Dual router port forwarding

Discussion in 'Networking Issues' started by jackfrost, Nov 13, 2006.

  1. jackfrost

    jackfrost Network Guru Member

    Ok, so I have two routers, both running DD-WRT v23 SP2 (09/15/06) std, each with a different dsl line.

    Say... DSL1->R1->Switch<-R2<-DSL2

    R1=, R2=, same subnet mask, etc

    All the computers are currently set up to use R1 as default gateway, etc.
    If I set up forwarding on R2 to forward to any of the computers, nothing happens (times out), even though I can remotely connect to the router on any port, and I can ping from the router to any of the computers.

    I'm guessing its some kind of routing issue that needs to be fixed by static routing... But nothing I've tried seems to fix the issue.

    Funny thing is, I'm pretty sure the last time I did something similar, it just worked without any fixes...

    Anyone have any ideas on what to do to fix it?

  2. ifican

    ifican Network Guru Member

    First off can you be a little more specific in what you are trying to achieve. Secondly here it is in a nutshell, as you stated all computers use R1 as default gateway, therefore your source ip for all internet bound traffic is the wan interface of R1, which means that all traffic comming back to you will come back via R1, bypassing R2 all together. (hows that for a run on sentence) So unless you send traffic sourced from R2 no matter what you portforward in R2 will matter.
  3. jackfrost

    jackfrost Network Guru Member


    I'm trying to connect to the external ip on router2 for ssh, which is forwarded to a computer that has router1 as the default gateway.

    I thought, and I could very well be wrong, that since the connection is coming from router2 it would respond via router2, even if the default gateway is pointing to router1. (Sourced via router2).

    I could have sworn I've done something similar to this before, and it worked...

    Thanks for answering!
  4. ifican

    ifican Network Guru Member

    Give me a little time and perhaps something will come to mind in regards to getting this to work the way you want, right now im a little groggy as i have been up since 2:3OAM. But that being said your half right in your reasoning, I tend to get really technical when i get tired because its the fastest way to say it but i will try to still keep it simple. When a packed is sourced somewhere out on the internet, its source address (the address it is sent from) never changes. And thats the quick and simple reason why you are not working the way you want at the moment, the pc sees the source, looks at its routing table sees it doesnt know how to get there and then immediately sends it to its default gateway to be sent back out. So at the moment your packet comes in R2 to the host, then gets sent back via R1. Enterprise class firewalls will not allow this type of traffic as it is considered one way and thats a no no. Now how does a soho type device handle it i am unsure but it sounds like from what you are saying it does that too. Now when you log into R2 and ping the host, the source at that point is actually R2, since the host is directly connected to R2 via the switch it knows how to get back and promptly replies to the ping requests.
  5. jackfrost

    jackfrost Network Guru Member

    Yeah, everything you've said makes sense... I'm not sure how I did it before (was a few years ago), its just frustrating that I can't do what I want...

    I think I'm going to try the dual wan layout @ http://www.dd-wrt.com/wiki/index.php/Dual-WAN_for_simple_round-robin_load_equalization but I'm not exactly sure if it will do what I want, or what else it might screw up... especially since in the firewall script, it calls, and my network isn't layed out that way, not to mention I don't know what is supposed to be there.

    Anyways, thanks for the quick responses and help, I appreciate it... any thoughts, let me know.
  6. ifican

    ifican Network Guru Member

    Ok this could get a little crazy, out of the box or whatever you want to call it. A couple things just came to mind, now since i dont know whats being seen right at the moment i can only speculate. If you are comming from the same host or range of hosts on the outside, you could effectively add a static route to the machine you are trying to ssh too telling it if it sees sourced traffic from this domain (x.x.x.x) then send it back to R2. That way your traffic comming from R2 would be sent back to R2 thus circumventing the one way traffic issue.

    The other way is a bit more out of the box and is only a theory at this point as i have not tested it. In a "true" router, a router will load balance equal cost routes. I am wondering what will happen since you already have point to point connectivity between routers via the switch, if you added a static default route to R1 pointing it at R2. The cost should be equal to the default route already present and if the router code is made to work like a standard cisco router it should work. (now you may have to put R1 and or R2 in router mode but that should not affect anything) Depending how / if that works out I have a few other things in mind but I will not at this time confuzle this up any more than I probably already have for most. If you decide to go down that road let me know how it works out.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice