Why can't I reach subnet .0 from subnet .1 with this static route?
In the network shown below, the Netgear router has a LAN interface address of 192.168.1.1 and its DHCP assigns addresses starting at 1.201.
The Linksys router's LAN interface address is 192.168.0.1 and its DHCP assigns addresses starting at 0.101. Its WAN interface is attached to the Netgear router at a static address of 192.168.1.10.
The problem is that computers on the .1.201 subnet cannot reach computers on the .0.101 subnet, even after disabling NAT and SPI firewall on the Linksys router, and adding a static route at the Netgear router as follows:
Destination IP: 192.168.0.0
Mask: 255.255.255.0
Gateway IP: 192.168.1.10
A tracert gets as far as 192.168.1.10 (192.168.0.1) then dies.
I wondered if the problem might be the return trip, but the existing route table at the Linksys router shown below already has an entry for 192.168.1.0 as follows, and won't let me add another route (complains about invalid static route):
Destination IP: 192.168.1.0
Mask: 255.255.255.0
Gateway: 0.0.0.0
Interface: WAN
Computers on the .0.101 subnet can reach computers on the .1.201 subnet - it is the reverse which is the problem.
Incidentally, the Netgear router is connected to the internet via its WAN port, and all computers on both networks can reach the internet.
My ultimate goal is to limit access from .1.201 to .0.101 to certain computers only, via static route(s).
Network diagram at http://flymike.dreamhosters.com/Static%20Route%20Problem.jpg
networking routing
add a comment |
In the network shown below, the Netgear router has a LAN interface address of 192.168.1.1 and its DHCP assigns addresses starting at 1.201.
The Linksys router's LAN interface address is 192.168.0.1 and its DHCP assigns addresses starting at 0.101. Its WAN interface is attached to the Netgear router at a static address of 192.168.1.10.
The problem is that computers on the .1.201 subnet cannot reach computers on the .0.101 subnet, even after disabling NAT and SPI firewall on the Linksys router, and adding a static route at the Netgear router as follows:
Destination IP: 192.168.0.0
Mask: 255.255.255.0
Gateway IP: 192.168.1.10
A tracert gets as far as 192.168.1.10 (192.168.0.1) then dies.
I wondered if the problem might be the return trip, but the existing route table at the Linksys router shown below already has an entry for 192.168.1.0 as follows, and won't let me add another route (complains about invalid static route):
Destination IP: 192.168.1.0
Mask: 255.255.255.0
Gateway: 0.0.0.0
Interface: WAN
Computers on the .0.101 subnet can reach computers on the .1.201 subnet - it is the reverse which is the problem.
Incidentally, the Netgear router is connected to the internet via its WAN port, and all computers on both networks can reach the internet.
My ultimate goal is to limit access from .1.201 to .0.101 to certain computers only, via static route(s).
Network diagram at http://flymike.dreamhosters.com/Static%20Route%20Problem.jpg
networking routing
add a comment |
In the network shown below, the Netgear router has a LAN interface address of 192.168.1.1 and its DHCP assigns addresses starting at 1.201.
The Linksys router's LAN interface address is 192.168.0.1 and its DHCP assigns addresses starting at 0.101. Its WAN interface is attached to the Netgear router at a static address of 192.168.1.10.
The problem is that computers on the .1.201 subnet cannot reach computers on the .0.101 subnet, even after disabling NAT and SPI firewall on the Linksys router, and adding a static route at the Netgear router as follows:
Destination IP: 192.168.0.0
Mask: 255.255.255.0
Gateway IP: 192.168.1.10
A tracert gets as far as 192.168.1.10 (192.168.0.1) then dies.
I wondered if the problem might be the return trip, but the existing route table at the Linksys router shown below already has an entry for 192.168.1.0 as follows, and won't let me add another route (complains about invalid static route):
Destination IP: 192.168.1.0
Mask: 255.255.255.0
Gateway: 0.0.0.0
Interface: WAN
Computers on the .0.101 subnet can reach computers on the .1.201 subnet - it is the reverse which is the problem.
Incidentally, the Netgear router is connected to the internet via its WAN port, and all computers on both networks can reach the internet.
My ultimate goal is to limit access from .1.201 to .0.101 to certain computers only, via static route(s).
Network diagram at http://flymike.dreamhosters.com/Static%20Route%20Problem.jpg
networking routing
In the network shown below, the Netgear router has a LAN interface address of 192.168.1.1 and its DHCP assigns addresses starting at 1.201.
