Jump to content

Cascading router setup?

berderder
By berderder
in Networking
 Share
Go to solution Solved by oloap88,

Scrap it, looks like turning off NAT is not an option on your router,

Just add a static IP and gateway to your WAN port and you should be golden..

from your manual:

Quote

The computers that are connected to the Linksys router are now on the same network, and are isolated from the upstream network. However, you will still have access to the Internet through the upstream router (by way of your Linksys router). Because two routers are between your computer and the Internet, Internet traffic undergoes two network address translations. This is sometimes referred to as Double NAT

VPN might be the only way out of it as usually VPN traffic is excluded from NAT.

However, that's a whole different story.

 

 

Posted

Hello,

 

I'm creating a lab environment and am setting up a demilitarized zone in my room. I connected the house router to my room router. The router I am using in my room was just lying around in my parents' basement.

 

I connected the ethernet cable coming out of the house router to the WAN port on the room router. Not getting an internet connection. Since I am currently lazy at the moment, I don't won't to fetch a USB cable from the office and plug in to the router with my laptop. 

 

Any suggestions? I thought it would be more plug and play due to assumed default DHCP setttings. I'm pretty sure I am using known good cables (plugging 3 foot ethernet cables from room router into home desktop and Playstation 4). I suppose the router itself could be bad too.

 

Thank you for any suggestions. 

 

 

ASRock B550M PG RIPTIDE       Corsair Vengeance 16 GB DDR4             TEAMGROUP MP33 1 TB NVME SSD

AMD Ryzen 5 5600X                   Antec DF700 Case                                 MSI Radeon RX 580 4 GB ARMOR OC

 

Link to comment
https://linustechtips.com/topic/743831-cascading-router-setup/
Share on other sites
Link to post
Share on other sites
Posted
  • Author
Just now, brwainer said:

Have you tried factory resetting the router you found?

I've just been very tired today and so I still need to fetch a USB cable to access router settings.

ASRock B550M PG RIPTIDE       Corsair Vengeance 16 GB DDR4             TEAMGROUP MP33 1 TB NVME SSD

AMD Ryzen 5 5600X                   Antec DF700 Case                                 MSI Radeon RX 580 4 GB ARMOR OC

 

Link to comment
https://linustechtips.com/topic/743831-cascading-router-setup/#findComment-9425344
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, berderder said:

I've just been very tired today and so I still need to fetch a USB cable to access router settings.

I have never heard of accessing a router's settings over USB, except a very few routers that have a builtin USB to serial converter, such that you are actually connecting to the serial interface of the router. By factory defaulting, I meant using the reset pinhole that all routers have - normally you hold it down while plugging the router in

Looking to buy GTX690, other multi-GPU cards, or single-slot graphics cards: 

 

Link to comment
https://linustechtips.com/topic/743831-cascading-router-setup/#findComment-9425686
Share on other sites
Link to post
Share on other sites
Posted
  • Author
26 minutes ago, brwainer said:

I have never heard of accessing a router's settings over USB, except a very few routers that have a builtin USB to serial converter, such that you are actually connecting to the serial interface of the router. By factory defaulting, I meant using the reset pinhole that all routers have - normally you hold it down while plugging the router in

Gotcha, I'll take a look. I think it's a USB console connection but I'm not sure. 

ASRock B550M PG RIPTIDE       Corsair Vengeance 16 GB DDR4             TEAMGROUP MP33 1 TB NVME SSD

AMD Ryzen 5 5600X                   Antec DF700 Case                                 MSI Radeon RX 580 4 GB ARMOR OC

 

Link to comment
https://linustechtips.com/topic/743831-cascading-router-setup/#findComment-9425787
Share on other sites
Link to post
Share on other sites
Posted

not plug and play at all..

to explain it ill need to get technical so buckle up.

 

TL.DR

make sure your bedroom and home network are different.

Also, you miss a "return" route on your house router pointing to your bedroom network.

Need to disable NAT on your bedroom router, this might or might not be possible depending on the router.

if you cannot disable NAT, you mileage may vary..

you'r better off with a switch rather than a router

 

 

explanation:

in a single router setup, you have your LAN subnet which is usually 192.168.0.1 to 192.168.0.254.

This is also expressed as 192.168.0.0/24 (reserved network address, cannot be assigned to hosts) 255.255.255.0 (subnet mask).

The subnet mask is 255.255.255.0, this means that 192.168.0.  is your network while the last 255 is your host ip range.

usually home router implicitly create a default route to route connections to host outside the network above trough the WAN interface and to the internet

 

Now, you want to connect your bedroom router to the home router and have a separate network.

