Networking: Connecting Two Networks in Home (Floor # 1 & Floor 2)

2

0

I have a home networking question. I have two wireless routers having their own network. I want to connect these two networks so their clients can access each other. Following is the configuration.

Router # 1 (This is also connected to internet). WAN: Dynamic LAN: 192.168.1.1

Router # 2 (The WAN port of this router is connected with LAN port of Router # 1 - Internet is working for its clients.) WAN: 192.168.1.2 LAN: 191.168.1.1 Gateway: 192.168.1.1

Now the clients of Router # 2 (having address 191.168.1.1/32) can ping clients of Router # 1 (say 192.168.1.100). But router # 1 or its clients can not ping to Router # 2 or its clients (191.168.1.1/32).

I have tried setting static route in Router # 1 for 191.168.1.0/32 use Gateway 192.168.1.2, but no effect. How can Router # 1 or its clients can reach to Router # 2 or its clients. Additionally I would like to keep R1 and R2 on separate networks for my own reasons.

Any thoughts on possible problems/solutions to the aforementioned problems?

Reloaded

Posted 2014-01-14T18:21:28.980

Reputation: 131

Answers

7

Just plug the cable from Router #1 into a LAN port of Router #2 (instead of into the WAN) and disable the DHCP server of Router #2. You'll also need to change the LAN IP of router #2 to something that doesn't conflict with existing devices on the network.

heavyd

Posted 2014-01-14T18:21:28.980

Reputation: 54 755

Simple enough, should work – MDT Guy – 2014-01-14T18:30:02.047

2Yes, indeed it is simple, but I just want to keep networks separate for no reason. – Reloaded – 2014-01-14T21:14:42.703

works well for the situation of making one cohesive network. – PsychoData – 2014-01-14T21:24:19.147

1@Reloaded, you want to keep the networks separate, but you want to be able to access them in both directions? Not sure what you're trying to accomplish here. – heavyd – 2014-01-14T21:37:47.363

@heavyd exactly what you just said. Whats so hard to get about it? – PsychoData – 2014-01-14T21:39:47.327

I guess the question is why? What features/benefits does separation provide vs a simpler, less problem prone, network configuration? – heavyd – 2014-01-14T21:41:02.803

Could be any number of reasons. Wants to isolate his lab type network from the regular home network, has a small business and runs a server that takes credit card payments and wants to keep that separate for sec reasons. He just wants to. He runs a domain on the R2 network and doesnt want that to interfere with the regular workgroup on the other side (my situation at home) plenty more are possible – PsychoData – 2014-01-14T21:47:02.080

R2 is my lab network and I want to keep it separate. I know the easiest is to be on the same network but I just want to experiment this for learning purpose. Thanks. – Reloaded – 2014-01-15T07:24:55.820

1

First thing that comes to mind is that R2 might be doing NAT. NAT would be making all addresses behind R2 appear as R2 WAN IP (192.168.1.2). If this is the case, then you are going to need to turn off NAT (not possible on all consumer routers) This behavior would also be supported by this or the next solutions.

  • if there is only one machine that you want inbound connections to (from R1 network to a device behind R2 you could configure pinholes in NAT or a DMZ for that machine

Second good possibility is that R2 has a firewall that is blocking all inward connections except established ones. Which would mean that unless someone inside (R2 network) talks to someone outside (R1 network) any data R1 devices send to R2 is going to be ignored or rejected. The way to solve this problem would be turn off the firewall. Again, not all consumer routers have this ability. This would cause the pings sent from R2 network to be responded to, but prevent anything from getting to R2's network so that they can respond, as your question describes)

Third possibility is that R1 may have decided (well, okay, been told in their firmware) that it is consumer grade and I only work on private IP addresses. This would cause the network off R2 to be ignored when you try to talk to it (the R2 network would still get internet access behind something like NAT in this situation, because R1 only knows that it is R2's WAN talking to it and sends back there)

Fourth thing I notice is what is either a typo, or a misconfiguration. I put this as fourth because I'm assuming typo. 192.168.1.0/32 will compare all 32 bits to all destination addresses. with 8 for each octet (set between the periods) that last octet would have to be 0 to match it. This is not a valid address. Something like 191.168.1.0/24 or even /28 or /30 would allow you some room to have addresses match, but 0/32 will never ever match a device.

okay! So! If you have more than just your plain jane linksys or belkin router, you'll get to play with some of the more advanced features. I'd say:

  1. make sure your WAN address is set to something in the R1 Lan statically (keeping 192.168.1.2 is fine, I would just check that it is statically configured, not dynamic).

