acceessing one router through another router??

Discussion in 'Tomato Firmware' started by stevesemple, Feb 3, 2009.

  stevesemple

    stevesemple

    I have two routers, The first (1) is connected to the cable modem doing dhcp. []

    The second router (2) is connected via the wan port to a lan port on (1) and its ip is [] Again doing dhcp. This is a Linksys tomato router.

    I want to get at the web interface of 2 from my computer on 1. I cant seem to do this.
    I have opened the wan port on 2. But when I try to connect from a computer on 1 by going to i get nothing.
    What am I doing wrong. Both nets can surf the web happily. I can access the web interface of router 1 from 2 but not 2 to 1.

    I understand why you can't get at computers from 2 but again if I have allowed web admin access on the wan port of 2, I should be able to access it cause its just like opening the admin access to the internet if this router was connect to the cable modem, which is what you would normally do if you wanted to access it from the WWW.
    Both routers seem to clearly tell me what its "external" address is . eg that it has been asigned automatically by 1. The tomato router tells me the vlan is and the first router shows something (presumably the second router) as being a connected device of

  dadaniel

    dadaniel

    It is usually better to avoid this "double-NAT" configurations.

    Disable DHCP-Server on (2) and plug it to (1) over the LAN-Ports of both routers
  michse

    michse

    your info about ip adresses is not enough. the second routers ip is - lan or wan? if lan you take the wrong. you have to take the <wan ip>:8080 of the 2. router

  stevesemple

    stevesemple

    Please correct me if Im wrong but, I want two separate networks. If I do as you have said It will indeed work but it will not be two separate networks. The second router (2) will basically be acting as a simple router or switch(although I Know its not a switch, I say that because thats basically what you are using it for. )

    Thank you.
  stevesemple

    stevesemple

    The second router is set up to do dhcp the lan ip address is, it distributes ip's from to

    The wan ip address which seems to be given dynamically by the downstream router connected to the cable modem is

    I believe what you are saying is that should work then. I concure.

    However I have tried this and it doesnt seem to work for me. Even when I try to ping the wan port ( of (2) from computer on router 1 I dont get a response. Not sure what to test next.

  michse

    michse

    yes, I mean should work. give the 2. router a static ip, dhcp is not good at this point because of failure. the 1. router can give dhcp to the machines but not to the 2. router. this ip should be not in the dhcp range. in the wan section of 2. router you change from dhcp to static and put the adress in (and subnet, gateway)

    in administration->admin access->remote access is http or https your choice and the port is 8080 or what you want. in your browser you have to do or to ping the 2. router from wan side you should enable under advanced->firewall "respond to ICMP ping".

    dadaniel takes two things together. he said, turn of double nat. this is ok, but it works with double nat too. change under advanced->routing from gateway to router and you did it. you have two networks (192.168.0.* and 10.*) or broadcast domains. if you change the cable from wan port to lan port, you have only a switch.

    in router mode I dont know which adress you should use lan or wan of the 2. router. booth should work I think.

  stevesemple

    stevesemple

    Thank you for your answer. Im not at the location right now so cant test it. But I will this evening and will get back to you'all to confirm my results. Hopfully this will help others who might learn from your advice.

  wittereus

    wittereus

    I use a configuration like Michse explained.
    I set up WAN ip of router 2 to be DMZ in router 1.
  stevesemple

    stevesemple

    Im not sure how you do this? You mean on router 2 you have done this?

    Why would you do what you have suggested ??

  Mercjoe

    Mercjoe

    This sounds similar to the setup I have. I have a ADSL modem that has a DHCP server in it as well that can not be turned off.

    The default network IP on the DSL modem is 192.168.1.X

    On the Tomato router I had to make a totally different network IP. In my case I made it

    Then, in the ADMIN-->scripts--> Firewall of the Tomato firmware I added this script:

    iptables -I POSTROUTING -t nat -o vlan1 -d -j MASQUERADE

    In the ADMIN-->scripts-->init I have this:

    sleep 5
    ip addr add dev vlan1 brd +

    After this, if I need to access my DSL modem I just enter a and I am at the DSL modem control panel. To access the router I just like normal. (remember to reboot your router first)

    I have the DSL modem plugged into the WAN port of the router. WHY my DSL modem has a DHCP server in it when it has ONE ethernet jack is beyond me. I just had to learn to deal with it.
  stevesemple

    stevesemple

    Zouns.. sounds like a lot. I'm just new to tomato so there is too much for me there. By the way I think if I read you right you have my configuration wrong I have 3 devices in total. a cable modem owned by the cable company, then a router (1) and then another router (2)

    My results were mostly successfull that michse gave. However. It did not work unless I manually entered a static dns address. It does not seem to be picking up the dns address from the downstream router. I would prefer not to have this as, dns's change. I should say that I DO have a STATIC IP in the first router, but do not want to put a static dns in the second. Can anyone advise me on this. How can I get the second router to pick up the dns from the first?

    Oh and by the way michse, If I understand you right, I dont have the Advanced/Routing/Miscellaneous /Mode set to router, but rather gateway. Although maybe I've miss understood you on that final point you made.

    Currently I can access the router by using (the static ip i gave the (2) router.

  Mercjoe

    Mercjoe

    Ok, it was the dual routers that confused me. I should have read your initial post more thoughly.

    To be honest, and I hate plugging another firmware, but I would look at DD-WRT. It has the ability to easily configure VLANS. This allows you to set different ethernet ports to different subnets. This would simplify your network management as well as avoid problems inherent from having the double NAT.

    You CAN set tomato to do VLANS via command line by manipulating the IPtables. But if you thought my above post was complex, you would not want to look at what you have to do to get it working in Tomato.

    Good luck
  stevesemple

    stevesemple

    Thanks. Im new to all this dl of software for routers. Im a little nervous that Im going to do something that will make my router a shelf ornament. I have no experience with dd-wrt so downloaded tomato because it seemed most popular.

    One added question i have which anyone can answer, besides my problems with dns is.
    A. If you are using your router simply as a switch on lan ports should (can) nat be turned off just to reduce overhead, since the first router at the start of your network is doing all the nat stuff.

    B. If you are doing something like im doing two networks, should you still turn it off since as above the router upstream is doing this. Im really looking to improve performance in an office where there are several routers set up as swtichs. This is really a legacy thing that I have inhereted.

    C. Perhaps this should have been the first question but is nat only performed on the wan port. So if you are not using the wan port then you can leave it on or off it really doesnt matter because its not doing anying to the signal.

  Engineer

    Engineer

    a: yes
    b: I think so, but you would have to connect via LAN ports (I think) or possibly a different setting (other than DHCP) for the WAN port - others please chime in.
    c: yes (as far as I know). There should be no NAT processing between lan ports (or wireless lan either) unless they are going to/from the WAN port.
  stevesemple

    stevesemple

    Thanks for that.
    So to answer my own question regarding dns. I didnt want to have to put a static dns number in my tomato router, i just wanted it to pick up the dns from the downstream router on the other subnet.(which it wasnt doing) To resolve it I simply put the address of the downstream router IP ( into my static dns settings and that seemed to work. I guess it see's the other router as the access point to net and somehow picks it up there.