You are right to connect from a lan port on the home router to the wan port of your bedroom router.

However, its is not advisable to let the wan port acquire its address through DHCP, you should rather assign a static IP address i.e. 192.168.0.100 subnet 255.255.255.0, i'll explain this later.

 

moving on the bedroom router, you should disconnect it from the home router, connect a lan cable to the LAN port and check the IP configuration you get.

to do dis you can run the "ipconfig" command in command prompt.

Open a browser and visit the ip address of the default gateway.

The usb port you mention is most likely a printer sharing port or used to connect a  usb HDD.

Once you are on the bedroom router config page, you'll have to play with the settings.

 

You want to set you LAN IP address to a DIFFERENT network than your home router, say 192.168.1.1 with subnet 255.255.255.0.

Then you want to assign your WAN interface a static ip address on your home network like 192.168.0.100 subnet 255.255.255.0 and as default gateway 192.168.0.1 (your home router LAN IP address.

 

your bedroom router now will have the same default route saying 0.0.0.0 0.0.0.0 192.168.0.1, meaning that any traffic that is not directed to the 192.168.1.0 network will be forwarded to your home router LAN IP and from there to the internet.

This is usually done by default on home grade routers.

 

Now the tricky part, while you have full routing outbound, meaning your pc can reach the internet, the internet cannot actually reach you!

if you ping 8.8.8.8, your ping will actually get to google, come all the way back just to be terminate on your home router as it doesn;t have a route to the bedroom network.

Hopefully in your home router you will have a static route option somewhere,  and you need to create one,

depending on the router it should look like:

source: any

destination: 192.168.1.0

subnet 255.255.255.0

gateway/next hop: 192.168.0.100

 

this instructs the home router to send any packet with destination 192.168.1.x to your bedroom router WAN IP address.

 

Next is disable NAT on your bedroom router.

you wanna do this as otherwise you would be "double- natting", and this is bad for some applications.

 

ultimately, however, this will never allow you to have a DMZ per se..

if your target is a DMZ, is most likely because you want some server or service to be available from outside your house.

To do this simply do forward the ports you need to the pc/ device that is running the application.

A switch would avoid you some serious configuration pain.

 

hope this helps!

 

 

 

Link to comment
https://linustechtips.com/topic/743831-cascading-router-setup/#findComment-9427109
Share on other sites
Link to post
Share on other sites
Posted
4 hours ago, oloap88 said:

not plug and play at all..

to explain it ill need to get technical so buckle up.

 

TL.DR

make sure your bedroom and home network are different.

Also, you miss a "return" route on your house router pointing to your bedroom network.

Need to disable NAT on your bedroom router, this might or might not be possible depending on the router.

if you cannot disable NAT, you mileage may vary..

you'r better off with a switch rather than a router

 

 

explanation:

in a single router setup, you have your LAN subnet which is usually 192.168.0.1 to 192.168.0.254.

This is also expressed as 192.168.0.0/24 (reserved network address, cannot be assigned to hosts) 255.255.255.0 (subnet mask).

The subnet mask is 255.255.255.0, this means that 192.168.0.  is your network while the last 255 is your host ip range.

usually home router implicitly create a default route to route connections to host outside the network above trough the WAN interface and to the internet

 

Now, you want to connect your bedroom router to the home router and have a separate network.

You are right to connect from a lan port on the home router to the wan port of your bedroom router.

However, its is not advisable to let the wan port acquire its address through DHCP, you should rather assign a static IP address i.e. 192.168.0.100 subnet 255.255.255.0, i'll explain this later.

 

moving on the bedroom router, you should disconnect it from the home router, connect a lan cable to the LAN port and check the IP configuration you get.

to do dis you can run the "ipconfig" command in command prompt.

Open a browser and visit the ip address of the default gateway.

The usb port you mention is most likely a printer sharing port or used to connect a  usb HDD.

Once you are on the bedroom router config page, you'll have to play with the settings.

 

You want to set you LAN IP address to a DIFFERENT network than your home router, say 192.168.1.1 with subnet 255.255.255.0.

Then you want to assign your WAN interface a static ip address on your home network like 192.168.0.100 subnet 255.255.255.0 and as default gateway 192.168.0.1 (your home router LAN IP address.

 

your bedroom router now will have the same default route saying 0.0.0.0 0.0.0.0 192.168.0.1, meaning that any traffic that is not directed to the 192.168.1.0 network will be forwarded to your home router LAN IP and from there to the internet.

This is usually done by default on home grade routers.

