-1

I am trying to get my main network to see my homelab network (separate subnets) and both networks have access to the internet. I have tried several approaches and now have 4 routers in the configuration shown below

Network Layout

As you can see I have attempted to add static routes to the 'joining' router and from a machine on the main network (192.168.0.111) I have been using ping to test things out and I am drawing a blank. I have tried with the firewall switched off (on all routers and 0.111) as well to avoid any ICMP interference from it.

so

  1. Ping 192.168.0.1 - works
  2. Ping 192.168.2.64 - works
  3. Ping 192.168.2.1 - work
  4. Ping 192.168.2.70 - Timeout (so is seeing it no return path)
  5. Ping 192.168.4.1 - Timeout

When tried from the 4.0/24 side I have the same problems going from 2.70 -> 2.64

Both sides have no issue getting to 1.254 and beyond!

Many thanks for any assistance.

Andrew Schulman
  • 8,561
  • 21
  • 31
  • 47
Ian Cox
  • 3
  • 2
  • 2
    1. Those devices look like home routers which would typically do NAT. Did you take care of disabling NAT everywhere except of course on the ISP router? 2. You neglected to state from which point in your network you did the ping tests you list in your question. 3. Did you verify your ping targets are actually answering ping requests? Many network devices don't. 4. And finally, are you sure this is on topic in Server Fault, i.e. a real business IT scenario? – Tilman Schmidt Mar 28 '21 at 11:49

2 Answers2

2

It looks like several routers on your network are not behaving as expected. This is most likely due to them acting as NAT gateways in addition to performing the routing functions.

These are TL-WR841N (192.168.2.70) AX6000 (192.168.2.64)

If my assumption is correct, this would explain why your hosts in the subnets 192.168.4/24 and 192.168.0/24 cannot be pinged from outside their subnets. Hosts 'behind' a NAT gateway (host that are on the private subnet) cannot be pinged from the public network. Not without additional configuration.

In the case of AX6000 for example, both subnets that it is connected to are private (192.168.2/24 and 192.168.0/24) however, but the limitation still applies if the router is in NAT mode.

I suggest that you try to determine if the two routers mentioned, are operating in NAT mode.

To test this, you can set a host IP in the subnet 192.168.0/24 as a 'DMZ host' on the AX6000 router, as it is usually called. You can then try to ping the host from an outside subnet.

Alternatively, you could set up a service on the host in the 192.168.0/24 subnet that you can easily verify if it is running. A webserver for example. Then configure a port forwarding on the AX6000 router and test if you can reach the webserver from outside the 192.168.0/24 subnet.

If this works, then the routers are acting as NAT gateways and you need to configure them to do routing only. Usually this is done by configuring the router to operate in Access Point / AP mode.

To disable NAT on the AX6000, I found this:

https://www.tp-link.com/us/support/faq/540/

  1. Step 1 Login the management page of router. Please refer to [FAQ ID: 87] , if you don’t know how to login on the management page.
  2. Step 2 Click NAT on the left panel
  3. Step 3 Find the radio button of “Current NAT Status”
Benjamin Hastings
  • 171
  • 3
  • Really useful response. Thankyou. Latest AX6000 firmware has moved the option to under Advanced->System Tools->System Parameters. Did not find a disable NAT on the smaller units so might be stuck there. I switched 4.1 into AP mode and lost the ability to setup static routing. Next weekend I will have a play about again as do not wish to upset the network during my working week. Many thanks – Ian Cox Mar 29 '21 at 07:20
0
  1. NAT looks like it is off apart from the passthrough setting for common protocols excluding ICMP, I have no forwarding rules defined
  2. 192.168.0.111
  3. Given I ping 2.64 from 0.1 and 2.70 from 4.1 I would say all are answering ping's. The issue is that the static routes would seem to be being ignored.
  4. No this is not business specific it is a home network however I hoped I was talking to the best minds on this topic and could get an answer. If you believe this should have been posted elsewhere then happy to take guidance.
Ian Cox
  • 1
  • Are you the OP? User names same but different accounts. If that is the case, you should merge accounts https://serverfault.com/help/merging-accounts – Dave M Apr 04 '21 at 12:16