Set up routing to forward requests to a subnet to a certain router












1















Here is how my home network is set up:



enter image description here



There is an ISP-provided gateway which does DHCP for 192.168.29.0/24. I connected two routers to this gateway as clients, (R1 and R2, with respective IPs 192.168.29.2, 192.168.29.3).



The routers do DHCP under 192.168.0.0/24 and 192.168.1.0/24.



As a client on, say, R2, (192.168.1.3), I would like to reach a client on R1 (the printer, 192.168.0.2). I set up a static route in R2 to let it forward 192.168.0.x requests to 192.168.29.2, which is R1:



enter image description here



However, it appears that R1 doesn't accept the request. I'm guessing it looks like a request from WAN to R1, (which it sort of is), and I have no idea what setting to even look for to let it accept this. And, accept what? What would I be trying to accept -- "packets from outside to inside"? I'm not sure how to even describe this.



Running a traceroute to a R1 client shows that it's hitting R1. Nothing happens then, it's a time-out.



joseph@MBA : ~
[130] % traceroute 192.168.0.5
traceroute to 192.168.0.5 (192.168.0.5), 64 hops max, 52 byte packets
1 r2 (192.168.1.1) 4.888 ms 4.537 ms 3.970 ms
2 192.168.29.2 (192.168.29.2) 5.185 ms 5.291 ms 7.068 ms


Where do I go from here?










share|improve this question













migrated from serverfault.com Dec 23 '18 at 18:39


This question came from our site for system and network administrators.




















    1















    Here is how my home network is set up:



    enter image description here



    There is an ISP-provided gateway which does DHCP for 192.168.29.0/24. I connected two routers to this gateway as clients, (R1 and R2, with respective IPs 192.168.29.2, 192.168.29.3).



    The routers do DHCP under 192.168.0.0/24 and 192.168.1.0/24.



    As a client on, say, R2, (192.168.1.3), I would like to reach a client on R1 (the printer, 192.168.0.2). I set up a static route in R2 to let it forward 192.168.0.x requests to 192.168.29.2, which is R1:



    enter image description here



    However, it appears that R1 doesn't accept the request. I'm guessing it looks like a request from WAN to R1, (which it sort of is), and I have no idea what setting to even look for to let it accept this. And, accept what? What would I be trying to accept -- "packets from outside to inside"? I'm not sure how to even describe this.



    Running a traceroute to a R1 client shows that it's hitting R1. Nothing happens then, it's a time-out.



    joseph@MBA : ~
    [130] % traceroute 192.168.0.5
    traceroute to 192.168.0.5 (192.168.0.5), 64 hops max, 52 byte packets
    1 r2 (192.168.1.1) 4.888 ms 4.537 ms 3.970 ms
    2 192.168.29.2 (192.168.29.2) 5.185 ms 5.291 ms 7.068 ms


    Where do I go from here?










    share|improve this question













    migrated from serverfault.com Dec 23 '18 at 18:39


    This question came from our site for system and network administrators.


















      1












      1








      1








      Here is how my home network is set up:



      enter image description here



      There is an ISP-provided gateway which does DHCP for 192.168.29.0/24. I connected two routers to this gateway as clients, (R1 and R2, with respective IPs 192.168.29.2, 192.168.29.3).



      The routers do DHCP under 192.168.0.0/24 and 192.168.1.0/24.



      As a client on, say, R2, (192.168.1.3), I would like to reach a client on R1 (the printer, 192.168.0.2). I set up a static route in R2 to let it forward 192.168.0.x requests to 192.168.29.2, which is R1:



      enter image description here



      However, it appears that R1 doesn't accept the request. I'm guessing it looks like a request from WAN to R1, (which it sort of is), and I have no idea what setting to even look for to let it accept this. And, accept what? What would I be trying to accept -- "packets from outside to inside"? I'm not sure how to even describe this.