 

Now the tricky part, while you have full routing outbound, meaning your pc can reach the internet, the internet cannot actually reach you!

if you ping 8.8.8.8, your ping will actually get to google, come all the way back just to be terminate on your home router as it doesn;t have a route to the bedroom network.

Hopefully in your home router you will have a static route option somewhere,  and you need to create one,

depending on the router it should look like:

source: any

destination: 192.168.1.0

subnet 255.255.255.0

gateway/next hop: 192.168.0.100

 

this instructs the home router to send any packet with destination 192.168.1.x to your bedroom router WAN IP address.

 

Next is disable NAT on your bedroom router.

you wanna do this as otherwise you would be "double- natting", and this is bad for some applications.

 

ultimately, however, this will never allow you to have a DMZ per se..

if your target is a DMZ, is most likely because you want some server or service to be available from outside your house.

To do this simply do forward the ports you need to the pc/ device that is running the application.

A switch would avoid you some serious configuration pain.

 

hope this helps!

 

 

 

One of us has seriously misinterpreted what the OP is trying to do, because we can't both had the same interpretation. I thought the OP was specifically trying to isolate his bedroom behind another layer of NAT, with a completely isolated private network for himself (isolated in the sense that household devices can't get to his devices unless there are port forwards and/or UPNP)

Looking to buy GTX690, other multi-GPU cards, or single-slot graphics cards: 

 

Link to comment
https://linustechtips.com/topic/743831-cascading-router-setup/#findComment-9427655
Share on other sites
Link to post
Share on other sites
Posted
  • Author
13 hours ago, brwainer said:

What model of router is it?

linksys e3200

ASRock B550M PG RIPTIDE       Corsair Vengeance 16 GB DDR4             TEAMGROUP MP33 1 TB NVME SSD

AMD Ryzen 5 5600X                   Antec DF700 Case                                 MSI Radeon RX 580 4 GB ARMOR OC

 

Link to comment
https://linustechtips.com/topic/743831-cascading-router-setup/#findComment-9428313
Share on other sites
Link to post
Share on other sites
Posted
  • Author
7 hours ago, oloap88 said:

not plug and play at all..

to explain it ill need to get technical so buckle up.

 

TL.DR

make sure your bedroom and home network are different.

Also, you miss a "return" route on your house router pointing to your bedroom network.

Need to disable NAT on your bedroom router, this might or might not be possible depending on the router.

if you cannot disable NAT, you mileage may vary..

you'r better off with a switch rather than a router

 

 

explanation:

in a single router setup, you have your LAN subnet which is usually 192.168.0.1 to 192.168.0.254.

This is also expressed as 192.168.0.0/24 (reserved network address, cannot be assigned to hosts) 255.255.255.0 (subnet mask).

The subnet mask is 255.255.255.0, this means that 192.168.0.  is your network while the last 255 is your host ip range.

usually home router implicitly create a default route to route connections to host outside the network above trough the WAN interface and to the internet

 

Now, you want to connect your bedroom router to the home router and have a separate network.

You are right to connect from a lan port on the home router to the wan port of your bedroom router.

However, its is not advisable to let the wan port acquire its address through DHCP, you should rather assign a static IP address i.e. 192.168.0.100 subnet 255.255.255.0, i'll explain this later.

 

moving on the bedroom router, you should disconnect it from the home router, connect a lan cable to the LAN port and check the IP configuration you get.

to do dis you can run the "ipconfig" command in command prompt.

Open a browser and visit the ip address of the default gateway.

The usb port you mention is most likely a printer sharing port or used to connect a  usb HDD.

Once you are on the bedroom router config page, you'll have to play with the settings.

 

You want to set you LAN IP address to a DIFFERENT network than your home router, say 192.168.1.1 with subnet 255.255.255.0.

Then you want to assign your WAN interface a static ip address on your home network like 192.168.0.100 subnet 255.255.255.0 and as default gateway 192.168.0.1 (your home router LAN IP address.

 

your bedroom router now will have the same default route saying 0.0.0.0 0.0.0.0 192.168.0.1, meaning that any traffic that is not directed to the 192.168.1.0 network will be forwarded to your home router LAN IP and from there to the internet.

This is usually done by default on home grade routers.

 

Now the tricky part, while you have full routing outbound, meaning your pc can reach the internet, the internet cannot actually reach you!

if you ping 8.8.8.8, your ping will actually get to google, come all the way back just to be terminate on your home router as it doesn;t have a route to the bedroom network.