The Linksys router's LAN interface address is 192.168.0.1 and its DHCP assigns addresses starting at 0.101. Its WAN interface is attached to the Netgear router at a static address of 192.168.1.10.
The problem is that computers on the .1.201 subnet cannot reach computers on the .0.101 subnet, even after disabling NAT and SPI firewall on the Linksys router, and adding a static route at the Netgear router as follows:
Destination IP: 192.168.0.0
Mask: 255.255.255.0
Gateway IP: 192.168.1.10
A tracert gets as far as 192.168.1.10 (192.168.0.1) then dies.
I wondered if the problem might be the return trip, but the existing route table at the Linksys router shown below already has an entry for 192.168.1.0 as follows, and won't let me add another route (complains about invalid static route):
Destination IP: 192.168.1.0
Mask: 255.255.255.0
Gateway: 0.0.0.0
Interface: WAN
Computers on the .0.101 subnet can reach computers on the .1.201 subnet - it is the reverse which is the problem.
Incidentally, the Netgear router is connected to the internet via its WAN port, and all computers on both networks can reach the internet.
My ultimate goal is to limit access from .1.201 to .0.101 to certain computers only, via static route(s).
Network diagram at http://flymike.dreamhosters.com/Static%20Route%20Problem.jpg
networking routing
networking routing
edited Jul 3 '13 at 5:28
flymike
asked Jul 2 '13 at 20:29
flymikeflymike
11614
11614
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
Do you have a specific reason why you want some devices to be on a different IP subnet than other devices? If not, then make "Router B" be just a bridge. Turn off its NAT, Router, Firewall, and DHCP server features. Let it get its own IP address via its built-in DHCP client just like any other device.
If you have a router that doesn't let you turn off NAT gatewaying or IP forwarding/routing, you can just stop using its WAN port. Just plug one of its LAN ports into the other router's LAN port. If you have a router that doesn't let you turn off its DHCP service, try setting its DHCP IP address lease pool to zero (i.e. give it a zero-length range of IP addresses to serve out via DHCP).
By the way, if you really do have a good reason to keep "Router B" as an IP-forwarding router instead of just a bridge, your problem is probably with the static route you put on Router A. You needed to point Router A that the upstream/WAN/.1.x subnet IP address of Router B. That's the only interface that Router A can "see" of Router B. But it looks from your Question like you tried to point Router A and the "downstream/LAN/0.x subnet IP address of Router B, which still doesn't tell Router A how to reach that subnet.
1
My ultimate goal is to limit access from .1.201 to .0.101 to certain computers only, via static route(s). I had already tried the static route configuration you suggest, and have now edited the question to reflect that.
– flymike
Jul 3 '13 at 5:30
add a comment |
Its a bit complex to answer the question meaningfully without more information. (A diagram, OS's and more information about the setup of each client might be usefull, as would what happens on a traceroute in the reverse direction. Also copies of the routing tables on each router, and the IP addresses assigned to each interface on the routers are really required).
From the limited information provided to me I suspect the gateway on router B might be wrong, or it is missing a static route.
In general terms, and where I suspect your problem lies -
The WAN interface on router B needs to be in the range of the LAN interface on A (eg 192.168.1.253), and needs to be static. Router A in term needs a route specified for 192.168.0.0/24 vi 192.168.1.253 (assuming 192.168.1.253 is the address of the LAN interface on A)
Similarly, Router B needs a static route to router A (192.168.1.1) for 192.168.1.0/24.
I have shown the routing table of router B (Linksys). That router won't let me add more routes destined to 192.168.1.0 (complains invalid route). But (successful) traceroutes from 0.101 to 1.201 go through that router.
– flymike
Jul 3 '13 at 5:39
I dont see route table, only interface details. A route is generally invalid because it was entered wrongly (normally with a gateway which can't be reached). Again, difficult to advise the cause without the details I requested. I'm guessing that router A is performing NAT/translation as that would explain the 1-way connectivity working. To do things "properly" (and making assumptions about the networks external connectivity because of no diagram) you need to remove NAT and add static routes between the 192.168.0 and 192.168.1 gateway on the opposite routers.
