Ive got a routing problem that has been perplexing me for months, wonder if anyone can help. I am a relative MT Newbie
About my MT and network environment:
RB2011L
Running 6.43 (Stable)
Eth 9 is LAN with networks 192.168.1.0 - 192.168.6.0
Eth6 is WAN to ISP
Eth1 has a non-external but routable IP of xxx.xxx.xxx.233/29 and is ethernet connected to a ASUS RT87U wireless Router (see below)
The purpose of the RT87U is it does OVPN with a VPN service over UDP.
The RT87U has a static WAN address of xxx.xxx.xxx.234 (incremental to the above) and does NAT for the 192.168.7.0 network. Note the xxx.xxx.xxx.233 address on eth1 on the MT serves as the Gateway for the ASUS router.
The problem:
Pinging the 192.168.1.0 network from a client that is connected to the ASUS router i.e. (192.168.7.xxx), works without issue due to static routing on the ASUS router and a firewall rule on the MT allowing the xxx.xxx.xxx.234 address into my MT LAN.
However, Pinging from the 192.168.1.0 network to any client on the ASUS Router does not work
Things I have tried:
Obviously a static route entry in my MT:
a) xxx.xxx.xxx.232/29 GW:Eth1 pref source xxx.xxx.xxx.233
b) 192.168.7.0/24 GW:Eth1 no pref source
Pings I have tried to narrow down the problem:
MT can ping xxx.xxx.xxx.234 (ASUS Router WAN Side)
MT Cannot Ping xxx.xxx.xxx.233 eth1 port or gateway for Asus router
MT can ping 192.168.7.0
Client on 192.168.1.0:
Can Ping xxx.xxx.xxx.233 which is the MT eth1
Cannot ping xxx.xxx.xxx.234
Cannot ping 192.168.7.1
All firewalls have been disabled on the ASUS router
I hope this makes sense and would really appreciate any help
Theoretically it should be doable, but not sure what’s possible configuration-wise on Asus. MT can do “anything”
Asus needs to know how to reach 192.168.1 & 192.168.6
This means additional route entries for both networks pointing to ip of MT (xxx.xxx.xxx.233)
you need to disable NAT for these destination networks
MT needs to know how to reach 192.168.7
this means additional route entry pointing to ip of Asus (xxx.xxx.xxx.234)
you need to disable NAT for this destination network if applicable
Thank you, I have a feeling that disabling NAT on the Asus will work and I will confirm possibly tomorrow. Having said that if I disable NAT on the Asus this means I will have to allocate each client an “public” IP from my 233/29 range correct?
If so I don’t have many, is there a way round this?
What you need to do on Asus largely depends on what’s between MT and Asus. If there’s lots of routers that might have their own idea about what to do with passing packets, then you have to create a tunnel between Asus and MT. If the connection between Asus and MT is really transparent, then simply routing should do, no need for NATing anything on Asus.
The bottom line is this: if a device (i.e. Asus) performs NAT for whole subnet (i.e. it’s not 1:1 NAT), then it is not possible to connect individual hosts in that subnet directly (i.e. using their “real” addresses), the only possibility is to establish port-forwarding.
Hence my “but not sure what’s possible configuration-wise on Asus”. Best solution would be if you could disable NAT if destination network is .1. or .6., and otherwise do nat.
Thank you guys I am back now. Ive disabled NAT on the Asus and I would have thought that it should force me to give a different DHCP range rather than 192.168.7.0 but it didnt.
Just to confirm and a silly question I know, but if I am disabling NAT then I have to allocate routable “external IPs” correct? Which in my case would be xxx.xxx.xxx.235 - 238