      Running a traceroute to a R1 client shows that it's hitting R1. Nothing happens then, it's a time-out.



      joseph@MBA : ~
      [130] % traceroute 192.168.0.5
      traceroute to 192.168.0.5 (192.168.0.5), 64 hops max, 52 byte packets
      1 r2 (192.168.1.1) 4.888 ms 4.537 ms 3.970 ms
      2 192.168.29.2 (192.168.29.2) 5.185 ms 5.291 ms 7.068 ms


      Where do I go from here?










      share|improve this question














      Here is how my home network is set up:



      enter image description here



      There is an ISP-provided gateway which does DHCP for 192.168.29.0/24. I connected two routers to this gateway as clients, (R1 and R2, with respective IPs 192.168.29.2, 192.168.29.3).



      The routers do DHCP under 192.168.0.0/24 and 192.168.1.0/24.



      As a client on, say, R2, (192.168.1.3), I would like to reach a client on R1 (the printer, 192.168.0.2). I set up a static route in R2 to let it forward 192.168.0.x requests to 192.168.29.2, which is R1:



      enter image description here



      However, it appears that R1 doesn't accept the request. I'm guessing it looks like a request from WAN to R1, (which it sort of is), and I have no idea what setting to even look for to let it accept this. And, accept what? What would I be trying to accept -- "packets from outside to inside"? I'm not sure how to even describe this.



      Running a traceroute to a R1 client shows that it's hitting R1. Nothing happens then, it's a time-out.



      joseph@MBA : ~
      [130] % traceroute 192.168.0.5
      traceroute to 192.168.0.5 (192.168.0.5), 64 hops max, 52 byte packets
      1 r2 (192.168.1.1) 4.888 ms 4.537 ms 3.970 ms
      2 192.168.29.2 (192.168.29.2) 5.185 ms 5.291 ms 7.068 ms


      Where do I go from here?







      networking routing






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Dec 23 '18 at 10:11









      Joseph A.Joseph A.

      9541819




      9541819




      migrated from serverfault.com Dec 23 '18 at 18:39


      This question came from our site for system and network administrators.






      migrated from serverfault.com Dec 23 '18 at 18:39


      This question came from our site for system and network administrators.
























          2 Answers
          2






          active

          oldest

          votes


















          2














          The easiest option for you would be to have all your devices in 192.168.29.0/24 subnet. Don't use the WAN port on either R1 or R2, and connect all cables to the LAN ports.



          You need to also disable DHCP server on R1 and R2 so that only the GW will provision IP addresses via DHCP.



          This way you don't need to consider routing at all.





          Original answer:



          I assume that you don't have NAT enabled in R1 or R2, which must be the case.



          In order for routing to work between two clients in different networks, both ends must have proper routing table entries set:



          R2 must have the entry:



          Route network 192.168.0.0/24 via 192.168.29.2



          R1 must have the entry



          Route network 192.168.1.0/24 via 192.168.29.3



          You need to have these entries both ways, because IP packets are forwarded in a stateless fashion- Each router looks only at the IP packet destination address and consults the routing entry for that address.



          So, if the other router does not have to proper entries, it will forward the reply packets to wrong router, in this case the GW, which is the default route assigned in the router.






          share|improve this answer


























          • Thanks for your reply. R2 has NAT enabled, actually, and R1's is enabled as well (I see no option to disable it there at all, while disabling it on R2 disabled the internet connection). How do I work with this?

            – Joseph A.
            Dec 23 '18 at 12:37











          • Actually you also need to set up routes from GW to both 192.168.0.0/24 and 192.168.1.0/24 via their respective routers. If you cannot disable NAT, then you need to use port forwarding on the routers, and then it gets real complicated.

            – Tero Kilkanen
            Dec 23 '18 at 17:28











          • I added a more simple way to work aroung the issue.

            – Tero Kilkanen
            Dec 23 '18 at 17:31











          • Update: now changed DHCP on both R1 and R2 to hand out IPs in the 192.168.29.0/24 range, switched cables from WAN to LAN ports. One router is complaining about its LAN IP being "on the same subnet as its WAN IP" -- which is strange since it doesn't even have a WAN IP anymore -- the WAN cable is unplugged. Anyhow, this was sound advice, and I worked around it by setting the "WAN IP" to a nonsensical address outside the 192.168.29.0/24 range.

            – Joseph A.
            Dec 25 '18 at 6:48











          • I had to create a custom routing entry on the problematic router to something like forward 1.0.0.0 subnet 255.0.0.0 to 192.168.29.1, since it was trying to forward it to the nonsensical WAN IP (it refuses to forward internet traffic to the LAN gw). This feels like a hack -- I could not input 0.0.0.0 so I inputted 1.0.0.0. Will this have an effect on Internet access? Sort of feels like it will. The router in question is a TP-Link Archer C20V1.

            – Joseph A.
            Dec 25 '18 at 6:49





















          1














          You didn't mention the brand and model of the routers so the answer can be just in general...



          As you have mentioned in the comment for previous port and didn't mentioned in the original request there is NAT in place what is quite important part of the issue...



          R1



          route 192.169.1.0/24 via 192.168.29.3


          R2



          route 192.168.0.0/24 via 192.168.29.2


          NAT



          In general all the "cross network" traffic will come to the same interface as other (let say internet) traffic so for your last part of the question it will come to the "next" router into outside interface. Physically it will use the Switch device stated on the schema in original post - request. The most probably you will have to allow this traffic to not be blocked.



          The firewall/NAT will have to be changed to reflect your expectation...




          • you can keep NAT for outgoing traffic without change so all traffic going from 192.169.1.0/24 will be sNATed to 192.168.29.3 (including traffic for destination in 192.168.0.0/24). You will not be able to differentiate between the source devices behind the R2. For allowing incoming traffic you would need to allow source IP 192.168.29.3 @R1.


          • you can exclude the traffic with destination 192.168.0.0/24 to be sNATed on R2 so on R1 (and on the devices on 192.168.0.0/24) you will see original source IP for the traffic. For allowing incoming traffic you would need to allow source IP 192.168.1.0/24 @R1 and in case you would like to allow traffic originated on R2 you would allow also source IP 192.168.29.3 @R1.


          • other option may be creating tunnel (e.g. ipsec) between R1 and R2 and in that case you can bypass this NAT / firewall "issue" using routing using virtual interface or by using crypto maps (in case of ipsec). In case of this option you can even static routes handle via crypto maps. But here it would be more brand specific to point out "correct" key words to search for more information or providing specific hints.







          share|improve this answer























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "3"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1387185%2fset-up-routing-to-forward-requests-to-a-subnet-to-a-certain-router%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            2














            The easiest option for you would be to have all your devices in 192.168.29.0/24 subnet. Don't use the WAN port on either R1 or R2, and connect all cables to the LAN ports.



            You need to also disable DHCP server on R1 and R2 so that only the GW will provision IP addresses via DHCP.



            This way you don't need to consider routing at all.





            Original answer:



            I assume that you don't have NAT enabled in R1 or R2, which must be the case.



            In order for routing to work between two clients in different networks, both ends must have proper routing table entries set:



            R2 must have the entry:



            Route network 192.168.0.0/24 via 192.168.29.2



            R1 must have the entry



            Route network 192.168.1.0/24 via 192.168.29.3



            You need to have these entries both ways, because IP packets are forwarded in a stateless fashion- Each router looks only at the IP packet destination address and consults the routing entry for that address.



            So, if the other router does not have to proper entries, it will forward the reply packets to wrong router, in this case the GW, which is the default route assigned in the router.






            share|improve this answer


























            • Thanks for your reply. R2 has NAT enabled, actually, and R1's is enabled as well (I see no option to disable it there at all, while disabling it on R2 disabled the internet connection). How do I work with this?

              – Joseph A.
              Dec 23 '18 at 12:37











            • Actually you also need to set up routes from GW to both 192.168.0.0/24 and 192.168.1.0/24 via their respective routers. If you cannot disable NAT, then you need to use port forwarding on the routers, and then it gets real complicated.

              – Tero Kilkanen
              Dec 23 '18 at 17:28











            • I added a more simple way to work aroung the issue.

              – Tero Kilkanen
              Dec 23 '18 at 17:31











            • Update: now changed DHCP on both R1 and R2 to hand out IPs in the 192.168.29.0/24 range, switched cables from WAN to LAN ports. One router is complaining about its LAN IP being "on the same subnet as its WAN IP" -- which is strange since it doesn't even have a WAN IP anymore -- the WAN cable is unplugged. Anyhow, this was sound advice, and I worked around it by setting the "WAN IP" to a nonsensical address outside the 192.168.29.0/24 range.

              – Joseph A.
              Dec 25 '18 at 6:48











            • I had to create a custom routing entry on the problematic router to something like forward 1.0.0.0 subnet 255.0.0.0 to 192.168.29.1, since it was trying to forward it to the nonsensical WAN IP (it refuses to forward internet traffic to the LAN gw). This feels like a hack -- I could not input 0.0.0.0 so I inputted 1.0.0.0. Will this have an effect on Internet access? Sort of feels like it will. The router in question is a TP-Link Archer C20V1.

              – Joseph A.
              Dec 25 '18 at 6:49


















            2














            The easiest option for you would be to have all your devices in 192.168.29.0/24 subnet. Don't use the WAN port on either R1 or R2, and connect all cables to the LAN ports.



            You need to also disable DHCP server on R1 and R2 so that only the GW will provision IP addresses via DHCP.



            This way you don't need to consider routing at all.





            Original answer:



            I assume that you don't have NAT enabled in R1 or R2, which must be the case.



            In order for routing to work between two clients in different networks, both ends must have proper routing table entries set:



            R2 must have the entry:



            Route network 192.168.0.0/24 via 192.168.29.2



            R1 must have the entry



            Route network 192.168.1.0/24 via 192.168.29.3



            You need to have these entries both ways, because IP packets are forwarded in a stateless fashion- Each router looks only at the IP packet destination address and consults the routing entry for that address.



            So, if the other router does not have to proper entries, it will forward the reply packets to wrong router, in this case the GW, which is the default route assigned in the router.






            share|improve this answer


























            • Thanks for your reply. R2 has NAT enabled, actually, and R1's is enabled as well (I see no option to disable it there at all, while disabling it on R2 disabled the internet connection). How do I work with this?

              – Joseph A.
              Dec 23 '18 at 12:37











            • Actually you also need to set up routes from GW to both 192.168.0.0/24 and 192.168.1.0/24 via their respective routers. If you cannot disable NAT, then you need to use port forwarding on the routers, and then it gets real complicated.

              – Tero Kilkanen
              Dec 23 '18 at 17:28











            • I added a more simple way to work aroung the issue.

              – Tero Kilkanen
              Dec 23 '18 at 17:31











            • Update: now changed DHCP on both R1 and R2 to hand out IPs in the 192.168.29.0/24 range, switched cables from WAN to LAN ports. One router is complaining about its LAN IP being "on the same subnet as its WAN IP" -- which is strange since it doesn't even have a WAN IP anymore -- the WAN cable is unplugged. Anyhow, this was sound advice, and I worked around it by setting the "WAN IP" to a nonsensical address outside the 192.168.29.0/24 range.

              – Joseph A.
              Dec 25 '18 at 6:48











            • I had to create a custom routing entry on the problematic router to something like forward 1.0.0.0 subnet 255.0.0.0 to 192.168.29.1, since it was trying to forward it to the nonsensical WAN IP (it refuses to forward internet traffic to the LAN gw). This feels like a hack -- I could not input 0.0.0.0 so I inputted 1.0.0.0. Will this have an effect on Internet access? Sort of feels like it will. The router in question is a TP-Link Archer C20V1.

              – Joseph A.
              Dec 25 '18 at 6:49
















            2












            2








            2







            The easiest option for you would be to have all your devices in 192.168.29.0/24 subnet. Don't use the WAN port on either R1 or R2, and connect all cables to the LAN ports.



            You need to also disable DHCP server on R1 and R2 so that only the GW will provision IP addresses via DHCP.



            This way you don't need to consider routing at all.





            Original answer:



            I assume that you don't have NAT enabled in R1 or R2, which must be the case.



            In order for routing to work between two clients in different networks, both ends must have proper routing table entries set:



            R2 must have the entry:



            Route network 192.168.0.0/24 via 192.168.29.2



            R1 must have the entry



            Route network 192.168.1.0/24 via 192.168.29.3



            You need to have these entries both ways, because IP packets are forwarded in a stateless fashion- Each router looks only at the IP packet destination address and consults the routing entry for that address.



            So, if the other router does not have to proper entries, it will forward the reply packets to wrong router, in this case the GW, which is the default route assigned in the router.






            share|improve this answer















            The easiest option for you would be to have all your devices in 192.168.29.0/24 subnet. Don't use the WAN port on either R1 or R2, and connect all cables to the LAN ports.



            You need to also disable DHCP server on R1 and R2 so that only the GW will provision IP addresses via DHCP.



            This way you don't need to consider routing at all.





            Original answer:



            I assume that you don't have NAT enabled in R1 or R2, which must be the case.



            In order for routing to work between two clients in different networks, both ends must have proper routing table entries set:



            R2 must have the entry:



            Route network 192.168.0.0/24 via 192.168.29.2



            R1 must have the entry



            Route network 192.168.1.0/24 via 192.168.29.3



            You need to have these entries both ways, because IP packets are forwarded in a stateless fashion- Each router looks only at the IP packet destination address and consults the routing entry for that address.



            So, if the other router does not have to proper entries, it will forward the reply packets to wrong router, in this case the GW, which is the default route assigned in the router.







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Dec 25 '18 at 11:43

























            answered Dec 23 '18 at 11:36









            Tero KilkanenTero Kilkanen

            1,38069




            1,38069













            • Thanks for your reply. R2 has NAT enabled, actually, and R1's is enabled as well (I see no option to disable it there at all, while disabling it on R2 disabled the internet connection). How do I work with this?

              – Joseph A.
              Dec 23 '18 at 12:37











            • Actually you also need to set up routes from GW to both 192.168.0.0/24 and 192.168.1.0/24 via their respective routers. If you cannot disable NAT, then you need to use port forwarding on the routers, and then it gets real complicated.

              – Tero Kilkanen
              Dec 23 '18 at 17:28











            • I added a more simple way to work aroung the issue.

              – Tero Kilkanen
              Dec 23 '18 at 17:31











            • Update: now changed DHCP on both R1 and R2 to hand out IPs in the 192.168.29.0/24 range, switched cables from WAN to LAN ports. One router is complaining about its LAN IP being "on the same subnet as its WAN IP" -- which is strange since it doesn't even have a WAN IP anymore -- the WAN cable is unplugged. Anyhow, this was sound advice, and I worked around it by setting the "WAN IP" to a nonsensical address outside the 192.168.29.0/24 range.

              – Joseph A.
              Dec 25 '18 at 6:48











            • I had to create a custom routing entry on the problematic router to something like forward 1.0.0.0 subnet 255.0.0.0 to 192.168.29.1, since it was trying to forward it to the nonsensical WAN IP (it refuses to forward internet traffic to the LAN gw). This feels like a hack -- I could not input 0.0.0.0 so I inputted 1.0.0.0. Will this have an effect on Internet access? Sort of feels like it will. The router in question is a TP-Link Archer C20V1.

              – Joseph A.
              Dec 25 '18 at 6:49





















            • Thanks for your reply. R2 has NAT enabled, actually, and R1's is enabled as well (I see no option to disable it there at all, while disabling it on R2 disabled the internet connection). How do I work with this?

              – Joseph A.
              Dec 23 '18 at 12:37











            • Actually you also need to set up routes from GW to both 192.168.0.0/24 and 192.168.1.0/24 via their respective routers. If you cannot disable NAT, then you need to use port forwarding on the routers, and then it gets real complicated.

              – Tero Kilkanen
              Dec 23 '18 at 17:28











            • I added a more simple way to work aroung the issue.

              – Tero Kilkanen
              Dec 23 '18 at 17:31











            • Update: now changed DHCP on both R1 and R2 to hand out IPs in the 192.168.29.0/24 range, switched cables from WAN to LAN ports. One router is complaining about its LAN IP being "on the same subnet as its WAN IP" -- which is strange since it doesn't even have a WAN IP anymore -- the WAN cable is unplugged. Anyhow, this was sound advice, and I worked around it by setting the "WAN IP" to a nonsensical address outside the 192.168.29.0/24 range.

              – Joseph A.
              Dec 25 '18 at 6:48











            • I had to create a custom routing entry on the problematic router to something like forward 1.0.0.0 subnet 255.0.0.0 to 192.168.29.1, since it was trying to forward it to the nonsensical WAN IP (it refuses to forward internet traffic to the LAN gw). This feels like a hack -- I could not input 0.0.0.0 so I inputted 1.0.0.0. Will this have an effect on Internet access? Sort of feels like it will. The router in question is a TP-Link Archer C20V1.

              – Joseph A.
              Dec 25 '18 at 6:49



















            Thanks for your reply. R2 has NAT enabled, actually, and R1's is enabled as well (I see no option to disable it there at all, while disabling it on R2 disabled the internet connection). How do I work with this?

            – Joseph A.
            Dec 23 '18 at 12:37





            Thanks for your reply. R2 has NAT enabled, actually, and R1's is enabled as well (I see no option to disable it there at all, while disabling it on R2 disabled the internet connection). How do I work with this?

            – Joseph A.
            Dec 23 '18 at 12:37













            Actually you also need to set up routes from GW to both 192.168.0.0/24 and 192.168.1.0/24 via their respective routers. If you cannot disable NAT, then you need to use port forwarding on the routers, and then it gets real complicated.

            – Tero Kilkanen
            Dec 23 '18 at 17:28





            Actually you also need to set up routes from GW to both 192.168.0.0/24 and 192.168.1.0/24 via their respective routers. If you cannot disable NAT, then you need to use port forwarding on the routers, and then it gets real complicated.

            – Tero Kilkanen
            Dec 23 '18 at 17:28













            I added a more simple way to work aroung the issue.

            – Tero Kilkanen
            Dec 23 '18 at 17:31





            I added a more simple way to work aroung the issue.

            – Tero Kilkanen
            Dec 23 '18 at 17:31













            Update: now changed DHCP on both R1 and R2 to hand out IPs in the 192.168.29.0/24 range, switched cables from WAN to LAN ports. One router is complaining about its LAN IP being "on the same subnet as its WAN IP" -- which is strange since it doesn't even have a WAN IP anymore -- the WAN cable is unplugged. Anyhow, this was sound advice, and I worked around it by setting the "WAN IP" to a nonsensical address outside the 192.168.29.0/24 range.

            – Joseph A.
            Dec 25 '18 at 6:48





            Update: now changed DHCP on both R1 and R2 to hand out IPs in the 192.168.29.0/24 range, switched cables from WAN to LAN ports. One router is complaining about its LAN IP being "on the same subnet as its WAN IP" -- which is strange since it doesn't even have a WAN IP anymore -- the WAN cable is unplugged. Anyhow, this was sound advice, and I worked around it by setting the "WAN IP" to a nonsensical address outside the 192.168.29.0/24 range.

