In the network shown below, the Netgear router has a LAN interface address of 192.168.1.1 and its DHCP assigns addresses starting at 1.201.



    The Linksys router's LAN interface address is 192.168.0.1 and its DHCP assigns addresses starting at 0.101. Its WAN interface is attached to the Netgear router at a static address of 192.168.1.10.



    The problem is that computers on the .1.201 subnet cannot reach computers on the .0.101 subnet, even after disabling NAT and SPI firewall on the Linksys router, and adding a static route at the Netgear router as follows:



    Destination IP: 192.168.0.0
    Mask: 255.255.255.0
    Gateway IP: 192.168.1.10


    A tracert gets as far as 192.168.1.10 (192.168.0.1) then dies.



    I wondered if the problem might be the return trip, but the existing route table at the Linksys router shown below already has an entry for 192.168.1.0 as follows, and won't let me add another route (complains about invalid static route):



    Destination IP: 192.168.1.0
    Mask: 255.255.255.0
    Gateway: 0.0.0.0
    Interface: WAN


    Computers on the .0.101 subnet can reach computers on the .1.201 subnet - it is the reverse which is the problem.



    Incidentally, the Netgear router is connected to the internet via its WAN port, and all computers on both networks can reach the internet.



    My ultimate goal is to limit access from .1.201 to .0.101 to certain computers only, via static route(s).



    Network diagram at http://flymike.dreamhosters.com/Static%20Route%20Problem.jpg










    share|improve this question



























      2












      2








      2








      In the network shown below, the Netgear router has a LAN interface address of 192.168.1.1 and its DHCP assigns addresses starting at 1.201.



      The Linksys router's LAN interface address is 192.168.0.1 and its DHCP assigns addresses starting at 0.101. Its WAN interface is attached to the Netgear router at a static address of 192.168.1.10.



      The problem is that computers on the .1.201 subnet cannot reach computers on the .0.101 subnet, even after disabling NAT and SPI firewall on the Linksys router, and adding a static route at the Netgear router as follows:



      Destination IP: 192.168.0.0
      Mask: 255.255.255.0
      Gateway IP: 192.168.1.10


      A tracert gets as far as 192.168.1.10 (192.168.0.1) then dies.



      I wondered if the problem might be the return trip, but the existing route table at the Linksys router shown below already has an entry for 192.168.1.0 as follows, and won't let me add another route (complains about invalid static route):



      Destination IP: 192.168.1.0
      Mask: 255.255.255.0
      Gateway: 0.0.0.0
      Interface: WAN


      Computers on the .0.101 subnet can reach computers on the .1.201 subnet - it is the reverse which is the problem.



      Incidentally, the Netgear router is connected to the internet via its WAN port, and all computers on both networks can reach the internet.



      My ultimate goal is to limit access from .1.201 to .0.101 to certain computers only, via static route(s).



      Network diagram at http://flymike.dreamhosters.com/Static%20Route%20Problem.jpg










      share|improve this question
















      In the network shown below, the Netgear router has a LAN interface address of 192.168.1.1 and its DHCP assigns addresses starting at 1.201.



      The Linksys router's LAN interface address is 192.168.0.1 and its DHCP assigns addresses starting at 0.101. Its WAN interface is attached to the Netgear router at a static address of 192.168.1.10.



      The problem is that computers on the .1.201 subnet cannot reach computers on the .0.101 subnet, even after disabling NAT and SPI firewall on the Linksys router, and adding a static route at the Netgear router as follows:



      Destination IP: 192.168.0.0
      Mask: 255.255.255.0
      Gateway IP: 192.168.1.10


      A tracert gets as far as 192.168.1.10 (192.168.0.1) then dies.



      I wondered if the problem might be the return trip, but the existing route table at the Linksys router shown below already has an entry for 192.168.1.0 as follows, and won't let me add another route (complains about invalid static route):



      Destination IP: 192.168.1.0
      Mask: 255.255.255.0
      Gateway: 0.0.0.0
      Interface: WAN


      Computers on the .0.101 subnet can reach computers on the .1.201 subnet - it is the reverse which is the problem.



      Incidentally, the Netgear router is connected to the internet via its WAN port, and all computers on both networks can reach the internet.



      My ultimate goal is to limit access from .1.201 to .0.101 to certain computers only, via static route(s).



