[Curly]

I have two routers that I need to have on different subnets. The secondary router can see everything on the primary, but the primary router cannot ping the secondary or access machines on it. My setup is as follows.

Primary router: 192.168.168.0/24
local address: 192.168.168.1
gateway 192.168.168.1
DHCP: 192.168.168.100-102
static IP for secondary router: 192.168.168.150


Secondary: 10.13.37.0/24
Local address: 10.13.37.1
gateway 192.168.168.1
DHCP: 10.13.37.100-102


The WAN port of secondary is connected to LAN port on primary.

I suspect that I need to set up a static route somewhere for machines on primary to see machines on secondary. But where? And how should it be configured? I have tried numerous possiblities, but nothing has worked.

Any help is greatly appreciated!

[SmallNetBuilder]

Are these two NAT-based routers? If so, the secondary's firewall is blocking traffic.

What are you trying to do with the two subnets?

[Curly]

Yes, they are two NAT-based routers.

I have a VPN server on the 192.168.168.0 subnet, and the only way that I can test it (without needing a separate ISP access) is to have the client on a separate subnet.

[SmallNetBuilder]

You should be able to at least ping the secondary router's WAN IP. Make sure that the second router isn't set to block WAN pings.
Since you're testing VPN (IPsec or PPTP?), you don't want to forward ports or put the test client in DMZ.

[Curly]

I cannot ping the WAN IP on the secondary, and I do not see a setting for ping reponse on it.

I am not forwarding any ports, nor is anything in DMZ.

[SmallNetBuilder]

What make and model are the two routers?

[Curly]

WRT54GL using DD-WRT v23 SP2

[TerryNet]

"... primary router cannot ping the secondary or access machines on it."

I'm pretty sure that the ping feature some routers have is for pinging on the WAN connection. Other computers connected to the primary should be able to ping the secondary router's WAN address.

One of the things that makes a router a router is its NAT layer, which acts as a natural firewall. From the WAN side you cannot initiate access to devices on the LAN except by using the DMZ or port forwarding.

[Courtneyc]

How is the secondary router getting to the primary? The gateway address of a network must actually be on that network. The secondary router has an invalid gateway address (unlike the first one). The inside address is on the 10.13.37.0/24 network. The outside appears to be on the 192.168.168.0/24 network. Is this the case?

If it is, as I said, the inside gateway of the secondary router is incorrect.

Courtney

[Curly]

I have multiple machines on the secondary router, not to mention ones that will occasionally use it and are assigned IPs through DHCP. So, I will need to forward all traffic for the entire subnet. Port forwarding cannot accomplish this.

This is why I believe that I must set up a route in the routing table. I believe it should be on the primary router, routing 10.13.37.0/24 over to the secondary router. But I can't get it to work.

[Curly]

Quote:

Originally Posted by Courtneyc

How is the secondary router getting to the primary? The gateway address of a network must actually be on that network. The secondary router has an invalid gateway address (unlike the first one). The inside address is on the 10.13.37.0/24 network. The outside appears to be on the 192.168.168.0/24 network. Is this the case?

If it is, as I said, the inside gateway of the secondary router is incorrect.

Courtney

If the secondary shouldn't have a gateway of 192.168.168.1 (the primary router's IP), what should it have?

I am not sure what you mean by 'inside' and 'outside'.

[SmallNetBuilder]

Static routes are not going to work through a NAT firewall. If you are setting up a VPN tunnel, won't the machines connect via it?

[Curly]

Actually, I was finally able to set up a static route to the subnet on the secondary router, and now both the router and all machines respond to ping. But I'm still not able to perform file sharing from primary to secondary. I think it may have something to do with NetBIOS and needing a WINS server to redirect through routers. . I don't have a server OS, so if it is true, I won't be able to do it. I'm not clear about this, though, so I need to continue researching it

Yes, the machines of the secondary could tunnel to the primary through the VPN - if they are configured as a client. But not all will be clients.