            – Joseph A.
            Dec 25 '18 at 6:48













            I had to create a custom routing entry on the problematic router to something like forward 1.0.0.0 subnet 255.0.0.0 to 192.168.29.1, since it was trying to forward it to the nonsensical WAN IP (it refuses to forward internet traffic to the LAN gw). This feels like a hack -- I could not input 0.0.0.0 so I inputted 1.0.0.0. Will this have an effect on Internet access? Sort of feels like it will. The router in question is a TP-Link Archer C20V1.

            – Joseph A.
            Dec 25 '18 at 6:49







            I had to create a custom routing entry on the problematic router to something like forward 1.0.0.0 subnet 255.0.0.0 to 192.168.29.1, since it was trying to forward it to the nonsensical WAN IP (it refuses to forward internet traffic to the LAN gw). This feels like a hack -- I could not input 0.0.0.0 so I inputted 1.0.0.0. Will this have an effect on Internet access? Sort of feels like it will. The router in question is a TP-Link Archer C20V1.

            – Joseph A.
            Dec 25 '18 at 6:49















            1














            You didn't mention the brand and model of the routers so the answer can be just in general...



            As you have mentioned in the comment for previous port and didn't mentioned in the original request there is NAT in place what is quite important part of the issue...



            R1



            route 192.169.1.0/24 via 192.168.29.3


            R2



            route 192.168.0.0/24 via 192.168.29.2


            NAT



            In general all the "cross network" traffic will come to the same interface as other (let say internet) traffic so for your last part of the question it will come to the "next" router into outside interface. Physically it will use the Switch device stated on the schema in original post - request. The most probably you will have to allow this traffic to not be blocked.



            The firewall/NAT will have to be changed to reflect your expectation...




            • you can keep NAT for outgoing traffic without change so all traffic going from 192.169.1.0/24 will be sNATed to 192.168.29.3 (including traffic for destination in 192.168.0.0/24). You will not be able to differentiate between the source devices behind the R2. For allowing incoming traffic you would need to allow source IP 192.168.29.3 @R1.


            • you can exclude the traffic with destination 192.168.0.0/24 to be sNATed on R2 so on R1 (and on the devices on 192.168.0.0/24) you will see original source IP for the traffic. For allowing incoming traffic you would need to allow source IP 192.168.1.0/24 @R1 and in case you would like to allow traffic originated on R2 you would allow also source IP 192.168.29.3 @R1.


            • other option may be creating tunnel (e.g. ipsec) between R1 and R2 and in that case you can bypass this NAT / firewall "issue" using routing using virtual interface or by using crypto maps (in case of ipsec). In case of this option you can even static routes handle via crypto maps. But here it would be more brand specific to point out "correct" key words to search for more information or providing specific hints.







            share|improve this answer




























              1














              You didn't mention the brand and model of the routers so the answer can be just in general...



              As you have mentioned in the comment for previous port and didn't mentioned in the original request there is NAT in place what is quite important part of the issue...



              R1



              route 192.169.1.0/24 via 192.168.29.3


              R2



              route 192.168.0.0/24 via 192.168.29.2


              NAT



              In general all the "cross network" traffic will come to the same interface as other (let say internet) traffic so for your last part of the question it will come to the "next" router into outside interface. Physically it will use the Switch device stated on the schema in original post - request. The most probably you will have to allow this traffic to not be blocked.



              The firewall/NAT will have to be changed to reflect your expectation...




              • you can keep NAT for outgoing traffic without change so all traffic going from 192.169.1.0/24 will be sNATed to 192.168.29.3 (including traffic for destination in 192.168.0.0/24). You will not be able to differentiate between the source devices behind the R2. For allowing incoming traffic you would need to allow source IP 192.168.29.3 @R1.


              • you can exclude the traffic with destination 192.168.0.0/24 to be sNATed on R2 so on R1 (and on the devices on 192.168.0.0/24) you will see original source IP for the traffic. For allowing incoming traffic you would need to allow source IP 192.168.1.0/24 @R1 and in case you would like to allow traffic originated on R2 you would allow also source IP 192.168.29.3 @R1.