      Network diagram at http://flymike.dreamhosters.com/Static%20Route%20Problem.jpg







      networking routing






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jul 3 '13 at 5:28







      flymike

















      asked Jul 2 '13 at 20:29









      flymikeflymike

      11614




      11614






















          2 Answers
          2






          active

          oldest

          votes


















          0














          Do you have a specific reason why you want some devices to be on a different IP subnet than other devices? If not, then make "Router B" be just a bridge. Turn off its NAT, Router, Firewall, and DHCP server features. Let it get its own IP address via its built-in DHCP client just like any other device.



          If you have a router that doesn't let you turn off NAT gatewaying or IP forwarding/routing, you can just stop using its WAN port. Just plug one of its LAN ports into the other router's LAN port. If you have a router that doesn't let you turn off its DHCP service, try setting its DHCP IP address lease pool to zero (i.e. give it a zero-length range of IP addresses to serve out via DHCP).



          By the way, if you really do have a good reason to keep "Router B" as an IP-forwarding router instead of just a bridge, your problem is probably with the static route you put on Router A. You needed to point Router A that the upstream/WAN/.1.x subnet IP address of Router B. That's the only interface that Router A can "see" of Router B. But it looks from your Question like you tried to point Router A and the "downstream/LAN/0.x subnet IP address of Router B, which still doesn't tell Router A how to reach that subnet.






          share|improve this answer



















          • 1





            My ultimate goal is to limit access from .1.201 to .0.101 to certain computers only, via static route(s). I had already tried the static route configuration you suggest, and have now edited the question to reflect that.

            – flymike
            Jul 3 '13 at 5:30





















          0














          Its a bit complex to answer the question meaningfully without more information. (A diagram, OS's and more information about the setup of each client might be usefull, as would what happens on a traceroute in the reverse direction. Also copies of the routing tables on each router, and the IP addresses assigned to each interface on the routers are really required).



          From the limited information provided to me I suspect the gateway on router B might be wrong, or it is missing a static route.



          In general terms, and where I suspect your problem lies -



          The WAN interface on router B needs to be in the range of the LAN interface on A (eg 192.168.1.253), and needs to be static. Router A in term needs a route specified for 192.168.0.0/24 vi 192.168.1.253 (assuming 192.168.1.253 is the address of the LAN interface on A)



          Similarly, Router B needs a static route to router A (192.168.1.1) for 192.168.1.0/24.






          share|improve this answer
























          • I have shown the routing table of router B (Linksys). That router won't let me add more routes destined to 192.168.1.0 (complains invalid route). But (successful) traceroutes from 0.101 to 1.201 go through that router.

            – flymike
            Jul 3 '13 at 5:39











          • I dont see route table, only interface details. A route is generally invalid because it was entered wrongly (normally with a gateway which can't be reached). Again, difficult to advise the cause without the details I requested. I'm guessing that router A is performing NAT/translation as that would explain the 1-way connectivity working. To do things "properly" (and making assumptions about the networks external connectivity because of no diagram) you need to remove NAT and add static routes between the 192.168.0 and 192.168.1 gateway on the opposite routers.

            – davidgo
            Jul 3 '13 at 18:46











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f614789%2fwhy-cant-i-reach-subnet-0-from-subnet-1-with-this-static-route%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          2 Answers
          2






          active

          oldest

          votes








          2 Answers
          2






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          Do you have a specific reason why you want some devices to be on a different IP subnet than other devices? If not, then make "Router B" be just a bridge. Turn off its NAT, Router, Firewall, and DHCP server features. Let it get its own IP address via its built-in DHCP client just like any other device.



          If you have a router that doesn't let you turn off NAT gatewaying or IP forwarding/routing, you can just stop using its WAN port. Just plug one of its LAN ports into the other router's LAN port. If you have a router that doesn't let you turn off its DHCP service, try setting its DHCP IP address lease pool to zero (i.e. give it a zero-length range of IP addresses to serve out via DHCP).



