How To Use a Router To Add Network Ports

[PacketRider]

With Method Two, can computers of the network 192.168.199.x share files and printers with those in the 192.168.3.x network? I have a feeling that the PCs of the downstream router can see those of the upstream's, but not the other way around because the uptream's PCs will hit the WAN port of the downstream router.

The value of this solution is two-fold. You have gained an extra port over Method One. And by routing between the upstream and downstream LANs, you've effectively created a broadcast separation between the two networks, which can improve overall network performance in a busy LAN

This quote implies that because of the broadcast separation, nothing can share files between the two networks.

Why can one not simply give the WAN port of the downstream router a static IP that is in the same subnet as the LAN side of the upstream router but outside the range of the DHCP server IPs of the upstream's router? Why give the WAN port on the downstream router a different subnet?

But this can interfere with network connectivity to corporate VPNs, VoIP, and other services connected through the downstream router because of the "Double NAT" configuration

I am not clear on why the NAT on the downstream router has to be disabled given the fact that the computers in the downstream router get a different IP addresses in the x.x.199.x anyway. This is the same as NAT which is translate one address to another. Does double NAT makes an already bad situation, due to the first NAT of the upstream router, worse for the downstream computers?

 

[allxk]

? Is there a limit of how meny routers to be connected ?

? Is there a limit of how meny routers to be connected ?

 

[ssoaring]

Would this information apply if you are trying to hook two routers up together, but the downstream router is the one you want to use as the router. My DSL service provides a router/modem that I do not want to use because I have a better one. Can I use the Method 2 but in reverse?

 

[dreid]

Multiple Router Questions

Thanks for the questions!

Can computers on one subnet share files and printers with those in another network?

Yes they can. You can map a windows share from one router to another. You may have to specify the IP address of the shared drive and give it a name, but it works fine. To do so, enable sharing of the drive or folder on one machine, and then map to that drive via \\(IP address)\(name).

Why can one not simply give the WAN port of the downstream router a static IP that is in the same subnet as the LAN side of the upstream router but outside the range of the DHCP server IPs of the upstream's router?

You should assign to the WAN port of the downstream router a static IP that is in the same subnet as the LAN side of the upstream router.

I am not clear on why the NAT on the downstream router has to be disabled...

Each router running NAT maintains a dynamic table of NAT entries, tracking outbound packet flows and matching them with inbound packet flows. If there is no outbound packet flow matching an inbound packet flow, the inbound packet flow can be discarded. In short, running NAT on the downstream router can restrict traffic flows to devices behind the downstream router unnecessarily.

 

[dreid]

Two more:

Answers to two more questions:

Is there a limit to the number of routers connected?

No, but it can get complex with more than two routers as you'll need to set up multiple static routes or utilize a routing protocol.

My DSL service provides a router/modem that I do not want to use because I have a better one.

My suggestion: Call your DSL provider and ask them to "bridge" your router/modem or replace it with a simple modem. Then use your router to control your network.

 

[ssoaring]

I asked my DSL company to only provide me with a modem when they did the install but they said that the modem/router was all they offered. Luckily they did not change the admin password so I can change the settings in the router to hopefully bridge the connection.

 

[3DHack]

What speed would this set up allow

Hi folks,

This is my first post in this fab forum.

I've been lurking awhile because I am launching a new business very soon where I will be responsible for setting up and maintaining (or finding support for), a small 3D animation studio In Byron Bay Australia.

Due to the generous input of the gurus on smallnetbuilder, I'm gradually getting my head around our requirements and the various issues of storage and network but don't feel I've identified the exact equipment to buy or whether to dive in and learn the skills myself or hire in advice and purchase the business level support options from Dell or HP etc.

Until I am sure what we need I'd prefer to use what gear I already have, including an old ADSL router that will be repaced when I upgrade to ADSL2+.

I'm just wondering if this temporary solution would deliver a reasonable speed between the three computers we currently intend to network.

Cheers

3D

 

[thiggins]

This hack doesn't do anything to improve network speed. It only adds additional network Ethernet ports.

 

[Adonsa]

Need to add downstream router.

Hi, first time posting to this excellent website.
Apologies for not being able to derive the answer from the above message thread.

I have a 4 port Motorola-Netopia Model 2246N-VGx DSL Ethernet Managed Switch.

I need to add a downstream Lynksys wireless router, so far, attempts to configure the linksys have failed.

The configuration of the Netopia 2246N-VGx is:

WAN:IP Address 172.16.34.165
Default Gateway 172.16.34.166
Netmask 255.255.255.252
DHCP Client Off
DHCP Lease Expires N/A
NAT On
WAN Users Unlimited

LAN:
IP Address 192.168.1.254
Netmask 255.255.255.0
Ethernet Status Up
DHCP Server On
DHCP Leases 1 out of 253 leases in use

What should be the downstream Lynksys router settings?

