1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can't get out to Internet?

Discussion in 'Tomato Firmware' started by garyfritz, Apr 24, 2009.

  1. garyfritz

    garyfritz Addicted to LI Member

    I recently installed Tomato v1.23.1607 on a Linksys WRT54G v2. At first it seemed that everything was working OK (I think, see below). But now I'm having problems with getting out to the Internet -- or more specifically, to the next-higher router, since I have a multi-router setup:

    Code:
    ---ISP---Router2---Linksys
                 \
                  \----Router1
    Router2's subnet is 10.1.2.*, its internal address is 10.1.2.1, external is DHCP
    Router1's subnet is 10.1.1.*, its internal address is 10.1.1.1, external is 10.1.2.2
    Linksys's subnet is 10.1.3.*, its internal address is 10.1.3.1, external is 10.1.2.3

    From a system connected to the Linksys e.g. 10.1.3.100, I can ping the Linksys at 10.1.3.1 (and get DHCP assignments), but I can't ping the parent router (Router2 at 10.1.2.1) nor beyond. 10.1.2.1 is the Gateway for the Linksys and Router1. Router1 works fine -- Linksys doesn't.

    I'm 99% sure I had this thing working at one point, but I may have fooled myself by having connections open to two routers at once -- on the other hand, my son hasn't complained about his iPod Touch not working since I switched him to the Linksys, though I can't make it work now.

    Here's the relevant section from the Status page:

    WAN
    MAC Address xxxxxx
    Connection Type Static IP
    IP Address 10.1.2.3
    Subnet Mask 255.255.255.0
    Gateway 10.1.2.1
    DNS 208.67.222.222, 208.67.220.220
    MTU 1500

    Status Connected
    Connection Uptime 0 days, 00:45:48

    LAN
    Router MAC Address xxxxx
    Router IP Address 10.1.3.1
    Subnet Mask 255.255.255.0
    DHCP 10.1.3.101 - 10.1.3.254

    I've rebooted the Linksys and that didn't help. Can anyone see what might be preventing me from getting out through this router?

    Thanks!
    Gary
     
  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Have you tried pinging from the Linksys router itself (WebGUI->Tools->ping)?

    Also, have you checked your routing table on the Linksys LAN computer and the Linksys router (WebGUI->Advanced->Routing)?
     
  3. garyfritz

    garyfritz Addicted to LI Member

    No problem pinging the router (10.1.3.1) from either the router or from a connected computer. Pinging the gateway router (10.1.2.1) fails from computers in the 10.1.3.* subnet and from the router itself.

    Not sure what to look for in the routing table:
    Code:
    Destination  Gateway    Subnet Mask       Metric        Interface
    10.1.2.0        *       255.255.255.0        0          vlan1 (WAN)
    10.1.3.0        *       255.255.255.0        0          br0 (LAN)
    127.0.0.0       *       255.0.0.0            0          lo
    default      10.1.2.1   0.0.0.0              0          vlan1 (WAN)
    The only thing that jumps out at me is the 0.0.0.0 subnet mask on the "default" line, but the mask on the 10.1.2.0 line (upstream connection to router2) is OK. Oh wait, the 10.1.2.0 line has no Gateway!! But as you can see in the Status display, I DO have the Gateway set properly... ??
     
  4. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    I meant pinging Router2 from the linksys router.

    That routing table looks fine. The other half of what I asked could still be useful, though. You can get the routing table on windows with
    Code:
    route print
    and on linux with
    Code:
    route -n
    .
     
  5. garyfritz

    garyfritz Addicted to LI Member

    Sorry, I realized you meant pinging Router2 and added it in there, but you were already responding. :) The Linksys can't ping Router2 any better than the 10.1.3.* computers can.

    Whoops, missed the request for the Windows route table. Here is the table for a Vista box connected via Wifi. I believe the 192.168.* IPs are VMware virtual networks.

    Code:
    $ route print
    ===========================================================================
    Interface List
     11 ...00 1f 3a 33 81 1e ...... Atheros AR5007 802.11b/g WiFi Adapter
     13 ...00 50 56 c0 00 01 ...... VMware Virtual Ethernet Adapter for VMnet1
     15 ...00 50 56 c0 00 08 ...... VMware Virtual Ethernet Adapter for VMnet8
      1 ........................... Software Loopback Interface 1
     23 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter
     10 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
     25 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #2
     12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
     14 ...00 00 00 00 00 00 00 e0  isatap.{5ADF8A1B-D906-4BED-A04B-5789263D40ED}
     16 ...00 00 00 00 00 00 00 e0  isatap.{267B4A67-F99A-420B-87CD-19A1F62785D1}
    ===========================================================================
    
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0         10.1.3.1       10.1.3.248     25
             10.1.3.0    255.255.255.0         On-link        10.1.3.248    281
           10.1.3.248  255.255.255.255         On-link        10.1.3.248    281
           10.1.3.255  255.255.255.255         On-link        10.1.3.248    281
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        192.168.148.0    255.255.255.0         On-link     192.168.148.1    276
        192.168.148.1  255.255.255.255         On-link     192.168.148.1    276
      192.168.148.255  255.255.255.255         On-link     192.168.148.1    276
        192.168.171.0    255.255.255.0         On-link     192.168.171.1    276
        192.168.171.1  255.255.255.255         On-link     192.168.171.1    276
      192.168.171.255  255.255.255.255         On-link     192.168.171.1    276
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link     192.168.148.1    276
            224.0.0.0        240.0.0.0         On-link     192.168.171.1    276
            224.0.0.0        240.0.0.0         On-link        10.1.3.248    281
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link     192.168.148.1    276
      255.255.255.255  255.255.255.255         On-link     192.168.171.1    276
      255.255.255.255  255.255.255.255         On-link        10.1.3.248    281
    ===========================================================================
    Persistent Routes:
      None
    