          By the way, if you really do have a good reason to keep "Router B" as an IP-forwarding router instead of just a bridge, your problem is probably with the static route you put on Router A. You needed to point Router A that the upstream/WAN/.1.x subnet IP address of Router B. That's the only interface that Router A can "see" of Router B. But it looks from your Question like you tried to point Router A and the "downstream/LAN/0.x subnet IP address of Router B, which still doesn't tell Router A how to reach that subnet.






          share|improve this answer



















          • 1





            My ultimate goal is to limit access from .1.201 to .0.101 to certain computers only, via static route(s). I had already tried the static route configuration you suggest, and have now edited the question to reflect that.

            – flymike
            Jul 3 '13 at 5:30


















          0














          Do you have a specific reason why you want some devices to be on a different IP subnet than other devices? If not, then make "Router B" be just a bridge. Turn off its NAT, Router, Firewall, and DHCP server features. Let it get its own IP address via its built-in DHCP client just like any other device.



          If you have a router that doesn't let you turn off NAT gatewaying or IP forwarding/routing, you can just stop using its WAN port. Just plug one of its LAN ports into the other router's LAN port. If you have a router that doesn't let you turn off its DHCP service, try setting its DHCP IP address lease pool to zero (i.e. give it a zero-length range of IP addresses to serve out via DHCP).



          By the way, if you really do have a good reason to keep "Router B" as an IP-forwarding router instead of just a bridge, your problem is probably with the static route you put on Router A. You needed to point Router A that the upstream/WAN/.1.x subnet IP address of Router B. That's the only interface that Router A can "see" of Router B. But it looks from your Question like you tried to point Router A and the "downstream/LAN/0.x subnet IP address of Router B, which still doesn't tell Router A how to reach that subnet.






          share|improve this answer



















          • 1





            My ultimate goal is to limit access from .1.201 to .0.101 to certain computers only, via static route(s). I had already tried the static route configuration you suggest, and have now edited the question to reflect that.

            – flymike
            Jul 3 '13 at 5:30
















          0












          0








          0







          Do you have a specific reason why you want some devices to be on a different IP subnet than other devices? If not, then make "Router B" be just a bridge. Turn off its NAT, Router, Firewall, and DHCP server features. Let it get its own IP address via its built-in DHCP client just like any other device.



          If you have a router that doesn't let you turn off NAT gatewaying or IP forwarding/routing, you can just stop using its WAN port. Just plug one of its LAN ports into the other router's LAN port. If you have a router that doesn't let you turn off its DHCP service, try setting its DHCP IP address lease pool to zero (i.e. give it a zero-length range of IP addresses to serve out via DHCP).



          By the way, if you really do have a good reason to keep "Router B" as an IP-forwarding router instead of just a bridge, your problem is probably with the static route you put on Router A. You needed to point Router A that the upstream/WAN/.1.x subnet IP address of Router B. That's the only interface that Router A can "see" of Router B. But it looks from your Question like you tried to point Router A and the "downstream/LAN/0.x subnet IP address of Router B, which still doesn't tell Router A how to reach that subnet.






          share|improve this answer













          Do you have a specific reason why you want some devices to be on a different IP subnet than other devices? If not, then make "Router B" be just a bridge. Turn off its NAT, Router, Firewall, and DHCP server features. Let it get its own IP address via its built-in DHCP client just like any other device.



          If you have a router that doesn't let you turn off NAT gatewaying or IP forwarding/routing, you can just stop using its WAN port. Just plug one of its LAN ports into the other router's LAN port. If you have a router that doesn't let you turn off its DHCP service, try setting its DHCP IP address lease pool to zero (i.e. give it a zero-length range of IP addresses to serve out via DHCP).



          By the way, if you really do have a good reason to keep "Router B" as an IP-forwarding router instead of just a bridge, your problem is probably with the static route you put on Router A. You needed to point Router A that the upstream/WAN/.1.x subnet IP address of Router B. That's the only interface that Router A can "see" of Router B. But it looks from your Question like you tried to point Router A and the "downstream/LAN/0.x subnet IP address of Router B, which still doesn't tell Router A how to reach that subnet.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Jul 2 '13 at 20:43









          SpiffSpiff

          77.8k10118163




          77.8k10118163








          • 1





            My ultimate goal is to limit access from .1.201 to .0.101 to certain computers only, via static route(s). I had already tried the static route configuration you suggest, and have now edited the question to reflect that.

            – flymike
            Jul 3 '13 at 5:30
















          • 1





            My ultimate goal is to limit access from .1.201 to .0.101 to certain computers only, via static route(s). I had already tried the static route configuration you suggest, and have now edited the question to reflect that.