Hopefully in your home router you will have a static route option somewhere,  and you need to create one,

depending on the router it should look like:

source: any

destination: 192.168.1.0

subnet 255.255.255.0

gateway/next hop: 192.168.0.100

 

this instructs the home router to send any packet with destination 192.168.1.x to your bedroom router WAN IP address.

 

Next is disable NAT on your bedroom router.

you wanna do this as otherwise you would be "double- natting", and this is bad for some applications.

 

ultimately, however, this will never allow you to have a DMZ per se..

if your target is a DMZ, is most likely because you want some server or service to be available from outside your house.

To do this simply do forward the ports you need to the pc/ device that is running the application.

A switch would avoid you some serious configuration pain.

 

hope this helps!

 

 

 

Thank you. This was a good rebreather. A DMZ I thought was necessary for a lab environment. I didn't know if I needed to configure the bedroom router IP addressing statically, or like I said, I thought it was plug and play where DHCP and DNS from the home router configured everything for me. 

ASRock B550M PG RIPTIDE       Corsair Vengeance 16 GB DDR4             TEAMGROUP MP33 1 TB NVME SSD

AMD Ryzen 5 5600X                   Antec DF700 Case                                 MSI Radeon RX 580 4 GB ARMOR OC

 

Link to comment
https://linustechtips.com/topic/743831-cascading-router-setup/#findComment-9428325
Share on other sites
Link to post
Share on other sites
Posted
  • Author
3 hours ago, brwainer said:

One of us has seriously misinterpreted what the OP is trying to do, because we can't both had the same interpretation. I thought the OP was specifically trying to isolate his bedroom behind another layer of NAT, with a completely isolated private network for himself (isolated in the sense that household devices can't get to his devices unless there are port forwards and/or UPNP)

Yes, that is correct. 

 

A switch would be super easy, but I am trying to create an isolated environment. 

ASRock B550M PG RIPTIDE       Corsair Vengeance 16 GB DDR4             TEAMGROUP MP33 1 TB NVME SSD

AMD Ryzen 5 5600X                   Antec DF700 Case                                 MSI Radeon RX 580 4 GB ARMOR OC

 

Link to comment
https://linustechtips.com/topic/743831-cascading-router-setup/#findComment-9428331
Share on other sites
Link to post
Share on other sites
Posted

had a look at the manual for your router

http://downloads.linksys.com/downloads/userguide/E_Series_UG_E900Rev_3425-01486_Web.pdf

page 20 onward. there is a whole section at page 38 on you exact usage scenario but it is rather confusing.

 

DMZ is a firewall related term.

generally in zone base firewall is a separate network with an intermediate security level.

On this type of router, it simply represent a network with no protection, or a simple source filter protection, which is basically no protection.

The main scope is to expose services to internet, say, your FTP server.

In that case adding a second router will not help. you need to configure it on the main router.

 

If your scope is isolation, the above setup will provide Layer 2 separation, as the router breaks the broadcast domain.

Can't say from the manual but your router seems to support vpn, i would say that most likely you will have a firewall to play with too.

A firewall is definitely the best way to provide network isolation as you can let trough what you want and stop the rest.

 

NAT in this case is unnecessary, but might be the necessary evil.

in that case you will do PAT or port address translation, no big deal but you might have problems with some applications.

NAT is a dirty trick to transform your private address into a single public ip, especially in a LAN environment.

The reason is because double natting can brake quite few applications.

If allowed, i would turn it off and simply route the two network instead using the firewall to filter.

 

 

A funny exercise would be to create a vpn with the "home" router if supported.

that would provide you true separation as the traffic from your room the router would be encrypted.

 

Encryption.. yum..

Link to comment
https://linustechtips.com/topic/743831-cascading-router-setup/#findComment-9429140
Share on other sites
Link to post
Share on other sites
Posted
  • Solution

Scrap it, looks like turning off NAT is not an option on your router,

Just add a static IP and gateway to your WAN port and you should be golden..

from your manual:

Quote

The computers that are connected to the Linksys router are now on the same network, and are isolated from the upstream network. However, you will still have access to the Internet through the upstream router (by way of your Linksys router). Because two routers are between your computer and the Internet, Internet traffic undergoes two network address translations. This is sometimes referred to as Double NAT

VPN might be the only way out of it as usually VPN traffic is excluded from NAT.

However, that's a whole different story.

 

 

Link to comment
https://linustechtips.com/topic/743831-cascading-router-setup/#findComment-9429199
Share on other sites
Link to post
Share on other sites
Posted
  • Author
2 hours ago, oloap88 said:

Scrap it, looks like turning off NAT is not an option on your router,

Just add a static IP and gateway to your WAN port and you should be golden..

from your manual:

VPN might be the only way out of it as usually VPN traffic is excluded from NAT.

