NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Static routing: problem reaching host on local network from router's WAN side
I'm having trouble setting up routing in a small office network. I've prepared a diagram of the topology https://drive.google.com/file/d/0B0PjGlcEN6DDV3BpNHJWTEdaWmM/view Few words of explainatio...
Do you have port forwarding set up? Otherwise, how can A get past the firewall on the WNDR4300?
I suspect there are two things working against you.
- WNDR4300 is performing NAT, so it's going to rewrite IP addresses.
- Stock firmware will only NAT IP addresses on its directly connect subnet. In your case, it will not NAT 192.168.123.0/24 traffic.
You should install DD-WRT on your WNDR4300. Then you can disable NAT and operate it as a pure router.
Do you have port forwarding set up? Otherwise, how can A get past the firewall on the WNDR4300?
I suspect there are two things working against you.
- WNDR4300 is performing NAT, so it's going to rewrite IP addresses.
- Stock firmware will only NAT IP addresses on its directly connect subnet. In your case, it will not NAT 192.168.123.0/24 traffic.
You should install DD-WRT on your WNDR4300. Then you can disable NAT and operate it as a pure router.
You are right. I do have port forwarding set up for TCP/22 -> 192.168.1.10:22. This is the reason of destination IP rewriting I didn't understand.
I don't need or NAT or firewalling bewneen LAN and WAN interafaces of WNDR4300 because it's located inside a trusted network (except WiFi access, of course). If I understand correctly stock firmware won't allow me to do that. Welp, time to read up on DD-WRT then :)
Thanks a lot for your help!
If you don't need your WNDR4300 to operate as a router, then convert it to an AP. This will eliminate the 192.168.1.0/24 subnet. Update A's static route for 192.168.123.0/24 to point directly at B.
The easy way to enable AP mode is to use ADVANCED > Advanced Setup > Wireless AP. Tip: Ignore the instructions and avoid the WAN port. The WAN<->LAN path is very slow.
I certainly don't need WNDR4300 to operate as firewall / NAT, but I think I'd still need to use it as a router to direct the traffic from machines connected to the wireless network to C via B.
Would "Static routes" setings be applicable in Wireless AP mode? Otherwise the packets would leave the AP on the default route to A and then would be routed back towards B, which is suboptimal.
Second question: would WNDR4300 in Wireless AP mode be able to act as DHCP server for a segment of 192.168.2.0/24 or not? I'm running dnsmasq on A, so I could work around that if necessary.
rkrzewski wrote:I certainly don't need WNDR4300 to operate as firewall / NAT, but I think I'd still need to use it as a router to direct the traffic from machines connected to the wireless network to C via B.
As an AP, the WNDR4300 operates as a switch. So, server B's eth0 interface would be on the 192.168.2.0/24 subnet. Suppose you change the address for B:eth0 to 192.168.2.10. Then update the static route on A to 192.168.123.0/24 -> 192.168.2.10.
Would "Static routes" setings be applicable in Wireless AP mode?Static routes are not applicable on the AP itself, but you still need one on A, as I described above.
Otherwise the packets would leave the AP on the default route to A and then would be routed back towards B, which is suboptimal.
Yes, this is true, but A will send an ICMP redirect back to the wireless client with information that C is reachable through B. Wireless clients will subsequently send traffic for C directly to B.
Second question: would WNDR4300 in Wireless AP mode be able to act as DHCP server for a segment of 192.168.2.0/24 or not? I'm running dnsmasq on A, so I could work around that if necessary.DHCP server is not supported in AP mode with Netgear firmware. It is supported with DD-WRT. If you want to avoid the ICMP redirect process, then you can use a DHCP server.