            – flymike
            Jul 3 '13 at 5:30










          1




          1





          My ultimate goal is to limit access from .1.201 to .0.101 to certain computers only, via static route(s). I had already tried the static route configuration you suggest, and have now edited the question to reflect that.

          – flymike
          Jul 3 '13 at 5:30







          My ultimate goal is to limit access from .1.201 to .0.101 to certain computers only, via static route(s). I had already tried the static route configuration you suggest, and have now edited the question to reflect that.

          – flymike
          Jul 3 '13 at 5:30















          0














          Its a bit complex to answer the question meaningfully without more information. (A diagram, OS's and more information about the setup of each client might be usefull, as would what happens on a traceroute in the reverse direction. Also copies of the routing tables on each router, and the IP addresses assigned to each interface on the routers are really required).



          From the limited information provided to me I suspect the gateway on router B might be wrong, or it is missing a static route.



          In general terms, and where I suspect your problem lies -



          The WAN interface on router B needs to be in the range of the LAN interface on A (eg 192.168.1.253), and needs to be static. Router A in term needs a route specified for 192.168.0.0/24 vi 192.168.1.253 (assuming 192.168.1.253 is the address of the LAN interface on A)



          Similarly, Router B needs a static route to router A (192.168.1.1) for 192.168.1.0/24.






          share|improve this answer
























          • I have shown the routing table of router B (Linksys). That router won't let me add more routes destined to 192.168.1.0 (complains invalid route). But (successful) traceroutes from 0.101 to 1.201 go through that router.

            – flymike
            Jul 3 '13 at 5:39











          • I dont see route table, only interface details. A route is generally invalid because it was entered wrongly (normally with a gateway which can't be reached). Again, difficult to advise the cause without the details I requested. I'm guessing that router A is performing NAT/translation as that would explain the 1-way connectivity working. To do things "properly" (and making assumptions about the networks external connectivity because of no diagram) you need to remove NAT and add static routes between the 192.168.0 and 192.168.1 gateway on the opposite routers.

            – davidgo
            Jul 3 '13 at 18:46
















          0














          Its a bit complex to answer the question meaningfully without more information. (A diagram, OS's and more information about the setup of each client might be usefull, as would what happens on a traceroute in the reverse direction. Also copies of the routing tables on each router, and the IP addresses assigned to each interface on the routers are really required).



          From the limited information provided to me I suspect the gateway on router B might be wrong, or it is missing a static route.



          In general terms, and where I suspect your problem lies -



          The WAN interface on router B needs to be in the range of the LAN interface on A (eg 192.168.1.253), and needs to be static. Router A in term needs a route specified for 192.168.0.0/24 vi 192.168.1.253 (assuming 192.168.1.253 is the address of the LAN interface on A)



          Similarly, Router B needs a static route to router A (192.168.1.1) for 192.168.1.0/24.






          share|improve this answer
























          • I have shown the routing table of router B (Linksys). That router won't let me add more routes destined to 192.168.1.0 (complains invalid route). But (successful) traceroutes from 0.101 to 1.201 go through that router.

            – flymike
            Jul 3 '13 at 5:39











          • I dont see route table, only interface details. A route is generally invalid because it was entered wrongly (normally with a gateway which can't be reached). Again, difficult to advise the cause without the details I requested. I'm guessing that router A is performing NAT/translation as that would explain the 1-way connectivity working. To do things "properly" (and making assumptions about the networks external connectivity because of no diagram) you need to remove NAT and add static routes between the 192.168.0 and 192.168.1 gateway on the opposite routers.

            – davidgo
            Jul 3 '13 at 18:46














          0












          0








          0







          Its a bit complex to answer the question meaningfully without more information. (A diagram, OS's and more information about the setup of each client might be usefull, as would what happens on a traceroute in the reverse direction. Also copies of the routing tables on each router, and the IP addresses assigned to each interface on the routers are really required).



          From the limited information provided to me I suspect the gateway on router B might be wrong, or it is missing a static route.



