What's new

How to allow cross subnet access with daisychained routers sharing single gateway

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

spartan77777

Occasional Visitor
Have an overgrown home network with 30+ wired/wireless workstations, server components accessing multiple printers, media and file servers, 2 NAS, etc.
Router 1 is the only gateway out to internet and Router 2 daisy chained into Router 1's LAN. Router 2 is a RT-66U Merlin firmware that has built in VPN, torrent and Samba services.
Currently I have no ability to point from any of the workstations on Router 1 to any of the Router 2 servers or workstation and visa versa due to 2 separate subnets. All components are using 255.255.255.0 subnet mask. Due to the presence if the VPN on Router 2 I would like to keep isolated.

I would like to be able to establish proper bi-directional access from any to any.
What is the cleanest/simplest way to accomplish this? Do I need an additional router or can it be done by just entering the proper static routing instructions on both routers. What are the specifcs?

Basic network layout image is drawn below Thank you for any assistance you can spare.

net1.jpg
 
Last edited:
static routing between the routers.
Basically
router 1:
192.168.1.0/24 gateway router2
router2:
192.168.0.0/24 gateway router 1 (or router 2 WAN depending on how it is set up)
0.0.0.0/0 gateway router 1
 
If you are going to do router to router networking I would turn off the second firewall. You only need one firewall just at the internet gateway.

The way I would share is to use VLANs configured at layer 3 and to share using ACL, access control lists.
 
I kind of figured static routing is the answer but I have no prior practice with static routing/IP tables. Any resource you can recommend to guide me.
Good point on the second router firewall, I will turn it off.
Questions:
- Would it make things simpler to configure, if I don't attach anything to the second router, where only the VPN and transmissions running through the router remain as the only thing, with nothing attached to LAN ports.
- Is it OK to use IP range 192.168.0.x on router_1 and 192.168.1.x on router_2 or is it recommended to change the router2 to something like 10.10.10.1 for better separation.
- Can I keep my 255.255.255.0 subnet mask on all and still be able to access across any to any (router2 can see any PCs and any PC can access router_2 as well as router_1)
- Any problem in having bout routers using the router_1 gateway.
- Will all router_1 members and router_2 itself still utilize the DHCP pool/IP assignment except that router_2 will get an address reservation to assign a certain router 1 IP for it's WAN address.
- How do I do the port forwarding on router 2 to make transmissions web interface available from Internet. Do I need to do locally in router_2 and then create a secondary one for router_1 where one hands over to the other one.

Both of my router_1 and router_2 are ASUS RT-N66U with latest wrt_Merlin firmware.


Thanks.
 
Using networks 192.168.0.0 and 192.168.1.0 should work fine. When you do this all devices connected to the first router assuming 192.168.0.0 network will be allocated IP addresses in this network. All devices connected to the second router network 192.168.1.0 will have IP addresses allocated in this second network. You will plug the WAN port of the second router into a LAN port in the first router. Then you add a static routing statement on the first router pointing to the IP address of the WAN port on the second router with the WAN port on the second router set to DHCP so it will receive an IP address from the first router's DHCP. The second network will be supplied by the second router's DHCP. Also turn off the firewall on the second router otherwise you will not be able to access devices from the first router to the second.
 
Thanks for all the info. I am happy to update that, I am lot closer to the target access but not exactly there yet. I have disabled the firewall on the 2nd router and also disabled the TinyWall firewall on my workstation. As a result I can now resolve and connect all sources on the 192.168.0.x range of my first router from router 2 (192.168.1.x) without issues. So, when I am connected to router 2 wired or wireless everything works as they should. However, the opposite is not true. When I try to access the router 2 from my workstation that is connected to the network of router 1 I have no luck. Looks like the necessary routes got updated automatically on the router 2 for gateway and router1 address range. However, since I have not entered any static route data on my router1 for router2, I am having no lock with r1 to r2 access.
Also, a little scope change. I no longer hang anything off the second router. So, the only thing to be accessed from router 1 to router 2 access is the router 2 itself, no servers, printers, etc hanging off router 2. I am hoping this will somewhat simplify things.
That brings us to my question(s):
1- What is the specific static route instructions I need to enter on router 1, for it to resolve router 2 if it is not difficult to provide. I have never used the static routing and have no clue what to enter to accomplish the goal.
2- Since the goal is not allowing router 1 and PCs on router 1 to be able to access to router 2, do I need to mess with the subnet mask on anywhere. Currently I use the 255.255.255.0 everywhere. My main concern here is my primary laptop and the ultimate goal is being able to access all resource on router 1 and router2 seamlessly.
Thanks for any expertise/recommendation you can spare.
 
Looks like you're in a bad need for a L3 managed switch that's able to perform routing between VLANs.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top