Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Two router cascade conundrum

Posted on 2006-04-09
Medium Priority
Last Modified: 2013-11-30
I have two networks I wish to separate. Both need access to the internet.

Router A is a Linksys wrt54g connected to the internet via a (Alcatel) modem. LAN address LAN IP range 192.168.1.x DHCP enabled. It gets its IP from the server using PPPOE.
Router B is an Alloy IP505DV connected via WAN port to a LAN port on A. WAN IP address is Gateway LAN IP range 192.168.0.x DHCP is disabled. Router is set to 'router' mode rather than 'gateway'. NAT disabled.

I have followed instructions from Alloy's very good telephone support and cross checked with various threads here and elsewhere, I have also rung them back to check that there is no setting on the IP505DV that I have missed. I am not considering ringing Linksys help as it is via a scripted person and has proved next to useless in the past.

This is the situation:
Router B can see the internet, pinging the gateway fine, DNS fine, proxy sever in China fine via network diagnostics in the HTML interface.
PCs (XP PRO) connected to router B with IP addresses in the same range can ping the router, but cannot ping anything else. Gateway set to router B IP. DNS

** If I connect router B to router A via a LAN port on B, change the IP on the PC to be within the same range as router A and gateway to router A IP then all is fine and internet accessible.**

This is great apart form the fact that:

I want to separate the two networks. Computers connected to router A should not be able to see computers connected to router B.

As an added bonus I want computers connected to router B to be able to see computers connected to router A, if this is possible.

This is probably quite simple for anyone who understands what it is that routers *actually* do, but it has wasted a whole bunch of my time.
Question by:phl6hal
  • 2
  • 2

Expert Comment

ID: 16414878
lets draw a picture
        |                              \
     Rtr A                          Rtr B
 outside interface              outside ineterface
  (DHCP client)                  (DHCP client)
        |                                    |
        |                                    |
    Rtr A(DHCP server)         Rtr B (DHCP server)
        |                                     |
     net A                              net B
192.168.0.x                         192.168.1.x            
(254 clients on each net)

Now from this picture
Net A client will point to for gateway
Net B client will point to for gatewat
Turn on DHCP serve for the inside interfaces
Set you scope  .1 should be exluded and set that to a static IP of or 0.1
on the correct rtr.

NAT will be automatic between the inside and outside interfaces or should be
LVL 15

Accepted Solution

Frabble earned 2000 total points
ID: 16415277
Hi phl6hal

The problem is that 192.168.1.X addresses do not have a path back to the 192.168.0.X addresses.
You can fix this by adding a static route on the Linksys for network, mask to be gateway (Alloy WAN IP address).
If you don't want computers on Router A to see machines on Router B then you'll need to set up access control on Router B to control the services allowed.

I'm assuming that the Linksys will also source NAT the 192.168.0.X network for internet access (even though its LAN address is 192.168.1.X). Once the static route is in place, if internet access doesn't work for Router B machines then you'll need to change Router B to Gateway mode, with NAT. The static route won't be required then and access from Router A machines will be automatically be restricted.

Author Comment

ID: 16423532
Thanks Frabble that was really helpful.

I managed to get the system to work using the static route feature on router A. Internet access and separate networks.
The networks not being able to see each other happened without any access control rules being set up on router B. I set up a firewall rule to restrict access, then deleted it. The internet remained accessible during this process.

Then I breathed a sign of relief.

I plugged in a second PC to router B, in order to check that PCs on the Lan side of router B could see each other.
Then it stopped working. No internet access. On either machine.

I will be able to have another look at it in a few hours time. I will reset router B to factory defaults and re-configure it completely.
LVL 15

Expert Comment

ID: 16432330
OK. Regarding the networks not seeing each other, this will happen in your case because machine names are resolved to IP addresses using netbios-name broadcasts and these are not passed through the router. You'll still be able to access across the router if you use the IP addresses instead of the name, which is why you may want to have access control rules.

Author Comment

ID: 16432901
Not sure what you mean by 'You'll still be able to access across the router if you use the IP addresses instead of the name'. All PCs network adapters have discrete IPs.

I used the second part of your suggestion; 'if internet access doesn't work for Router B machines then you'll need to change Router B to Gateway mode, with NAT. The static route won't be required then and access from Router A machines will be automatically be restricted.'

(Which may be the same as what MarkDozier wrote, but I found your explanation much easier to understand)

And all worked, machines access internet and are inaccessible from other network. Would still like them to be able to see network A if possible. The other issue is that if i set router B IP then internet access stops, DHCP from router A and all is fine.

I will be looking at it in about an hours time.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question