          In general terms, and where I suspect your problem lies -



          The WAN interface on router B needs to be in the range of the LAN interface on A (eg 192.168.1.253), and needs to be static. Router A in term needs a route specified for 192.168.0.0/24 vi 192.168.1.253 (assuming 192.168.1.253 is the address of the LAN interface on A)



          Similarly, Router B needs a static route to router A (192.168.1.1) for 192.168.1.0/24.






          share|improve this answer













          Its a bit complex to answer the question meaningfully without more information. (A diagram, OS's and more information about the setup of each client might be usefull, as would what happens on a traceroute in the reverse direction. Also copies of the routing tables on each router, and the IP addresses assigned to each interface on the routers are really required).



          From the limited information provided to me I suspect the gateway on router B might be wrong, or it is missing a static route.



          In general terms, and where I suspect your problem lies -



          The WAN interface on router B needs to be in the range of the LAN interface on A (eg 192.168.1.253), and needs to be static. Router A in term needs a route specified for 192.168.0.0/24 vi 192.168.1.253 (assuming 192.168.1.253 is the address of the LAN interface on A)



          Similarly, Router B needs a static route to router A (192.168.1.1) for 192.168.1.0/24.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Jul 2 '13 at 20:44









          davidgodavidgo

          44.3k75292




          44.3k75292













          • I have shown the routing table of router B (Linksys). That router won't let me add more routes destined to 192.168.1.0 (complains invalid route). But (successful) traceroutes from 0.101 to 1.201 go through that router.

            – flymike
            Jul 3 '13 at 5:39











          • I dont see route table, only interface details. A route is generally invalid because it was entered wrongly (normally with a gateway which can't be reached). Again, difficult to advise the cause without the details I requested. I'm guessing that router A is performing NAT/translation as that would explain the 1-way connectivity working. To do things "properly" (and making assumptions about the networks external connectivity because of no diagram) you need to remove NAT and add static routes between the 192.168.0 and 192.168.1 gateway on the opposite routers.

            – davidgo
            Jul 3 '13 at 18:46



















          • I have shown the routing table of router B (Linksys). That router won't let me add more routes destined to 192.168.1.0 (complains invalid route). But (successful) traceroutes from 0.101 to 1.201 go through that router.

            – flymike
            Jul 3 '13 at 5:39











          • I dont see route table, only interface details. A route is generally invalid because it was entered wrongly (normally with a gateway which can't be reached). Again, difficult to advise the cause without the details I requested. I'm guessing that router A is performing NAT/translation as that would explain the 1-way connectivity working. To do things "properly" (and making assumptions about the networks external connectivity because of no diagram) you need to remove NAT and add static routes between the 192.168.0 and 192.168.1 gateway on the opposite routers.

            – davidgo
            Jul 3 '13 at 18:46

















          I have shown the routing table of router B (Linksys). That router won't let me add more routes destined to 192.168.1.0 (complains invalid route). But (successful) traceroutes from 0.101 to 1.201 go through that router.

          – flymike
          Jul 3 '13 at 5:39





          I have shown the routing table of router B (Linksys). That router won't let me add more routes destined to 192.168.1.0 (complains invalid route). But (successful) traceroutes from 0.101 to 1.201 go through that router.

          – flymike
          Jul 3 '13 at 5:39













          I dont see route table, only interface details. A route is generally invalid because it was entered wrongly (normally with a gateway which can't be reached). Again, difficult to advise the cause without the details I requested. I'm guessing that router A is performing NAT/translation as that would explain the 1-way connectivity working. To do things "properly" (and making assumptions about the networks external connectivity because of no diagram) you need to remove NAT and add static routes between the 192.168.0 and 192.168.1 gateway on the opposite routers.

          – davidgo
          Jul 3 '13 at 18:46





          I dont see route table, only interface details. A route is generally invalid because it was entered wrongly (normally with a gateway which can't be reached). Again, difficult to advise the cause without the details I requested. I'm guessing that router A is performing NAT/translation as that would explain the 1-way connectivity working. To do things "properly" (and making assumptions about the networks external connectivity because of no diagram) you need to remove NAT and add static routes between the 192.168.0 and 192.168.1 gateway on the opposite routers.

          – davidgo
          Jul 3 '13 at 18:46


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Super User!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f614789%2fwhy-cant-i-reach-subnet-0-from-subnet-1-with-this-static-route%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          "Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

          Alcedinidae

          Origin of the phrase “under your belt”?