              • other option may be creating tunnel (e.g. ipsec) between R1 and R2 and in that case you can bypass this NAT / firewall "issue" using routing using virtual interface or by using crypto maps (in case of ipsec). In case of this option you can even static routes handle via crypto maps. But here it would be more brand specific to point out "correct" key words to search for more information or providing specific hints.







              share|improve this answer


























                1












                1








                1







                You didn't mention the brand and model of the routers so the answer can be just in general...



                As you have mentioned in the comment for previous port and didn't mentioned in the original request there is NAT in place what is quite important part of the issue...



                R1



                route 192.169.1.0/24 via 192.168.29.3


                R2



                route 192.168.0.0/24 via 192.168.29.2


                NAT



                In general all the "cross network" traffic will come to the same interface as other (let say internet) traffic so for your last part of the question it will come to the "next" router into outside interface. Physically it will use the Switch device stated on the schema in original post - request. The most probably you will have to allow this traffic to not be blocked.



                The firewall/NAT will have to be changed to reflect your expectation...




                • you can keep NAT for outgoing traffic without change so all traffic going from 192.169.1.0/24 will be sNATed to 192.168.29.3 (including traffic for destination in 192.168.0.0/24). You will not be able to differentiate between the source devices behind the R2. For allowing incoming traffic you would need to allow source IP 192.168.29.3 @R1.


                • you can exclude the traffic with destination 192.168.0.0/24 to be sNATed on R2 so on R1 (and on the devices on 192.168.0.0/24) you will see original source IP for the traffic. For allowing incoming traffic you would need to allow source IP 192.168.1.0/24 @R1 and in case you would like to allow traffic originated on R2 you would allow also source IP 192.168.29.3 @R1.


                • other option may be creating tunnel (e.g. ipsec) between R1 and R2 and in that case you can bypass this NAT / firewall "issue" using routing using virtual interface or by using crypto maps (in case of ipsec). In case of this option you can even static routes handle via crypto maps. But here it would be more brand specific to point out "correct" key words to search for more information or providing specific hints.







                share|improve this answer













                You didn't mention the brand and model of the routers so the answer can be just in general...



                As you have mentioned in the comment for previous port and didn't mentioned in the original request there is NAT in place what is quite important part of the issue...



                R1



                route 192.169.1.0/24 via 192.168.29.3


                R2



                route 192.168.0.0/24 via 192.168.29.2


                NAT



                In general all the "cross network" traffic will come to the same interface as other (let say internet) traffic so for your last part of the question it will come to the "next" router into outside interface. Physically it will use the Switch device stated on the schema in original post - request. The most probably you will have to allow this traffic to not be blocked.



                The firewall/NAT will have to be changed to reflect your expectation...




                • you can keep NAT for outgoing traffic without change so all traffic going from 192.169.1.0/24 will be sNATed to 192.168.29.3 (including traffic for destination in 192.168.0.0/24). You will not be able to differentiate between the source devices behind the R2. For allowing incoming traffic you would need to allow source IP 192.168.29.3 @R1.


                • you can exclude the traffic with destination 192.168.0.0/24 to be sNATed on R2 so on R1 (and on the devices on 192.168.0.0/24) you will see original source IP for the traffic. For allowing incoming traffic you would need to allow source IP 192.168.1.0/24 @R1 and in case you would like to allow traffic originated on R2 you would allow also source IP 192.168.29.3 @R1.


                • other option may be creating tunnel (e.g. ipsec) between R1 and R2 and in that case you can bypass this NAT / firewall "issue" using routing using virtual interface or by using crypto maps (in case of ipsec). In case of this option you can even static routes handle via crypto maps. But here it would be more brand specific to point out "correct" key words to search for more information or providing specific hints.








                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Dec 24 '18 at 23:32









                Kamil JKamil J

                1213




                1213






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Super User!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1387185%2fset-up-routing-to-forward-requests-to-a-subnet-to-a-certain-router%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Plaza Victoria

                    Puebla de Zaragoza

                    Musa