  2. Turn off the firewall (unless you have something you need/want to protect, then you're going to need to make less restrictive rules to the other parts) or set to "Allow traffic from anywhere to anywhere on any port and protocol" or your devices equivalent

  3. Turn off NAT. If you want to get to their different addresses, then you need to give them their own addresses, not translate their addreses so that they are all behind one.

  4. Decide what you want them to be. They have to be on different networks or at least subnets

    • You have to picture yourself as R1 here. If you get a packet for 192.168.1.5 (R1 network) R1 says oh! I should be able to handle this. and either forwards it immediately, or ARPs to find out where the destination is. IF it doesn't know, but should (since it's its own network) it returns saying unreachable. This is probably whats happening now, R1 only sees 192.168.1.2 not whats behind it.

    • now lets say that you have the server 172.16.1.5 behind R2. If you are R1 and you have a route to 172.16.1.0/24 then it is going to compare and Say "Okay. I have to match the first 24 bits of this address to a route." So it's going to compare the first three octets (that comes out to 24 bits, I made the math easy) with the route. When it matches it will forward the traffic for that to the place you have listed. in this case, 192.168.1.2. As long as you dont have NAT or a Firewall blocking it, or an ACL blocking it, then the traffic should connect.

    • Lets say the R2 network is 172.16.1.0/24 and R1 is 192.168.1.0/24

  5. Make sure you have your DHCP ranges configured correctly on R2. IF there is no nat or firewall, but R2 is handing out 10.10.10.0/24 addresses and you're telling it to go find 191.168.1.0/24 addresses, you're sending your computers on a wild goose chase

  6. It is possible that R1 is looking at the R2 address range you have given it and realized that its private addresses and is sending them upstream to ask your provider for where they are instead. This would be made worse by the /32 issue i mentioned before

    • I would recommend changing R2's network to a private range for this reason. unless you actually own those IPs

  7. Make sure any static addresses are outside of their respective DHCP pools

NOTE! One of your comments mentioned keeping the network in two pieces. This method does not fill that req. If you have a more consumer grade router with fewer options, then you want to:

  1. remove the cable from the WAN port of R2 and change it to one of the LAN ports. This should bypass the NAT and Firewall problems.

  2. Either configure R2 with a DHCP helper address (not likely if you couldnt change the NAT and firewall settings) OR! make sure they are both assigning addresses for the same network (192.168.1.0/24) but different ranges (maybe R1 assigns 1.101-1.150 and R2 assigns 1.151 through 1.200) to avoid them both trying to assign the same IP address.

  3. Make sure any static addresses are changed to the correct range, but outside of any DHCP pools

This is a fairly thorough explanation of a few potential problems and a couple potential solutions to those. There are about a million other things it could be. If you have more specific issues as this progresses I suggest adding a "UPDATE: " for the more specific troubles,and where appropriate and a new answer for the more generic problems. I'll be here if you need anything else!

PsychoData

Posted 2014-01-14T18:21:28.980

Reputation: 1 331

Thanks PsychoData. As soon as I have time I will try these suggestions. – Reloaded – 2014-01-15T07:28:06.800

0

The most probable cause may be your firewall. However, based on the information given, setting up a static route 191.168.1.0/32, that means only traffic for the ip address 191.168.1.0 will go through. What you may have meant is using 191.168.1.0/24.

It might not be a problem, but 191.168.1.0 is a class B ip address and some home networking equipment may not work with that. Even more, the equipment may use it as a classful network address and see it as 191.168.1.0/16.

ponsfonze

Posted 2014-01-14T18:21:28.980

Reputation: 484

As you have already mentioned this didn't worked. I also suspect the problem is the my Router # 2. It is Cisco WRT54G2 Wireless Router. – Reloaded – 2014-01-14T21:21:18.273

Asked: 2014-01-14T18:21:28.980

Viewed: 6 452 times

Active: 2014-01-14T21:39:12.427