– davidgo
Jul 3 '13 at 18:46
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f614789%2fwhy-cant-i-reach-subnet-0-from-subnet-1-with-this-static-route%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Do you have a specific reason why you want some devices to be on a different IP subnet than other devices? If not, then make "Router B" be just a bridge. Turn off its NAT, Router, Firewall, and DHCP server features. Let it get its own IP address via its built-in DHCP client just like any other device.
If you have a router that doesn't let you turn off NAT gatewaying or IP forwarding/routing, you can just stop using its WAN port. Just plug one of its LAN ports into the other router's LAN port. If you have a router that doesn't let you turn off its DHCP service, try setting its DHCP IP address lease pool to zero (i.e. give it a zero-length range of IP addresses to serve out via DHCP).
By the way, if you really do have a good reason to keep "Router B" as an IP-forwarding router instead of just a bridge, your problem is probably with the static route you put on Router A. You needed to point Router A that the upstream/WAN/.1.x subnet IP address of Router B. That's the only interface that Router A can "see" of Router B. But it looks from your Question like you tried to point Router A and the "downstream/LAN/0.x subnet IP address of Router B, which still doesn't tell Router A how to reach that subnet.
1
My ultimate goal is to limit access from .1.201 to .0.101 to certain computers only, via static route(s). I had already tried the static route configuration you suggest, and have now edited the question to reflect that.
– flymike
Jul 3 '13 at 5:30
add a comment |
Do you have a specific reason why you want some devices to be on a different IP subnet than other devices? If not, then make "Router B" be just a bridge. Turn off its NAT, Router, Firewall, and DHCP server features. Let it get its own IP address via its built-in DHCP client just like any other device.
If you have a router that doesn't let you turn off NAT gatewaying or IP forwarding/routing, you can just stop using its WAN port. Just plug one of its LAN ports into the other router's LAN port. If you have a router that doesn't let you turn off its DHCP service, try setting its DHCP IP address lease pool to zero (i.e. give it a zero-length range of IP addresses to serve out via DHCP).
By the way, if you really do have a good reason to keep "Router B" as an IP-forwarding router instead of just a bridge, your problem is probably with the static route you put on Router A. You needed to point Router A that the upstream/WAN/.1.x subnet IP address of Router B. That's the only interface that Router A can "see" of Router B. But it looks from your Question like you tried to point Router A and the "downstream/LAN/0.x subnet IP address of Router B, which still doesn't tell Router A how to reach that subnet.
1
My ultimate goal is to limit access from .1.201 to .0.101 to certain computers only, via static route(s). I had already tried the static route configuration you suggest, and have now edited the question to reflect that.
– flymike
Jul 3 '13 at 5:30
add a comment |
Do you have a specific reason why you want some devices to be on a different IP subnet than other devices? If not, then make "Router B" be just a bridge. Turn off its NAT, Router, Firewall, and DHCP server features. Let it get its own IP address via its built-in DHCP client just like any other device.
If you have a router that doesn't let you turn off NAT gatewaying or IP forwarding/routing, you can just stop using its WAN port. Just plug one of its LAN ports into the other router's LAN port. If you have a router that doesn't let you turn off its DHCP service, try setting its DHCP IP address lease pool to zero (i.e. give it a zero-length range of IP addresses to serve out via DHCP).
By the way, if you really do have a good reason to keep "Router B" as an IP-forwarding router instead of just a bridge, your problem is probably with the static route you put on Router A. You needed to point Router A that the upstream/WAN/.1.x subnet IP address of Router B. That's the only interface that Router A can "see" of Router B. But it looks from your Question like you tried to point Router A and the "downstream/LAN/0.x subnet IP address of Router B, which still doesn't tell Router A how to reach that subnet.
Do you have a specific reason why you want some devices to be on a different IP subnet than other devices? If not, then make "Router B" be just a bridge. Turn off its NAT, Router, Firewall, and DHCP server features. Let it get its own IP address via its built-in DHCP client just like any other device.
If you have a router that doesn't let you turn off NAT gatewaying or IP forwarding/routing, you can just stop using its WAN port. Just plug one of its LAN ports into the other router's LAN port. If you have a router that doesn't let you turn off its DHCP service, try setting its DHCP IP address lease pool to zero (i.e. give it a zero-length range of IP addresses to serve out via DHCP).