However, that's a whole different story.

 

 

I like the sound of Double NAT. I think that's all I want to go for right now. I wanted to be under a second router so that I don't mess with home users devices and their IP addresses or routing 

ASRock B550M PG RIPTIDE       Corsair Vengeance 16 GB DDR4             TEAMGROUP MP33 1 TB NVME SSD

AMD Ryzen 5 5600X                   Antec DF700 Case                                 MSI Radeon RX 580 4 GB ARMOR OC

 

Link to comment
https://linustechtips.com/topic/743831-cascading-router-setup/#findComment-9429952
Share on other sites
Link to post
Share on other sites
Posted
  • Author
5 hours ago, oloap88 said:

Scrap it, looks like turning off NAT is not an option on your router,

Just add a static IP and gateway to your WAN port and you should be golden..

from your manual:

VPN might be the only way out of it as usually VPN traffic is excluded from NAT.

However, that's a whole different story.

 

 

One problem is that I can't use a web browser to access the bedroom router as when I hook up the bedroom router, I lose internet connectivity. I think the bedroom router messing with routing and shuts off any connection to the internet.

ASRock B550M PG RIPTIDE       Corsair Vengeance 16 GB DDR4             TEAMGROUP MP33 1 TB NVME SSD

AMD Ryzen 5 5600X                   Antec DF700 Case                                 MSI Radeon RX 580 4 GB ARMOR OC

 

Link to comment
https://linustechtips.com/topic/743831-cascading-router-setup/#findComment-9430924
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, berderder said:

One problem is that I can't use a web browser to access the bedroom router as when I hook up the bedroom router, I lose internet connectivity. I think the bedroom router messing with routing and shuts off any connection to the internet.

what is more likely happening, is that both routers are using the same subnet for their internet network, i.e. both 192.168.1.0/24, and both using 192.168.1.1 as their internal IP. Try setting up and changing the bedroom router without the WAN link to the main router being connected.

Looking to buy GTX690, other multi-GPU cards, or single-slot graphics cards: 

 

Link to comment
https://linustechtips.com/topic/743831-cascading-router-setup/#findComment-9431383
Share on other sites
Link to post
Share on other sites
Posted
  • Author
14 hours ago, brwainer said:

what is more likely happening, is that both routers are using the same subnet for their internet network, i.e. both 192.168.1.0/24, and both using 192.168.1.1 as their internal IP. Try setting up and changing the bedroom router without the WAN link to the main router being connected.

Would I connect the bedroom router to the modem first to configure it to 192.168.2.1 /24? 

 

Then, would I disconnect the bedroom router from the modem, reconnect the house router to the modem, and put that router to 192.168.1.1 /24? Would the settings be saved that way?

 

The problem is that I can't seem to access the bedroom router configuration without internet access unless I'm wrong and all I have to do is connect it to my pc using a LAN port. 

 

Thats why why I thought maybe I could use the USB port, but like you said, that sounds strange.

ASRock B550M PG RIPTIDE       Corsair Vengeance 16 GB DDR4             TEAMGROUP MP33 1 TB NVME SSD

AMD Ryzen 5 5600X                   Antec DF700 Case                                 MSI Radeon RX 580 4 GB ARMOR OC

 

Link to comment
https://linustechtips.com/topic/743831-cascading-router-setup/#findComment-9434096
Share on other sites
Link to post
Share on other sites
Posted
4 hours ago, berderder said:

The problem is that I can't seem to access the bedroom router configuration without internet access unless I'm wrong and all I have to do is connect it to my pc using a LAN port. 

yes, all you have to do is connect your desktop to the LAN port, and power on the router. don't connect anything else. you should be able to access the settings without internet. If you can't, then you should look up the manual for the router and factory default it. if that still doesn't work, then the router is dead.

Looking to buy GTX690, other multi-GPU cards, or single-slot graphics cards: 

 

Link to comment
https://linustechtips.com/topic/743831-cascading-router-setup/#findComment-9435498
Share on other sites
Link to post
Share on other sites
Posted
  • Author
17 hours ago, brwainer said:

yes, all you have to do is connect your desktop to the LAN port, and power on the router. don't connect anything else. you should be able to access the settings without internet. If you can't, then you should look up the manual for the router and factory default it. if that still doesn't work, then the router is dead.

It worked! Thank you for all of your help!

