Solved

Specify next hop on a DD-wrt router

Posted on 2012-12-21
6
889 Views
Last Modified: 2013-02-24
I’m trying to setup a second subnet that will have internet access and be accessible from the outside via RDP.

I have the following:

Cable modem >>>>>> Linksys E1500 >>>>>>>>>>>>>>>>>>>>>>> WAN port of  WRT-54G
            DD-WRT (Sp2)                           DD-wrt (V24-SP1)
            192.168.1.1                          192.168.2.1

If I leave the WRT-54G set to Gateway mode I can get to the internet but nothing from outside (RDP) can get in.  I changed the mode to router on the WRT and set it to a fixed IP:

WAN IP      192.168.1.2
Subnet      255.255.255.0
Gateway      192.168.1.1
DNS      192.168.1.1

Dropped the firewall on both routers.  What I don’t understand is how to specify the next hop for the WRT-54G.  I can’t get on the net in router mode only Gateway mode.  I can’t ping 192.168.1.1 from 192.168.2.144 (just some workstation).

In the E1500 I have created a route that looks like:

Destination LAN Net        192.168.2.0
Subnet mask        255.255.255.0
Gateway              192.168.1.2


I’ve tried to follow the instructions in http://www.dd-wrt.com/wiki/index.php/Linking_Subnets_with_Static_Routes but just can’t get communication with the WRT-54G in router mode.

So the question:  How do I tell 192.168.2.1 to use 192.168.1.1 as its next hop?
0
Comment
Question by:ccampbell15
  • 3
  • 3
6 Comments
 
LVL 6

Accepted Solution

by:
traoher earned 500 total points
ID: 38714802
Those ports are on the same device? draw a picture if you can.
0
 
LVL 2

Author Comment

by:ccampbell15
ID: 38714871
Does this attachment help?
routing.docx
0
 
LVL 6

Assisted Solution

by:traoher
traoher earned 500 total points
ID: 38714881
You are running a double NAT from systems behind Router2.

NAT will be performed traversing Router2.  LAN -> WAN direction.

WAN->LAN will be blocked by default.

Now you can probably ping from router 2 to anything in your LAN 1 but not the  other way and you won't be able to by design.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 2

Author Comment

by:ccampbell15
ID: 38714890
I'm a little confused.  Router2 is set to router not Gateway which I thought dropped NAT?

I can't ping anything on the router 1 LAN from the router 2 LAN.

No way to unblock the WAN->LAN will be blocked by default?
That implies that the 192.168.2 subnet is completed isolated.
0
 
LVL 6

Expert Comment

by:traoher
ID: 38714996
As long as you have double NAT in those low end routers, no.

The only exception is dmz setting but that applies to only a single IP behind each router.

Base on your drawing, computers in your LAN2 side takes IP address 192.168.2.x with default gateway 192.168.2.1

The default gateway for router2 on the Router2 itself is 192.168.1.1.

In this case, packets going from LAN2 to LAN1 will be NATed and if you were to capture the packets, you will see that by the time the packets leaves router2, its source IP has been changed to 192.168.1.2.
0
 
LVL 2

Author Comment

by:ccampbell15
ID: 38720818
Not sure what 8 hours of sleep did but when I set it up again exactly as stated I can ping both ways and get to the Vlan from the outside with RDP.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now