By the way, if you really do have a good reason to keep "Router B" as an IP-forwarding router instead of just a bridge, your problem is probably with the static route you put on Router A. You needed to point Router A that the upstream/WAN/.1.x subnet IP address of Router B. That's the only interface that Router A can "see" of Router B. But it looks from your Question like you tried to point Router A and the "downstream/LAN/0.x subnet IP address of Router B, which still doesn't tell Router A how to reach that subnet.
answered Jul 2 '13 at 20:43
SpiffSpiff
77.8k10118163
77.8k10118163
1
My ultimate goal is to limit access from .1.201 to .0.101 to certain computers only, via static route(s). I had already tried the static route configuration you suggest, and have now edited the question to reflect that.
– flymike
Jul 3 '13 at 5:30
add a comment |
1
My ultimate goal is to limit access from .1.201 to .0.101 to certain computers only, via static route(s). I had already tried the static route configuration you suggest, and have now edited the question to reflect that.
– flymike
Jul 3 '13 at 5:30
1
1
My ultimate goal is to limit access from .1.201 to .0.101 to certain computers only, via static route(s). I had already tried the static route configuration you suggest, and have now edited the question to reflect that.
– flymike
Jul 3 '13 at 5:30
My ultimate goal is to limit access from .1.201 to .0.101 to certain computers only, via static route(s). I had already tried the static route configuration you suggest, and have now edited the question to reflect that.
– flymike
Jul 3 '13 at 5:30
add a comment |
Its a bit complex to answer the question meaningfully without more information. (A diagram, OS's and more information about the setup of each client might be usefull, as would what happens on a traceroute in the reverse direction. Also copies of the routing tables on each router, and the IP addresses assigned to each interface on the routers are really required).
From the limited information provided to me I suspect the gateway on router B might be wrong, or it is missing a static route.
In general terms, and where I suspect your problem lies -
The WAN interface on router B needs to be in the range of the LAN interface on A (eg 192.168.1.253), and needs to be static. Router A in term needs a route specified for 192.168.0.0/24 vi 192.168.1.253 (assuming 192.168.1.253 is the address of the LAN interface on A)
Similarly, Router B needs a static route to router A (192.168.1.1) for 192.168.1.0/24.
I have shown the routing table of router B (Linksys). That router won't let me add more routes destined to 192.168.1.0 (complains invalid route). But (successful) traceroutes from 0.101 to 1.201 go through that router.
– flymike
Jul 3 '13 at 5:39
I dont see route table, only interface details. A route is generally invalid because it was entered wrongly (normally with a gateway which can't be reached). Again, difficult to advise the cause without the details I requested. I'm guessing that router A is performing NAT/translation as that would explain the 1-way connectivity working. To do things "properly" (and making assumptions about the networks external connectivity because of no diagram) you need to remove NAT and add static routes between the 192.168.0 and 192.168.1 gateway on the opposite routers.
– davidgo
Jul 3 '13 at 18:46
add a comment |
Its a bit complex to answer the question meaningfully without more information. (A diagram, OS's and more information about the setup of each client might be usefull, as would what happens on a traceroute in the reverse direction. Also copies of the routing tables on each router, and the IP addresses assigned to each interface on the routers are really required).
From the limited information provided to me I suspect the gateway on router B might be wrong, or it is missing a static route.
In general terms, and where I suspect your problem lies -
The WAN interface on router B needs to be in the range of the LAN interface on A (eg 192.168.1.253), and needs to be static. Router A in term needs a route specified for 192.168.0.0/24 vi 192.168.1.253 (assuming 192.168.1.253 is the address of the LAN interface on A)
Similarly, Router B needs a static route to router A (192.168.1.1) for 192.168.1.0/24.
I have shown the routing table of router B (Linksys). That router won't let me add more routes destined to 192.168.1.0 (complains invalid route). But (successful) traceroutes from 0.101 to 1.201 go through that router.
– flymike
Jul 3 '13 at 5:39
I dont see route table, only interface details. A route is generally invalid because it was entered wrongly (normally with a gateway which can't be reached). Again, difficult to advise the cause without the details I requested. I'm guessing that router A is performing NAT/translation as that would explain the 1-way connectivity working. To do things "properly" (and making assumptions about the networks external connectivity because of no diagram) you need to remove NAT and add static routes between the 192.168.0 and 192.168.1 gateway on the opposite routers.
– davidgo
Jul 3 '13 at 18:46
add a comment |
Its a bit complex to answer the question meaningfully without more information. (A diagram, OS's and more information about the setup of each client might be usefull, as would what happens on a traceroute in the reverse direction. Also copies of the routing tables on each router, and the IP addresses assigned to each interface on the routers are really required).
