× Introducing the Orbi 970 Series Mesh System with WiFi 7 technology. For more information visit the NETGEAR Press Room.
Orbi WiFi 7 RBE973
Reply

R6300, wireless and wired, outside subnets can't route to and through this device

DCMARTIN
Aspirant

R6300, wireless and wired, outside subnets can't route to and through this device

R6300, wireless and wired, outside subnets can't route to and through this device.  Devices in the R6300's subnet (10.0.0.0) are able to access the internet and access devices on subnets 192.168.1.0 and 10.1.10.0

 

Not sure what I'm doing wrong.    Here is the setup, 3 subnets, "A", "B", and "C":

 

A:  Cisco-Model #-DPC3939B
        WAN - dynamic, assigned by Comcast
        LAN - static  10.1.10.1
        subnet 255.255.255.0

B:  WRT400N
        WAN - static  10.1.10.10
        subnet 255.255.255.0
        LAN - static 192.168.1.1
        subnet 255.255.255.0

C:  Netgear R6300
        WAN - dynamic, currently 192.168.1.101
        subnet 255.255.255.0
        LAN - 10.0.0.1
        subnet 255.255.255.0

Hosts at "C", subnet 10.0.0.0, can reach the internet going through "B". 

They can ping hosts on the 192.168.1.0 and 10.1.10.0 networks. 

But they cannot ping the WAN side of the router they attach to, 192.168.1.101 

(This address is reported in the router's web interface.)

Hosts at "B", can access the internet through "A".
They cannot access anything on subnet 10.0.0.0.
They cannot ping the WAN side of the Netgear R6300,
192.168.1.101

 

The R6300 is used as a DHCP server on its subnet, some devices are wireless and some are wired to the R6300.

 

Message 1 of 3

Accepted Solutions
TheEther
Guru

Re: R6300, wireless and wired, outside subnets can't route to and through this device

Keep in mind that all of your routers have firewalls that restrict devices on the WAN side from accessing devices on the LAN side.  As far as the R6300 is concerned, hosts on "B" are in the Internet and are not permitted to unilaterally contact hosts on "C".  OTOH, hosts on "C" can reach hosts on "B" because firewalls by default permit communication from LAN -> WAN.

 

Your setup is far from ideal for a typical home network.  You have 3 hierarchical layers of firewalls. Traffic for hosts on "C" is going to be triple-NATed, which is never a good thing for trouble-free communication or speed.  Likewise, traffic for hosts on "B" will be double-NATed.  Unless you have a specific need for such a setup, you should eliminate subnet "C" and, optionally, subnet "B".  You can eliminate subnet "C" by converting the R6300 into an AP.  Likewise, you can also convert the WRT400N into an AP.  As APs, the WAN ports should generally not be used, so you may have to rewire the connections.  If you convert both the WRT400N and R6300 to APs, then you'll be left with just subnet "A" and all hosts will have 10.1.10.X addresses.  You will also get rid of all double and tripled NATing.

 

Alternatively, if you have a need to segregate hosts on "A" from "B" (e.g. "A" hosts are untrustworthy DVRs ), then you can keep subnet "B".  But traffic from "B" will still be double-NATed.

 

A third alternative is to enable bridge mode on the DPC3939B (may not be possible without the assistance of your ISP) and convert the R6300 into an AP.  This leaves you with one subnet.  Note that bridge mode will effectively eliminate subnet "A", so "A" hosts will have to move.  But if "A" hosts are, in fact, DVRs then moving them behind either the WRT400N or R6300 may break IPTV.  There are solutions for this but let's not go there unless you are sure you want to do this.

View solution in original post

Message 2 of 3

All Replies
TheEther
Guru

Re: R6300, wireless and wired, outside subnets can't route to and through this device

Keep in mind that all of your routers have firewalls that restrict devices on the WAN side from accessing devices on the LAN side.  As far as the R6300 is concerned, hosts on "B" are in the Internet and are not permitted to unilaterally contact hosts on "C".  OTOH, hosts on "C" can reach hosts on "B" because firewalls by default permit communication from LAN -> WAN.

 

Your setup is far from ideal for a typical home network.  You have 3 hierarchical layers of firewalls. Traffic for hosts on "C" is going to be triple-NATed, which is never a good thing for trouble-free communication or speed.  Likewise, traffic for hosts on "B" will be double-NATed.  Unless you have a specific need for such a setup, you should eliminate subnet "C" and, optionally, subnet "B".  You can eliminate subnet "C" by converting the R6300 into an AP.  Likewise, you can also convert the WRT400N into an AP.  As APs, the WAN ports should generally not be used, so you may have to rewire the connections.  If you convert both the WRT400N and R6300 to APs, then you'll be left with just subnet "A" and all hosts will have 10.1.10.X addresses.  You will also get rid of all double and tripled NATing.

 

Alternatively, if you have a need to segregate hosts on "A" from "B" (e.g. "A" hosts are untrustworthy DVRs ), then you can keep subnet "B".  But traffic from "B" will still be double-NATed.

 

A third alternative is to enable bridge mode on the DPC3939B (may not be possible without the assistance of your ISP) and convert the R6300 into an AP.  This leaves you with one subnet.  Note that bridge mode will effectively eliminate subnet "A", so "A" hosts will have to move.  But if "A" hosts are, in fact, DVRs then moving them behind either the WRT400N or R6300 may break IPTV.  There are solutions for this but let's not go there unless you are sure you want to do this.

Message 2 of 3
DCMARTIN
Aspirant

Re: R6300, wireless and wired, outside subnets can't route to and through this device

Ahh, the firewall. 

 

"I see," said the blind man.

 

Thank you very much for the explanation!

 

 

Message 3 of 3
Top Contributors
Discussion stats
  • 2 replies
  • 5050 views
  • 1 kudo
  • 2 in conversation
Announcements

Orbi WiFi 7