ASRock B550M PG RIPTIDE       Corsair Vengeance 16 GB DDR4             TEAMGROUP MP33 1 TB NVME SSD

AMD Ryzen 5 5600X                   Antec DF700 Case                                 MSI Radeon RX 580 4 GB ARMOR OC

 

Link to comment
https://linustechtips.com/topic/743831-cascading-router-setup/#findComment-9439339
Share on other sites
Link to post
Share on other sites
Posted
  • Author
On 2/27/2017 at 2:38 PM, brwainer said:

yes, all you have to do is connect your desktop to the LAN port, and power on the router. don't connect anything else. you should be able to access the settings without internet. If you can't, then you should look up the manual for the router and factory default it. if that still doesn't work, then the router is dead.

Question. If my lab environment is 192.168.2.x and the home network is 192.168.1.x, what happens if they both have a subnet of 255.255.255.0?

 

If I try to communicate with a device not in the lab environment but that's in the home network, I wouldn't be able to communicate with them?

 

It doesn't seem like this would affect my lab environment for any purpose, since I only want to communicate with other lab devices. 

ASRock B550M PG RIPTIDE       Corsair Vengeance 16 GB DDR4             TEAMGROUP MP33 1 TB NVME SSD

AMD Ryzen 5 5600X                   Antec DF700 Case                                 MSI Radeon RX 580 4 GB ARMOR OC

 

Link to comment
https://linustechtips.com/topic/743831-cascading-router-setup/#findComment-9447062
Share on other sites
Link to post
Share on other sites
Posted
3 hours ago, berderder said:

Question. If my lab environment is 192.168.2.x and the home network is 192.168.1.x, what happens if they both have a subnet of 255.255.255.0?

 

If I try to communicate with a device not in the lab environment but that's in the home network, I wouldn't be able to communicate with them?

 

It doesn't seem like this would affect my lab environment for any purpose, since I only want to communicate with other lab devices. 

The subnet mask determines what range of IP addresses any particular device considers a "local" device that can be reached directly by, as opposed to devices that are outside the network and have to be reached by sending traffic to the default gateway. 255.255.255.0, also know as /24, means that your local network is x.x.x.0-255 - which is the most sensible choice for nearly all purposes. Making subnet masks larger or smaller is something that should only be done for a specific purpose.

 

Here's a few examples:

-At one apartment complex I lived at in college, the ISP had chosen to set up the entire property as one big subnet, with a single router IP. Their subnet therefore was a /19.

-Most of the apartment complexes our company manages (we aren't the same company from the last example) we use a /24 for each building in the complex. But at one property, we instead use a /29 for each apartment. The difference is that with a /24 for the building, we have to put in port isolation for each port, so that one user can't directly access another user's computer. But at the property where each apartment is its own subnet, we can be a little less strict, and more easily allow the devices inside each apartment to communicate with each other over wired and wireless. 

 

Before I answer your specific questions, let me restate what I understand/assume your setup is:

 

-home router is connected to the internet, and has a LAN address of 192.168.1.1

-lab router has its WAN connected to the home router, WAN address 192.168.1.x, LAN address 192.168.2.1

 

If this is the setup, and you haven't done any port forwarding on the lab router and haven't defined any static routes on the home router, the home router devices cannot reach lab router devices if the home router initiates communication, because neither the home router nor home router devices know anything about the 192.168.2.0/24 network. On the other hand, if the Lab router or a Lab device initiates the connection, then it will be able to reach a home device. The packet flow from a lab computer 192.168.2.50 to a home device 192.168.1.100 works like this:

-lab computer looks at 192.168.1.100 and determines that it is not in the local subnet (by applying the subnet mask). It therefore sends the packet to 192.168.2.1, the default gateway.

-the lab router receives the packet and determines that 192.168.1.100 is on the local subnet of the WAN interface. It starts the process of routing the packet out the WAN interface

-one step of the routing process is NAT. Since this is a packet outgoing on the WAN port, the lab router adds the connection to its NAT table and replaces the destination IP, 192.168.2.50, with its WAN IP 192.168.1.x. It then sends the packet over the home LAN to 192.168.1.100

-192.168.1.100 receives a packet from 192.168.1.x and sends a return packet to 192.168.1.x

-the lab router recieves the incoming response, recognizes the connection in the NAT table, and changes the destination IP to 192.168.2.50. It then determines that 192.168.2.50 is an address on the local subnet of the LAN interface, and sends the packet back.

 

Summary: Home devies cannot initiate communication with Lab devices, but Lab devices will have no issues initiating communication with home devices.

Looking to buy GTX690, other multi-GPU cards, or single-slot graphics cards: 

 

Link to comment
https://linustechtips.com/topic/743831-cascading-router-setup/#findComment-9448344
Share on other sites
Link to post
Share on other sites
Posted
  • Author
22 hours ago, brwainer said:

The subnet mask determines what range of IP addresses any particular device considers a "local" device that can be reached directly by, as opposed to devices that are outside the network and have to be reached by sending traffic to the default gateway. 255.255.255.0, also know as /24, means that your local network is x.x.x.0-255 - which is the most sensible choice for nearly all purposes. Making subnet masks larger or smaller is something that should only be done for a specific purpose.

 

Here's a few examples:

-At one apartment complex I lived at in college, the ISP had chosen to set up the entire property as one big subnet, with a single router IP. Their subnet therefore was a /19.

-Most of the apartment complexes our company manages (we aren't the same company from the last example) we use a /24 for each building in the complex. But at one property, we instead use a /29 for each apartment. The difference is that with a /24 for the building, we have to put in port isolation for each port, so that one user can't directly access another user's computer. But at the property where each apartment is its own subnet, we can be a little less strict, and more easily allow the devices inside each apartment to communicate with each other over wired and wireless. 

 

Before I answer your specific questions, let me restate what I understand/assume your setup is:

 

-home router is connected to the internet, and has a LAN address of 192.168.1.1

-lab router has its WAN connected to the home router, WAN address 192.168.1.x, LAN address 192.168.2.1

 

If this is the setup, and you haven't done any port forwarding on the lab router and haven't defined any static routes on the home router, the home router devices cannot reach lab router devices if the home router initiates communication, because neither the home router nor home router devices know anything about the 192.168.2.0/24 network. On the other hand, if the Lab router or a Lab device initiates the connection, then it will be able to reach a home device. The packet flow from a lab computer 192.168.2.50 to a home device 192.168.1.100 works like this:

-lab computer looks at 192.168.1.100 and determines that it is not in the local subnet (by applying the subnet mask). It therefore sends the packet to 192.168.2.1, the default gateway.

-the lab router receives the packet and determines that 192.168.1.100 is on the local subnet of the WAN interface. It starts the process of routing the packet out the WAN interface

-one step of the routing process is NAT. Since this is a packet outgoing on the WAN port, the lab router adds the connection to its NAT table and replaces the destination IP, 192.168.2.50, with its WAN IP 192.168.1.x. It then sends the packet over the home LAN to 192.168.1.100

-192.168.1.100 receives a packet from 192.168.1.x and sends a return packet to 192.168.1.x

-the lab router recieves the incoming response, recognizes the connection in the NAT table, and changes the destination IP to 192.168.2.50. It then determines that 192.168.2.50 is an address on the local subnet of the LAN interface, and sends the packet back.

 

Summary: Home devies cannot initiate communication with Lab devices, but Lab devices will have no issues initiating communication with home devices.

I'll have to digest this and come up with a response.

 

At the moment, the home router LAN interface is 192.168.1.2 /24 and the WAN interface on the lab router is 192.168.1.1 /24.

 

The LAN interface on the lab router is 192.168.2.1 / 24. 

 

Do I need to change the subnet mask of the lab network to something like /23?

 

Can the lab network and the home network share the same subnet? 

 

I'm confused as to where the line is drawn for the subnet mask.

 

192.168.2.1 /24

is (with subnet mask underneath)

1100000000.10101000.00000010.00000001

11111111.11111111.11111111.00000000

 

192.168.1.1 /24

is (with subnet mask underneath)

11000000.10101000.00000001.00000001

11111111.11111111.11111111.00000000

 

Even though the two IP addresses have the same subnet mask, the network ID parts are different. Isn't that all that's necessary? Am I missing something?

 

So they are different networks, but they are part of the same subnet? I know part of the answer is in what you said in the previous post, but I'm having a hard time seeing it. For lab purposes, they should be on different subnets, right? But why? I think it's the theory that's not sticking with me quite yet. 

 

ASRock B550M PG RIPTIDE       Corsair Vengeance 16 GB DDR4             TEAMGROUP MP33 1 TB NVME SSD

AMD Ryzen 5 5600X                   Antec DF700 Case                                 MSI Radeon RX 580 4 GB ARMOR OC

 

Link to comment
https://linustechtips.com/topic/743831-cascading-router-setup/#findComment-9454341
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, berderder said:

I'll have to digest this and come up with a response.

 

At the moment, the home router LAN interface is 192.168.1.2 /24 and the WAN interface on the lab router is 192.168.1.1 /24.

 

The LAN interface on the lab router is 192.168.2.1 / 24. 

 

Do I need to change the subnet mask of the lab network to something like /23?

 

Can the lab network and the home network share the same subnet? 

 

I'm confused as to where the line is drawn for the subnet mask.

 

192.168.2.1 /24

is (with subnet mask underneath)

1100000000.10101000.00000010.00000001

11111111.11111111.11111111.00000000

 

192.168.1.1 /24

is (with subnet mask underneath)

11000000.10101000.00000001.00000001

11111111.11111111.11111111.00000000

 

Even though the two IP addresses have the same subnet mask, the network ID parts are different. Isn't that all that's necessary? Am I missing something?

 

So they are different networks, but they are part of the same subnet? I know part of the answer is in what you said in the previous post, but I'm having a hard time seeing it. For lab purposes, they should be on different subnets, right? But why? I think it's the theory that's not sticking with me quite yet. 

 

Subnet masks are applied by multiplication, and then you compare two results - if the two results are the same, then the two addresses are in the same subnet.

 

192.168.2.1 /24

1100000000.10101000.00000010.00000001

*

11111111.11111111.11111111.00000000

=

1100000000.10101000.00000010.00000000

 

192.168.1.1 /24

11000000.10101000.00000001.00000001

*

11111111.11111111.11111111.00000000

=

11000000.10101000.00000001.00000000

 

192.168.1.2 /24

11000000.10101000.00000001.00000010

*

11111111.11111111.11111111.00000000

=

11000000.10101000.00000001.00000000

 

 

So by doing the comparison of the results, the 2nd and 3rd IP have the same result and are in the same subnet. The 1st IP is a different result and so is in a different subnet.

 

You do not need to change your subnet mask. Forget subnet masks. Use /24 on everything. anything in the first 3 octets will define the network, and the last octet will define the hosts.

 

If you put your lab and home LANs in the same subnet, you will not have any extra security at all provided by the lab router. At that point, the lab router ends up functioning like an AP - which incidentally is what you would do if you really wanted a single subnet. Any router can be turned into an AP as long as you can disable DHCP on it.

Looking to buy GTX690, other multi-GPU cards, or single-slot graphics cards: 

 

Link to comment
https://linustechtips.com/topic/743831-cascading-router-setup/#findComment-9454837
Share on other sites
Link to post
Share on other sites
Posted
  • Author
21 hours ago, brwainer said:

Subnet masks are applied by multiplication, and then you compare two results - if the two results are the same, then the two addresses are in the same subnet.

 

192.168.2.1 /24

1100000000.10101000.00000010.00000001

*

11111111.11111111.11111111.00000000

=

1100000000.10101000.00000010.00000000

 

192.168.1.1 /24

11000000.10101000.00000001.00000001

*

11111111.11111111.11111111.00000000

=

11000000.10101000.00000001.00000000

 

192.168.1.2 /24

11000000.10101000.00000001.00000010

*

11111111.11111111.11111111.00000000

=

11000000.10101000.00000001.00000000

 

 

So by doing the comparison of the results, the 2nd and 3rd IP have the same result and are in the same subnet. The 1st IP is a different result and so is in a different subnet.

 

You do not need to change your subnet mask. Forget subnet masks. Use /24 on everything. anything in the first 3 octets will define the network, and the last octet will define the hosts.

 

If you put your lab and home LANs in the same subnet, you will not have any extra security at all provided by the lab router. At that point, the lab router ends up functioning like an AP - which incidentally is what you would do if you really wanted a single subnet. Any router can be turned into an AP as long as you can disable DHCP on it.

Got it. So even though they have the same subnet mask, they are not in the same subnet?

ASRock B550M PG RIPTIDE       Corsair Vengeance 16 GB DDR4             TEAMGROUP MP33 1 TB NVME SSD

AMD Ryzen 5 5600X                   Antec DF700 Case                                 MSI Radeon RX 580 4 GB ARMOR OC

 

Link to comment
https://linustechtips.com/topic/743831-cascading-router-setup/#findComment-9460214
Share on other sites
Link to post
Share on other sites
Posted
7 hours ago, berderder said:

Got it. So even though they have the same subnet mask, they are not in the same subnet?

The subnet mask defines the size of the subnet. The IP plus the subnet mask defines the subnet. That's why we call a network 10.0.0.0/8 or 192.168.1.0/24, etc.

Looking to buy GTX690, other multi-GPU cards, or single-slot graphics cards: 

 

Link to comment
https://linustechtips.com/topic/743831-cascading-router-setup/#findComment-9462409
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×