Can't access 2nd router in LAN

[AppleBag]

• I've got Router A (main router) with an IP of 192.168.0.1
• Also have Router B, with an IP of 192.168.1.1. Router B is just connected to Router A via an ethernet cable.
• I'm trying to access Router B's web UI as well as SSH into it for file management, but no luck, and admittedly networking isn't my strongest smoot.

Both ASUS routers are running Merlin, and when I run ASUS's Device Discovery tool, it see's the second router (B), but clicking it shows the following error:

According to the screenshot, we're both in the same 255.255.255.0 Subnet Mask, so I'm a bit shook.

I've tried adding various routes in the "routes" tab in Merlin on Router A, but no luck, and TBH I'm not sure I'm even doing that right.

Anyone know how to do this (assumingly simple) task?

 

[Jeffrey Young]

You will need to disable the firewall on router B or create some firewall rules to allow SSH through.

You will also have to create a route on Router A to Router B subnet.

 

[bbunge]

Router a and b are not on the same subnet. The net mask does not drive that the ip address does. B is on su net 192.168.1.0/24

 

[AppleBag]

You will need to disable the firewall on router B or create some firewall rules to allow SSH through.

You will also have to create a route on Router A to Router B subnet.

That's the problem, I can't get to the ui to make any changes. Going on recollection I think i had the firewall on that router turned off.

Which exact route info should i enter?

 

[Jeffrey Young]

First, I am assuming that Router B's WAN is plugged into a LAN port of Router A. From your photo above, it looks like you might have the two routers connected LAN to LAN.

To set up a static route for a LAN to WAN setup

Determine what IP address has been assigned to Router B by Router A. You should set this up as a DHCP reservation in Router A. Let's assume Router B's WAN got an address of 192.168.0.50.

Your static route would then be network 192.168.1.0 netmask 255.255.255.0 via gatewsy 192.168.0.50 via interface LAN on GUI under the LAN tab.

If you are connected LAN to LAN, then the above won't work and you should take @bbunge advice and make the IP address of Router B in the 192.168.0.0/24 subnet and turn off dhcp and nat (make Router B into an AP).

What is your goal anyway? If Router B's firewall is off, then change Router B config from Router mode to an AP mode and keep everything as one network. What you are doing is fine if you want to keep Router A from seeing Router B's network (but you would have to turn Router B's firewall back on and create an SSH rule).

 

[Tech Junky]

Just change the subnet mask on all devices to 255.255.0.0 since 192.168.0.0/16 is the RFC1918 allocation. It's not routable over the internet anyway so opening it up within the internal LAN won't expose anything.

OR change the router IP to 192.168.0.3 and be done with it that way as well.

The error message is dumb and doesn't know networking either.

 

[Jeffrey Young]

Just change the subnet mask on all devices to 255.255.0.0 since 192.168.0.0/16 is the RFC1918 allocation. It's not routable over the internet anyway so opening it up within the internal LAN won't expose anything.

OR change the router IP to 192.168.0.3 and be done with it that way as well.

The error message is dumb and doesn't know networking either.

I was thinking of advising the same about the netmask setting. I just was not sure how Asus would react. Have seen Asus do weird things before.

 

[Tech Junky]

I was thinking of advising the same about the netmask setting. I just was not sure how Asus would react. Have seen Asus do weird things before.

It shouldn't be their choice as it's a standard. They might not make it easy for keeping idiots from shooting themselves in the foot but, it should still be doable. Just put a disclaimer or something on the option in the GUI or bypass all of the nonsense with the CLI option.

This is the sort of thing that pisses me off about consumer gear is the lack of granularity to make things actually work. Sure, there are ways to hack the devices but, it shouldn't be that difficult if you know what you want to do and make it do it.

The other issue seems to be consumer gear limiting the number of hosts / segments due to their cheap CPU / RAM selections not being able to handle an expanded routing table. For the prices they're charging for gear there should be better HW inside the black box.

 

[AppleBag]

What is your goal anyway? If Router B's firewall is off, then change Router B config from Router mode to an AP mode and keep everything as one network. What you are doing is fine if you want to keep Router A from seeing Router B's network (but you would have to turn Router B's firewall back on and create an SSH rule).

Thanks guys, for the help.

My real intention at this point in time is just to be able to access the UI and the file system via ssh so I can copy out the stuff in /jffs. I can't do either at the moment. After I get this all done, I'll probably flash the original firmware on it and possibly just ebay it, as I bought a new router and don't really need this one anymore.

To address the config question, when I posted originally I had it going from the LAN port of Router A into the LAN port of Router B (was thinking a direct conn to the LAN was all I needed to get to the UI, and WAN was for "internet", which I didn't need), but honestly to me it makes no difference how I plug them in as long as I can accomplish the intention I just mentioned, so I just now plugged the Router B port into the WAN instead and will try your routing advice, and report back after trying.

Btw, just for a little bit of context, the reason Router B is 192.168.1.1 (originally it was 192.168.0.1) is just because when I got the new router I wanted IT to be 192.168.0.1, so I logged into the old router and changed it to 1.1 w/out a whole lot of thought, then changed the new router to 0.1.

Now I'm just having some issues trying to get into the old router now that it's 1.1. lol. Had I have known this would happen, I would've just set the old router to something like 192.168.0.3.

 

[AppleBag]

Well, now I do feel like a dumdum, lol...

As soon as I switched the cable on Router B from the LAN port to the WAN port, Router A saw it with no problem, and I can now access B's UI via it's DHCP IP. (doh). I don't even need to add a route in the settings for it (afaik?)

I still wasn't able to access B's SSH, but turns out that was because I had it's SSH setting at "from LAN only"; switching that to "from LAN & WAN" fixed that. So now I'm all set! wewt!

The most confusion for me I suppose came from the whole WAN/LAN thing. I always just assumed the WAN port basically only meant where the modem itself connects, and everything into it meant "from the internet"; meaning open to the whole world essentially, while LAN mean only open to the local network behind the router.

Thanks again guys!

 

[L&LD]

Unless you want to be hacked, change that ssh setting back to LAN only.