    IPv6 Route Table
    ===========================================================================
    Active Routes:
     If Metric Network Destination      Gateway
     12     18 ::/0                     On-link
      1    306 ::1/128                  On-link
     12     18 2001::/32                On-link
     12    266 2001:0:4137:9e50:30c3:10f7:f5fe:fe92/128
                                        On-link
     13    276 fe80::/64                On-link
     15    276 fe80::/64                On-link
     12    266 fe80::/64                On-link
     13    276 fe80::2807:ac4:9ad8:d5d0/128
                                        On-link
     12    266 fe80::30c3:10f7:f5fe:fe92/128
                                        On-link
     15    276 fe80::b15d:137d:7cb:9e6f/128
                                        On-link
      1    306 ff00::/8                 On-link
     12    266 ff00::/8                 On-link
     13    276 ff00::/8                 On-link
     15    276 ff00::/8                 On-link
    ===========================================================================
    Persistent Routes:
      None
     
  6. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    The routing on your linksys looks fine, so if it can't ping Router2 (and Router1 can), then my best guess would be a physical connection problem.

    Alternatively, have you tried having the linksys get its IP from Router2 via DHCP?

    EDIT: one more long-shot thought just occurred to me. Are you sure that the LAN netmask configured on Router2 is 255.255.255.0 as you've entered into the linksys? If it were 255.255.254.0, it would explain what you're seeing. If that's the case, try changing the linksys LAN IP from 10.8.3.1 to 10.8.4.1 (and entering the correct netmask for the WAN on the linksys).
     
  7. garyfritz

    garyfritz Addicted to LI Member

    Gack!! Your suggestion to try DHCP led me to the answer. The Linksys got an IP in the 10.1.1.* subnet! Whaaa?? I'd moved the Linksys from one room to another, and in the process I screwed up and hooked it into Router1 instead of into Router2!! *DUH*. Sorry to waste your time with a PEBKAC error...

    I have to figure out how I'm going to resolve this network wiring issue. The story is: we run our business out of our home. We have sensitive client data on our systems. We didn't like having our kids running on the same subnet where they could catch a virus and cause all kinds of grief. So Router1 is our "work" subnet, and Linksys is the kids' subnet for their PC, their iPod/DSi, etc. The gateway (Router2) and work (Router1) routers are in one office. My office is in another part of the house, with a LAN line connecting them. But my kids' PC is also in my office. I moved the Linksys down to my office, thinking I would split off the kids' subnet from the work subnet -- wrong!! I'd need VLANs to do what I wanted. Maybe I'll have to switch to DD-WRT. For now I'll swap the line to my office over to the kids' subnet, and just use wifi to the "work" subnet on my computer.......

    Thanks for your help SgtP!
     
  8. jza80

    jza80 Network Guru Member

    I see that your problem was due to pebkac and/or esto. :p

    .
    .

    I just wanted to add something that you may or may not know about.

    If you don't need NAT and firewall on Linksys and Router 1, you can change them to router mode instead of gateway mode.

    Then set static routes from Router 2 to Router 1 and Router 2 to Linksys like so:

    Router 2 to Router 1: 10.1.1.0 255.255.255.0 10.1.2.2
    Router 2 to Linksys: 10.1.3.0 255.255.255.0 10.1.2.3

    Static routes are specified as: destination network (the network you want to get to), subnet mask of destination network, gateway (next-hop router) to use to get to the destination network.


    Make sure Router 1 and Linksys have a default gateway (LAN IP of Router 2) specified in the WAN section.


    That'll do it, but VLANs complicates things even more. You need to figure out some way to route the VLANs and configure access between the VLANs.

    From what I've read, theres no easy way (GUI) to configure VLANs in Tomato.


    .
    .
    .
    .

    With the way your network is setup, you don't need 3 routers.

    You can use 2 routers. Place the kids network behind the modem and your network behind the kids network.

    Modem --> kids network router
    LAN port on kids network router ---> WAN port of your network router.
     
  9. garyfritz

    garyfritz Addicted to LI Member

    Yes, we *could* have used 2 routers -- except I took advantage of the separate routers to implement some access restrictions on the kids' router. It has content limitations (currently implemented by using OpenDNS's content filtering, and intercepting port 53 to prevent clever kids from setting their own DNS server), and at 8:30pm it shuts down the Internet access completely. I think that should help us manage our kids' net usage. But I don't want to manage *MY* usage, so I don't want to be behind their router!!! :)

    No, I don't think Tomato does VLANs. But DD-WRT does. I'm going to avoid that if I can.

    We definitely *do* want firewall capability in our business router (router1). We'd have protection from the Internet in the gateway router (router2), but a firewall in the business router protects us from any possible virus infections on the kids' computer. What's the advantage of running in router mode?
     
  10. jza80

    jza80 Network Guru Member

    Actually it does, but theres no easy way to configure it. You have to use scripts and iptables.

    In your case, it would be a disadvantage since you want seperation and firewalls.

    Using router mode turns off the firewall and nat.
     

Share This Page