0

I have three routers:

  • Router 1 has an external internet connection. It has LAN IP 192.168.0.1 and gives IP addresses in the 192.168.0.* subnet.
  • Router 2 accesses the internet via Router 1. It has WAN IP (on Router 1's network) of 192.168.0.20, LAN IP of 192.168.68.1, and gives IP addresses in the 192.168.68.* subnet.
  • Router 3 accesses the internet via Router 2. It has WAN IP (on Router 2's network) of 192.168.68.122, LAN IP of 192.168.13.1 and gives IP addresses in the 192.168.13.* subnet.

I have a Windows PC connected to Router 1, with LAN IP address 192.168.0.2. I would like to be able to access devices on Router 2 and Router 3's networks from this PC.

To enable this, I ran the following commands:

route -p ADD 192.168.13.0 MASK 255.255.255.0 192.168.68.122 metric 1 if 30
route -p ADD 192.168.68.0 MASK 255.255.255.0 192.168.0.20 metric 1 if 30

This resulted in the output from route print given at the bottom of this question, suggesting it was set up OK.

However, I cannot ping machines on either network via the new routes. For example:

C:\Users\Tom>ping 192.168.0.20 -n 1

Pinging 192.168.0.20 with 32 bytes of data:
Reply from 192.168.0.20: bytes=32 time<1ms TTL=64

Ping statistics for 192.168.0.20:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\Tom>ping 192.168.68.1 -n 1

Pinging 192.168.68.1 with 32 bytes of data:
Request timed out.

Ping statistics for 192.168.68.1:
    Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),

C:\Users\Tom>ping 192.168.68.122 -n 1

Pinging 192.168.68.122 with 32 bytes of data:
Request timed out.

Ping statistics for 192.168.68.122:
    Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),

C:\Users\Tom>ping 192.168.13.1 -n 1

Pinging 192.168.13.1 with 32 bytes of data:
Request timed out.

Ping statistics for 192.168.13.1:
    Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),

I could understand if Router 3's network was inaccessible. (I do not know if route tables support two step routing as required here.) But it is harder to understand why Router 2's network is inaccessible.

What am I doing wrong?

route print output:

C:\Users\Tom>route print
===========================================================================
Interface List
 22...00 ff 90 d2 fc 16 ......Juniper Network Connect Virtual Adapter
 30...a4 bb 6d b3 8c a1 ......Intel(R) Ethernet Connection (5) I219-LM
 18...0a 00 27 00 00 12 ......VirtualBox Host-Only Ethernet Adapter
 25...00 ff aa 18 81 ac ......TAP-Windows Adapter V9
 37...00 ff bd b8 d5 c4 ......TeamViewer VPN Adapter
  6...44 01 bb a8 cb 97 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.2    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link       192.168.0.2    281
      192.168.0.2  255.255.255.255         On-link       192.168.0.2    281
    192.168.0.255  255.255.255.255         On-link       192.168.0.2    281
     192.168.13.0    255.255.255.0   192.168.68.122      192.168.0.2     26
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    281
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    281
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    281
     192.168.68.0    255.255.255.0     192.168.0.20      192.168.0.2     26
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    281
        224.0.0.0        240.0.0.0         On-link       192.168.0.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    281
  255.255.255.255  255.255.255.255         On-link       192.168.0.2    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
     192.168.68.0    255.255.255.0     192.168.0.20       1
     192.168.13.0    255.255.255.0   192.168.68.122       1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 30     41 ::/0                     fe80::1
  1    331 ::1/128                  On-link
 30     41 2003:c9:f72b:a824::/64   On-link
 30    281 2003:c9:f72b:a824:cd5f:d85f:eddb:aad2/128
                                    On-link
 30    281 2003:c9:f72b:a824:d143:ab14:fc96:dced/128
                                    On-link
 30    281 2003:c9:f72b:a824:d984:866c:9de8:9a5c/128
                                    On-link
 30     41 2003:c9:f72b:a834::/64   On-link
 30    281 2003:c9:f72b:a834:99fb:2a0d:280d:bf6f/128
                                    On-link
 30    281 2003:c9:f72b:a834:d143:ab14:fc96:dced/128
                                    On-link
 30    281 2003:c9:f72b:a834:d984:866c:9de8:9a5c/128
                                    On-link
 30     41 2003:c9:f72b:a855::/64   On-link
 30    281 2003:c9:f72b:a855:ad8f:d4ac:5f38:682d/128
                                    On-link
 30    281 2003:c9:f72b:a855:d984:866c:9de8:9a5c/128
                                    On-link
 18    281 fe80::/64                On-link
 30    281 fe80::/64                On-link
 18    281 fe80::11db:d621:42c7:94fb/128
                                    On-link
 30    281 fe80::d984:866c:9de8:9a5c/128
                                    On-link
  1    331 ff00::/8                 On-link
 18    281 ff00::/8                 On-link
 30    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
cfp
  • 101
  • Do the target devices have a route to your network? – Greg Askew Dec 27 '21 at 20:32
  • @GregAskew You are asking about the opposite direction? If so, yes. I can access 192.168.0.2 from computers connected to both Router 2 and Router 3. – cfp Dec 27 '21 at 20:53

1 Answers1

0

In order to packets flow correctly, two things have to be correct:

  1. Router 2 and router 3 must not have NAT enabled.
  2. Proper routing entries have to exist on all nodes:

On Router 1:

  • A route to 192.168.68.0/24 has to exist, router being 192.168.0.20
  • A route to 192.168.13.0/24 has to exist, router being 192.168.0.20

On router 2:

  • A route to 192.168.0.0/24 has to exist. This is an on-link route automatically.
  • A route to 192.168.13.0/24 has to exist. This is an on-link route automatically.

On router 3:

  • A route to 192.168.0.0/24 has to exist, router being 192.168.68.1.
  • A route to 192.168.68.0/24 has to exist. This is an on-link route automatically.

The route on router 3 is covered by default route.

Tero Kilkanen
  • 34,499
  • 3
  • 38
  • 58
  • The routers do not allow static route creation. Can this not be done from the PC as I suggest? – cfp Dec 29 '21 at 08:33
  • No, each router needs its own routing tables to decide where to send packets based on the destination IP address of the packet. So, when "router 2" receives a packet which has desttination IP address `196.168.13.2`, it needs to know where to forward that packet. – Tero Kilkanen Dec 29 '21 at 08:48
  • Forget about Router 3 for now. Why is my PC unable to access machines on Router 2's network with the static routes I added? – cfp Dec 29 '21 at 20:56
  • Is NAT disabled on every router except the one that connects to internet? – Tero Kilkanen Dec 29 '21 at 20:58