I want to access my server on a different subnet.
Here is my network topology:
Internet
|
|
ADSL
x.x.x.x (external)
D-link DSL-2730E (Router1)---------------------+
255.255.255.0 |
192.168.1.1 (internal) |
DHCP active |
| |
| |
| |
LAN-to-WAN |
192.168.1.2 (external, static) 192.168.1.100 (DHCP)
Linksys WAG120N (Router2) PC1 Windows 10
255.255.255.0
192.168.2.1 (internal)
DHCP active
|
|
192.168.2.2 (static)
Ubuntu Server 16.04 with node server listening on Port 3344
Additional info:
- Router1 is connected to Router2 LAN-to-WAN
- Both routers is NAT-enabled, dynamic routing disabled
- Router2 SPI firewall protection switched off, unblocked anonymous WAN request
- Router1 port forwarding to 192.168.1.2 WAN port 3344, LAN port 3344 TCP
- Router2 port forwarding to 192.168.2.2 WAN port 3344, LAN port 3344 TCP
- I can ping Router2 192.168.2.1 from my PC1
- I get "Request timed out" when I ping the server 192.168.2.2 from my PC1
- I have set up a static route on my Router1 with destination to 192.168.2.0, subnet mask 255.255.255.0, next-hop address 192.168.1.2, there is only one interface available which is a1 interface and the metric to 1.
- The port forwarding is working and the server is responding when the traffic is coming from the internet i.e. when I enter the Router1 external IP address and the forwarded port x.x.x.x:3344 in a browser on PC1, I get a response in the browser. Strangely, when I enter Router2 external IP address 192.168.1.2:3344 or Router2 internal IP address 192.168.2.1:3344 (via static route) in the browser on PC1 which I expect the Router2 to forward the traffic to my server@192.168.2.2:3344, neither of them works, on Google Chrome it says "This site can’t be reached".
- You may ask why I am not using the LAN port instead of WAN port on my Router2. My goal is to block internet access completely for the 192.168.2.0/24 subnet and to allow internet access for the 192.168.1.0/24 subnet. There will be about 12 android client devices connecting to the server in the 192.168.2.0/24 subnet which are not allowed to access the internet except the server.
- Another reason I want to use a separate subnet is because it will be easier to manage the internet access filter by filtering the whole IP range (except the server) in the subnet through a single router.
Here is my tracert result from PC1:
Tracing route to 192.168.2.1 over a maximum of 30 hops
1 <1 ms 1 ms 1 ms 192.168.1.1
2 3 ms 4 ms 2 ms 192.168.2.1
Trace complete.
Tracing route to 192.168.2.2 over a maximum of 30 hops
1 <1 ms 1 ms 2 ms 192.168.1.1
2 * * 2 ms 192.168.1.2
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.
It doesn't seem like a router issue to me, where does it go wrong, the Ubuntu or the node/express server? Thanks in advance.
Edit:
- Swapped the routers
- Disabled NAT and port forwarding on Router2
- Router1 port forwarding to 192.168.2.2 WAN port 3344, LAN port 3344 TCP, I still can access the server from my public IP:3344, but cannot access the server from my router1 IP:3344