The linksys documentation fails to adequately cover setting it up as a downstream.

Any advice will be much appreciated.

Thanks,
Jack

 

[thiggins]

The Netopia's subnet is 172.16.34.X.

For Method 1, set the LAN IP of the Linksys to an unused IP address in that range and shut off its DHCP server.

 

[Adonsa]

Hi thiggins,

The Netopia's subnet is 172.16.34.X.
For Method 1, set the LAN IP of the Linksys to an unused IP address in that range and shut off its DHCP server.

Unsuccessful so far. I should mention the steps required by Linksys, and what I attempted (mostly defaults):

For convenience, I'll re-state the Netopia DSL Modem settings:

The configuration of the Netopia 2246N-VGx is:

WAN:IP Address 172.16.34.165
Default Gateway 172.16.34.166
Netmask 255.255.255.252
DHCP Client Off
DHCP Lease Expires N/A
NAT On
WAN Users Unlimited

LAN:
IP Address 192.168.1.254
Netmask 255.255.255.0
Ethernet Status Up
DHCP Server On
DHCP Leases 1 out of 253 leases in use

The Linksys Downstream Router Config:

Under Basic Routing:
Automatic Config (instead of static IP)
Local IP Address: 192.168.1.1 (the Linksys default)
Subnet mask: 255.255.255.0 (default)
DHCP Server: Disabled

Under Advanced Routing
GATEWAY/ROUTER - I changed it to Router
RIP: Disabled
Route Name - I Left it blank
Distination LAN IP: 172.16.34.169 (as you suggested)
Subnet Mask: ___ ___ ___ ___
Default Gateway ___ ___ ___ ___
Interface: LAN & Wireless

DDNS: Disabled
MacAddress Clone: Disabled

Apparently, I'm screwing up the Advance Routing settings; if you can suggest to me how to do this correctly, I'll much appreciate.
Thanks much,
Jack

 

[thiggins]

I am sorry, I got the Netopia subnet wrong. Its LAN subnet is 192.168.1.X.

Disable the DHCP server on the Linksys. Set its LAN IP address to an unused address in the 192.168.1.X range, perhaps 192.168.1.200.

Connect a cable between a LAN port on the Netopia and a LAN port on the Linksys. Make no connection to the WAN port on the Linksys.

 

[Adonsa]

Thanks

Wow, thiggins, it works great wired and wireless. I had to correct the DNS Server settings on the iPod Touch 'cause the linksys didn't correctly write it to the iPod. No big deal there.

Many thanks for coaching me through this.

I'm new to this SmallNetBuilder website; I hope to contribute useful info from time to time. Great website.

Cheers,
Jack

 

[imt]

I am trying to follow the steps but not having much success. I have an actionetc router (verizon fios) for the upstream router.

LAN IP: 192.168.177.1

Downstream I have a Netgear FVS338
Wan IP: 192.168.177.2 (static)
Gateway: 192.168.177.1
Lan IP: 192.168.17.1

I currently have this double nat'd and has been fine for years but I know there is a performance hit so I obviously would like to remove the netgears double nat. I have followed the instructions and went into WAN mode and changed to "classical mode" per the instructions from "NAT".

On the actiontec I went into routing and added a route on the Home/office network (i.e. LAN of the actiontec) for a destination of 192.168.17.0 and the gateway of 192.168.177.2 and the netmask as 255.255.255.0. Metric is set to #2.

I tried to ping from a computer on the 192.168.17 lan to the 192.168.177 lan and no reply. I tried it in reverse and the same.

I then tried to ensure that the firewall was open on the netgear by putting in a rule to allow any service, Allow always, Lan users set to any and wan users set to any. I would think this would allow all traffic to pass through. Not sure why this is not working.

I can ping from the netgears routers diagnostics but not from the lan. I assume then that the diagnostics is direct through the wan port anyway. What am I doing wrong?

 

[dreid]

Static Route through Firewall - to imt

It looks like your configuration is correct.

A couple suggestions:

1. Run a traceroute to a destination on the FVS LAN from the Actiontec LAN, make sure it is routing the ping to the FVS WAN interface.
2. Reboot the FVS and retry, that might clear the firewall.
3. Make sure the only rule on the inbound side is Any-Allow Always. Delete all other rules.
4. Disable all site blocking on the FVS.
5. Try creating a new inbound rule on the FVS with the Service = PING, Allow Always. See if that works.

Post your results, I'm curious to see how it goes.

Thanks.

 

[imt]

It looks like your configuration is correct.

A couple suggestions:

1. Run a traceroute to a destination on the FVS LAN from the Actiontec LAN, make sure it is routing the ping to the FVS WAN interface.

