Monday 21 May 2018

networking - Cascading routers: accessing secondary router's clients from first router?


I have a setup using two routers, say Router A and Router B, that looks something like this:


enter image description here


Quite simply, I am cascading Router A and Router B, Router B's WAN port being connected to Router A's LAN port. Router B is a LAN client on Router A with IP 192.168.1.201.


The current situation is that all clients on Router B can access Router A without a problem (for example, 192.168.0.4 can access 192.168.1.3).


I know that a static route must be set up on Router A to route any requests to subnet 192.168.0.* to the secondary router (192.168.1.201). I have done this:


enter image description here


However, for some reason, it is still impossible to reach Router B's LAN from Router A. This is the result of a ping:


jo@axch ~ % ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1): 56 data bytes
Request timeout for icmp_seq 0
92 bytes from 192.168.1.1: Redirect Host(New addr: 192.168.1.201)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 779c 0 0000 3f 01 8155 192.168.1.102 192.168.0.1

Request timeout for icmp_seq 1
92 bytes from 192.168.1.1: Redirect Host(New addr: 192.168.1.201)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 356e 0 0000 3f 01 c383 192.168.1.102 192.168.0.1

^C
--- 192.168.0.1 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

At this point, I am at a loss on how to perform this very simple task. If it helps, I have noticed that Router B seems to be unreachable in Router A (as in, trying to ping 192.168.1.201 fails). I am not sure how that is since Router B clearly reports that its LAN address is 192.168.1.201.



Answer



Sounds like you know a bit about networking. Good job on the explanation.


However, you have failed to consider that the router is a security barrier also using NAT and possibly a firewall.


For the same reason devices on the internet can't access Router A clients, devices in front of Router B can't access Router B clients.


Specifically, the problem is NAT. We could get in to some gory details about how advanced routers don't actually need to NAT and NAT rules can be adjusted. But, I'm assuming these are just home routers with limited options.


Therefore, your only option is probably to turn on port forwarding so that you can access a specific port on a specific machine on the B side from the "dark side" also know as Router A clients. :)


In addition, Router B probably has an option to drop or ignore PING (ICMP packets) on its WAN interface. Therefore you cannot ping it from Router A.


I'm sure you have your reasons for this setup, but it sounds like a simple switch would be better utilized in place of Router B. You can also disable DHCP on Router B, plug the cable in Router B's WAN port into a LAN port on Router B and it too will be a simple switch. You might also want to reprogram Router B to have a LAN IP that is on 192.168.1.x so that you can still reach the configuration interface after doing this.


No comments:

Post a Comment

Where does Skype save my contact's avatars in Linux?

I'm using Skype on Linux. Where can I find images cached by skype of my contact's avatars? Answer I wanted to get those Skype avat...