Two router cascade conundrum
I have two networks I wish to separate. Both need access to the internet.
Router A is a Linksys wrt54g connected to the internet via a (Alcatel) modem. LAN address 192.168.1.211 LAN IP range 192.168.1.x DHCP enabled. It gets its IP from the server using PPPOE.
Router B is an Alloy IP505DV connected via WAN port to a LAN port on A. WAN IP address is 192.168.1.202 Gateway 192.168.1.211 LAN IP range 192.168.0.x DHCP is disabled. Router is set to 'router' mode rather than 'gateway'. NAT disabled.
I have followed instructions from Alloy's very good telephone support and cross checked with various threads here and elsewhere, I have also rung them back to check that there is no setting on the IP505DV that I have missed. I am not considering ringing Linksys help as it is via a scripted person and has proved next to useless in the past.
This is the situation:
Router B can see the internet, pinging the gateway 192.168.1.211 fine, DNS 202.233.0.3 fine, proxy sever in China 125.247.121.74 fine via network diagnostics in the HTML interface.
PCs (XP PRO) connected to router B with IP addresses in the same range can ping the router 192.168.0.201, but cannot ping anything else. Gateway set to router B IP. DNS 202.233.0.3
** If I connect router B to router A via a LAN port on B, change the IP on the PC to be within the same range as router A and gateway to router A IP then all is fine and internet accessible.**
This is great apart form the fact that:
I want to separate the two networks. Computers connected to router A should not be able to see computers connected to router B.
As an added bonus I want computers connected to router B to be able to see computers connected to router A, if this is possible.
This is probably quite simple for anyone who understands what it is that routers *actually* do, but it has wasted a whole bunch of my time.
Router A is a Linksys wrt54g connected to the internet via a (Alcatel) modem. LAN address 192.168.1.211 LAN IP range 192.168.1.x DHCP enabled. It gets its IP from the server using PPPOE.
Router B is an Alloy IP505DV connected via WAN port to a LAN port on A. WAN IP address is 192.168.1.202 Gateway 192.168.1.211 LAN IP range 192.168.0.x DHCP is disabled. Router is set to 'router' mode rather than 'gateway'. NAT disabled.
I have followed instructions from Alloy's very good telephone support and cross checked with various threads here and elsewhere, I have also rung them back to check that there is no setting on the IP505DV that I have missed. I am not considering ringing Linksys help as it is via a scripted person and has proved next to useless in the past.
This is the situation:
Router B can see the internet, pinging the gateway 192.168.1.211 fine, DNS 202.233.0.3 fine, proxy sever in China 125.247.121.74 fine via network diagnostics in the HTML interface.
PCs (XP PRO) connected to router B with IP addresses in the same range can ping the router 192.168.0.201, but cannot ping anything else. Gateway set to router B IP. DNS 202.233.0.3
** If I connect router B to router A via a LAN port on B, change the IP on the PC to be within the same range as router A and gateway to router A IP then all is fine and internet accessible.**
This is great apart form the fact that:
I want to separate the two networks. Computers connected to router A should not be able to see computers connected to router B.
As an added bonus I want computers connected to router B to be able to see computers connected to router A, if this is possible.
This is probably quite simple for anyone who understands what it is that routers *actually* do, but it has wasted a whole bunch of my time.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Frabble that was really helpful.
I managed to get the system to work using the static route feature on router A. Internet access and separate networks.
The networks not being able to see each other happened without any access control rules being set up on router B. I set up a firewall rule to restrict access, then deleted it. The internet remained accessible during this process.
Then I breathed a sign of relief.
I plugged in a second PC to router B, in order to check that PCs on the Lan side of router B could see each other.
Then it stopped working. No internet access. On either machine.
I will be able to have another look at it in a few hours time. I will reset router B to factory defaults and re-configure it completely.
I managed to get the system to work using the static route feature on router A. Internet access and separate networks.
The networks not being able to see each other happened without any access control rules being set up on router B. I set up a firewall rule to restrict access, then deleted it. The internet remained accessible during this process.
Then I breathed a sign of relief.
I plugged in a second PC to router B, in order to check that PCs on the Lan side of router B could see each other.
Then it stopped working. No internet access. On either machine.
I will be able to have another look at it in a few hours time. I will reset router B to factory defaults and re-configure it completely.
OK. Regarding the networks not seeing each other, this will happen in your case because machine names are resolved to IP addresses using netbios-name broadcasts and these are not passed through the router. You'll still be able to access across the router if you use the IP addresses instead of the name, which is why you may want to have access control rules.
ASKER
Not sure what you mean by 'You'll still be able to access across the router if you use the IP addresses instead of the name'. All PCs network adapters have discrete IPs.
I used the second part of your suggestion; 'if internet access doesn't work for Router B machines then you'll need to change Router B to Gateway mode, with NAT. The static route won't be required then and access from Router A machines will be automatically be restricted.'
(Which may be the same as what MarkDozier wrote, but I found your explanation much easier to understand)
And all worked, machines access internet and are inaccessible from other network. Would still like them to be able to see network A if possible. The other issue is that if i set router B IP then internet access stops, DHCP from router A and all is fine.
I will be looking at it in about an hours time.
I used the second part of your suggestion; 'if internet access doesn't work for Router B machines then you'll need to change Router B to Gateway mode, with NAT. The static route won't be required then and access from Router A machines will be automatically be restricted.'
(Which may be the same as what MarkDozier wrote, but I found your explanation much easier to understand)
And all worked, machines access internet and are inaccessible from other network. Would still like them to be able to see network A if possible. The other issue is that if i set router B IP then internet access stops, DHCP from router A and all is fine.
I will be looking at it in about an hours time.
INTERNET CLOUD
|
|
ISP MODEM(DHCP SERVER)
|
|
==============
| \
Rtr A Rtr B
outside interface outside ineterface
(DHCP client) (DHCP client)
| |
| |
Rtr A(DHCP server) Rtr B (DHCP server)
| |
net A net B
192.168.0.x 192.168.1.x
255.255.255.0 255.255.255.0
(254 clients on each net)
Now from this picture
Net A client will point to 192.168.0.1 for gateway
Net B client will point to 192.168.1.0 for gatewat
Turn on DHCP serve for the inside interfaces
Set you scope .1 should be exluded and set that to a static IP of 192.168.1.1 or 0.1
on the correct rtr.
NAT will be automatic between the inside and outside interfaces or should be