Comms between different networks help

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Borolo

New Around Here
Hi, I.ve read many threads on how to achieve this and had partial success. Please guide me in the correct direction. Many thanks in advance.

I have a Router/Modem/IPTV thing that my ISP installed me, which has the internet connection. It has a network of 192.168.1.0. This will be router 1 and Network 1 to simplify things. IP address 192.168.1.1

Attached to it is an Asus Router RT-AC3200 running Merlin 384.13_4 firmware its WAN input and LAN output of the "modem". It has a Wan Address of 192.168.1.2 in the Network 1. For the network2 it has an IP address of 192.168.2.1.


I have it setup as a Router because:
- Bridge mode is not available in router one, blocked by ISP.
- It has a physical location different from router 1
- I don't want to use it as AP because I have many settings that I use.

So, the problem is that I have a Home Assistant server running on a Pi3modelB+ in network2 with address 192.168.2.55. It has SSH and mqtt server. All IOT components live inside this network without issue. However, I have to connect more devices to network1. I can, of course, ping all devices in network1 from Network2 but my devices connected in Network1 can't see the HASSio server in network2.

I have done the following:
1. I have DMZ in router 1 the lan address of router2: 192.168.1.2

1. created a static route in Router1 as destination 192.168.2.0 - gateway 192.168.1.2 - subnet mask255.255.255.0 - metric 1

2. I DMz in router two to test 192.168.2.55. I can get a laptop in network2 to ping it but nothing else connects not mqtt or ssh or to other pcs.

3. I tried doing these steps to add a rule but it knocked the internet connection in Router 2: created a file in /jffs/scripts named nat-start
with
#!/bin/sh

iptables -I FORWARD -s 192.168.1.0/24 -j ACCEPT

then chmod a+rx /jffs/scripts/*
and sh /jffs/scripts/nat-start

it shows running in the logs but as I said, it knocked down the connection.

4. also tried turning off the firewall

Don't know what else to do, please your appreciated advice.

thanks

Emilio
 

Attachments

  • as2.JPG
    as2.JPG
    33.4 KB · Views: 238

ColinTaylor

Part of the Furniture
Remove the DMZ changes from both routers and delete the nat-start script.

Leave the static route set on Router 1.

Leave the firewall turned off on Router 2.

Turn off NAT (WAN - Internet Connection > Basic Config > Enable NAT = No) on Router 2.

Reboot both routers to ensure the changes are in effect.

You should now be able to ping any IP address in Network 2 from Network 1 (and vice versa).
 

Maverickcdn

Senior Member
Pretty sure the only two things you need are
1) disable firewall on router 2
2) static route you already listed, try without setting any metric
 

Borolo

New Around Here
Remove the DMZ changes from both routers and delete the nat-start script.

Leave the static route set on Router 1.

Leave the firewall turned off on Router 2.

Turn off NAT (WAN - Internet Connection > Basic Config > Enable NAT = No) on Router 2.

Reboot both routers to ensure the changes are in effect.

You should now be able to ping any IP address in Network 2 from Network 1 (and vice versa).
Thanks very much for your help, didn't need to remove the DMZ from router 1.
 

Maverickcdn

Senior Member
Thanks, that did it. this can be frustrating. Turned nat off tho. ;)
Credit goes to Colin. He posted first ;) and I forgot about disabling nat

Id definitely remove the DMZ though
 

ColinTaylor

Part of the Furniture
1. I have DMZ in router 1 the lan address of router2: 192.168.1.2

Thanks very much for your help, didn't need to remove the DMZ from router 1.
You must remove Router 2's IP address (192.168.1.2) from Router 1's DMZ. You have just turned off Router 2's firewall! So you have now exposed Router 2 to the internet.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top