From the limited information provided to me I suspect the gateway on router B might be wrong, or it is missing a static route.
In general terms, and where I suspect your problem lies -
The WAN interface on router B needs to be in the range of the LAN interface on A (eg 192.168.1.253), and needs to be static. Router A in term needs a route specified for 192.168.0.0/24 vi 192.168.1.253 (assuming 192.168.1.253 is the address of the LAN interface on A)
Similarly, Router B needs a static route to router A (192.168.1.1) for 192.168.1.0/24.
Its a bit complex to answer the question meaningfully without more information. (A diagram, OS's and more information about the setup of each client might be usefull, as would what happens on a traceroute in the reverse direction. Also copies of the routing tables on each router, and the IP addresses assigned to each interface on the routers are really required).
From the limited information provided to me I suspect the gateway on router B might be wrong, or it is missing a static route.
In general terms, and where I suspect your problem lies -
The WAN interface on router B needs to be in the range of the LAN interface on A (eg 192.168.1.253), and needs to be static. Router A in term needs a route specified for 192.168.0.0/24 vi 192.168.1.253 (assuming 192.168.1.253 is the address of the LAN interface on A)
Similarly, Router B needs a static route to router A (192.168.1.1) for 192.168.1.0/24.
answered Jul 2 '13 at 20:44
davidgodavidgo
44.3k75292
44.3k75292
I have shown the routing table of router B (Linksys). That router won't let me add more routes destined to 192.168.1.0 (complains invalid route). But (successful) traceroutes from 0.101 to 1.201 go through that router.
– flymike
Jul 3 '13 at 5:39
I dont see route table, only interface details. A route is generally invalid because it was entered wrongly (normally with a gateway which can't be reached). Again, difficult to advise the cause without the details I requested. I'm guessing that router A is performing NAT/translation as that would explain the 1-way connectivity working. To do things "properly" (and making assumptions about the networks external connectivity because of no diagram) you need to remove NAT and add static routes between the 192.168.0 and 192.168.1 gateway on the opposite routers.
– davidgo
Jul 3 '13 at 18:46
add a comment |
I have shown the routing table of router B (Linksys). That router won't let me add more routes destined to 192.168.1.0 (complains invalid route). But (successful) traceroutes from 0.101 to 1.201 go through that router.
– flymike
Jul 3 '13 at 5:39
I dont see route table, only interface details. A route is generally invalid because it was entered wrongly (normally with a gateway which can't be reached). Again, difficult to advise the cause without the details I requested. I'm guessing that router A is performing NAT/translation as that would explain the 1-way connectivity working. To do things "properly" (and making assumptions about the networks external connectivity because of no diagram) you need to remove NAT and add static routes between the 192.168.0 and 192.168.1 gateway on the opposite routers.
– davidgo
Jul 3 '13 at 18:46
I have shown the routing table of router B (Linksys). That router won't let me add more routes destined to 192.168.1.0 (complains invalid route). But (successful) traceroutes from 0.101 to 1.201 go through that router.
– flymike
Jul 3 '13 at 5:39
I have shown the routing table of router B (Linksys). That router won't let me add more routes destined to 192.168.1.0 (complains invalid route). But (successful) traceroutes from 0.101 to 1.201 go through that router.
– flymike
Jul 3 '13 at 5:39
I dont see route table, only interface details. A route is generally invalid because it was entered wrongly (normally with a gateway which can't be reached). Again, difficult to advise the cause without the details I requested. I'm guessing that router A is performing NAT/translation as that would explain the 1-way connectivity working. To do things "properly" (and making assumptions about the networks external connectivity because of no diagram) you need to remove NAT and add static routes between the 192.168.0 and 192.168.1 gateway on the opposite routers.
– davidgo
Jul 3 '13 at 18:46
I dont see route table, only interface details. A route is generally invalid because it was entered wrongly (normally with a gateway which can't be reached). Again, difficult to advise the cause without the details I requested. I'm guessing that router A is performing NAT/translation as that would explain the 1-way connectivity working. To do things "properly" (and making assumptions about the networks external connectivity because of no diagram) you need to remove NAT and add static routes between the 192.168.0 and 192.168.1 gateway on the opposite routers.
– davidgo
Jul 3 '13 at 18:46
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f614789%2fwhy-cant-i-reach-subnet-0-from-subnet-1-with-this-static-route%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown