Two routers, one in a DMZ, public services visible but not to me
Posted on 2013-12-27
I have a 76 Mbps FTTC internet connection with a dynamic IP address.
I have used a Netgear WNR2000 router which I've been using for a few years, it connects to the FTTC modem and works well. It has some open ports for a NAS drive that I access from the outside world, and a remote desktop connection to a PC too. I've set the fixed internal IP addresses, service names mapped to port numbers, and the port forwarding - so that all works fine.
My ISP also provides an IP-TV service which only works using a multicast connection, but my Netgear router doesn't support multicast. They provide their own router (BT HomeHub 4) which does. Unfortunately, the port forwarding on their router is poor - it either doesn't work, or it works unreliably.
I have been switching between the two routers - keeping the Netgear one connected by default, unless we want to use the IP-TV, in which case we temporarily forego the NAS and RDP services.
I realised that I could have both: I have left the ISP's router connected, with the IPTV box connected to it directly, and then connected my Netgear router to the ISP's router, and using the ISP's router, configured it to put the Netgear router into the DMZ.
This means the IPTV works (via the ISP's router), and all incoming traffic is sent to my Netgear router in the DMZ, which means everything else works too. From the outside world, everything works fine. Inside my network, everything works fine too.
However, the hostname of my NAS which works outside is no longer accessible inside. I use a DynDNS-like service from the NAS manufacturer QNAP. Using DDNS it gives me a hostname of, say, redlondon.qcloudnas.com. The NAS drive updates the hostname redlondon.qcloudnas.com every 10 minutes so it always matches the public IP address I have from my ISP. It is always accessible from the outside world, but I can no longer access it from inside it.
My ISP's router is 192.168.1.254, and gives IP addresses via DHCP in the range 192.168.1.65, 66 etc. The Netgear router used to be 192.168.1.254 as well, when I used one router or the other, but when I connected the two, the Netgear router saw the "internet port" gave it an address of 192.168.1.65, so it changed its internal network numbering to be 10.0.0.1 to avoid conflicts.
I can access my NAS on 10.0.0.200, its fixed internal IP address. I can also access it via redlondon.qcloudnas.com from outside, but if I try to get to redlondon.qcloudnas.com from inside, it just times out. If I tracert redlondon.qcloudnas.com it resolves to my public IP address, the first hop pings as 10.0.0.1 and then everything times out.
How can I tell my ISP's router at 192.168.1.254 to let traffic from the 10.0.0.1 IP range access the internal stuff?
I guess each router refers to things with different names, so I'm after what's wrong rather than specific step-by-step instructions - if I know what to look for, I'm sure I can find it.