I am not a networking guy so not exactly sure what you ment by running a traceroue. But, I tried running "tracert" on my laptop that I connected to the actiontec's lan and tried to ping the lan ip address "192.168.17.1"

The only response back is the lan IP of the actiontec at 192.168.177.1.

2. Reboot the FVS and retry, that might clear the firewall.
3. Make sure the only rule on the inbound side is Any-Allow Always. Delete all other rules.
4. Disable all site blocking on the FVS.
5. Try creating a new inbound rule on the FVS with the Service = PING, Allow Always. See if that works.

Post your results, I'm curious to see how it goes.

Thanks.

I tried steps 3-5 and still no change I cannot ping either lan from either side. Well actually I don't think that statement is true. I was able to ping 192.168.177.1 from my computer on the 192.168.17.x lan but could not ping any other machine on this lan.

I think I stated above I cannot pull up website or anything. The only other thing of interest is that I can type in the DDNS domain name address and I can pull up my actiontec's router page from a computer on the 192.168.17.x network. But if I put 192.168.177.1 in the addresss bar, on a computer in the 192.168.17.x's network to bring up the actontec's router's admin page I get nothing.

 

[dreid]

Tracert = Traceroute

Let's double check your static route. Attached is a screen shot from a Verizon Actiontec with your network paramaters. Check to see if this matches your static route configuration.

When you run the tracert from a PC on the Actiontec LAN to an IP on the FVS LAN, your output will look like this when the static route is working: (Change the .5 to something that is live on your FVS LAN)

C:\Users\dreid>tracert 192.168.17.5

Tracing route to 192.168.17.5
over a maximum of 30 hops:

1 <1 ms <1 ms 1 ms 192.168.177.1
2 1 ms 1 ms 1 ms 192.168.177.2
3 1 ms 1 ms 1 ms 192.168.17.5

Trace complete.

If this doesn't work, make sure you can ping the WAN interface on the FVS from the Actiontec LAN. Enable "Respond to Ping on Internet Ports" in the Security-Rules menu. Let me know how it goes.

 

[imt]

Ok I checked the settings and everything matched. I then made sure the option to respond to ping was checked on the fvs338.

I have my box to box vpn established and thought that this could be the issue so I deactivated the policy so the vpn was off.

I was able to ping from the actionec to the lan ip on the fvs as well as most computers on the 192.168.17.x network. I was not able to remote desktop though to my VM (virtual machine running on my MAC) of windows XP, which I can do from my office via the vpn (I will check this today when I go to work shortly to make sure I can in fact connect).

As far as reverse pinginging from the 192.168.17.x lan to the 192.168.177.x lan, this was not working. I was getting no response. Even though the router says to allow all outgoing I decided to create a rule to allow all services and voila I can ping computers, settop boxes etc on the 192.168.177.x network.

I then tried to remote desktop from my the VM of XP to my laptop and that did not work either. I then thought that the issue could be a really slow wireless connection off the actiontec to my laptop so I plugged in direct. However, I was not even able to ping this computer from the 192.168.17.x network. This was very strange. I had an ip address of 192.168.177.5 but no luck. If I try and ping I get no reply. But I can ping in reverse though. strange?

I have attached pics of my settings so you can see.

Not sure why I cannot remote desktop though. I also need to try and see if I can connect from the .177.x network to my nas on the 17.x network. I will try this later.

Now for the bad part. I then reactivated the VPN on the fvs338 and tried pinging again from the 192.168.177.x network and no response from any computer. Not even from 192.168.17.1 (Lan IP of the netgear). I need the VPN for a fvs338 - fvs338 box to box connection.

Should the VPN affect anything? Is there a way to make this work with VPN activated? If not I am back to square 1 .

ADDED WHEN EDITING POST:

OK well I am at my office and connected home via the VPN and I can remote desktop to the VM of XP just fine.

Then as I was driving to work I had another thought. I did disable the vpn, as noted above and then was able to basically ping both ways. But that was about it. I still could not pull up a web site via the brower on a computer in the 192.168.17.x lan. Why? I could not remote desktop either, why?

What else am I missing? As you can see from the attachements, I have opened the firewall of the fvs338 to all services both ways. Is there something not configured correctly on the actiontec?

 

[dreid]

To IMT

Thanks for all the detail. I can see you've put quite a bit of work into this.

It appears you're making progress.

The surfing problem on the FVS LAN is likely due to the need for a DNS address in your FVS DHCP configuration. Put 192.168.177.1 as a DNS IP in the DHCP configuration on the FVS.

Let's see what that does.

 

[imt]

I added the 192.168.177.1 to the LAN of the FVS338 DHCP and it made no difference.