Networking Issue

[wongle]

Hi there,

 

My current setup is that I have my main virgin media box box and 2 ASUS routers connected to this.

 

Virgin Media (192.168.0.xxx)

Asus 1 (192.168.50.xxx)

Asus 2 (192.168.49.xxx)

 

I have a Windows domain running on the .50.xxx subnet.

 

I am connected to the .48.xxx subnet and need to access the windows domain and services on .50.xxx.

 

I am unable to ping or access anything on .50 from .49.

 

Any ideas?

 

Cheers.

[grunger106]

I would assume there is no route defined, or a firewall is blocking the traffic.

 

You haven't specified how you've set this up, I suspect it's native lan on each router or what routers you're using

Not sure how you have this wired up VM -> ASUS1->ASUS2
Or VM ->ASUS1
      VM->ASUS2

 

More information is required - what routes have you setup, what gateways are the devices using....

 

However this isn't the way I'd go about doing this in any event, you want to have 1 router, define VLANs on it and then handle your inter-vlan traffic via the firewall in the router and have a default route pointing up to your VM box (or put it into bridge and terminate it on your router)
VLANs are what you want.
 

[wongle]

  On 25/05/2022 at 14:41, grunger106 said:

I would assume there is no route defined, or a firewall is blocking the traffic.

 

You haven't specified how you've set this up, I suspect it's native lan on each router or what routers you're using

Not sure how you have this wired up VM -> ASUS1->ASUS2
Or VM ->ASUS1
      VM->ASUS2

 

More information is required - what routes have you setup, what gateways are the devices using....

 

However this isn't the way I'd go about doing this in any event, you want to have 1 router, define VLANs on it and then handle your inter-vlan traffic via the firewall in the router and have a default route pointing up to your VM box (or put it into bridge and terminate it on your router)
VLANs are what you want.
 

Expand  

Thanks for the reply. 

 

The current setup is that 2 ASUS routers are connected by ethernet to ports 1 and 2 on the VM box.

VM ->ASUS1 (RT-AC85P)
VM->ASUS2 ( RT-AX88U)

 

I have not setup routing and don't have the option to create a VLAN (or can't find it lol)

 

Cheers.

[Ixion]

I'm assuming you've set the subnet mask to 255.255.0.0 to allow the two subnets to talk to each other?

[StrikedOut]

Why the 3 subnets and how many devices on each subnet?

What is the output of  ipconfig /all on both your PC and server?

[grunger106]

It's not going to work like that

 

I'm not sure if the VM box is also a router, I'm assuming it is.
To add to this mix you are also NAT'ting

Router A - WAN IP will be 192.168.0.x
Router B - WAN IP will 192.168.0.X

The VM box can send traffic to 192.168.0.x devices, but your client devices are unknown to it, the reason it is working is your routers are NAT'ing the traffic to their LAN side interfaces.
Webtraffic will work as the client device will go through NAT up to your VM box and back with a NAT translation on the way back, you aren't going to be doing that with 2 internal networks.

What you are currently asking the kit to do is

Machine with router A as a gateway, sends traffic destined for network B, it will send this request to it's default gateway (router A) and router A will check it's routing table and find it does not have a route to this network so it will send it to it's default route which will be up the VM box
The VM box will not know what to do as it knows about 1 internal network 192.168.0.X and it's only other route is 0.0.0.0 up the WAN interface

 

The same applies to a machine connected to router B.

Changing subnet masks isn't going to help you, there simply isn't a route.

To make this work you need a device that knows BOTH networks (or has onward routes to something that knows each of them)

The easy way to do this is define both networks on one router - LAN1 and LAN2 and uplink into the VM box, but it's quite a blunt method.

Or more correct and flexible method is to do it with VLANs

VM Box in bridge mode
Router/Firewall device that supports VLANs
VLAN10 - 192.168.49.X
VLAN20 - 192.168.50.X

Set a firewall rule in the router to allow/disallow traffic between the VLANs as required

L2 switch with a uplink into the router tagged with VLAN10 and VLAN20
Untag each port with VLAN10 or 20 as appropriate and plug your devices into the appropriate port.

There are more complex ways which involve static or dynamic routing, but they're overkill for this


 

[+BudMan MVC]

First thing I would ask is why you have it setup like that in the first place?  Why are you trying to segment your devices into multiple networks, if your not going to route between them, etc.

 

If you needed more ports or wifi coverage, why would you not just use switches and or access points.  Soho wifi routers normally have no actual ability to actually route, and they always nat, and they do not support vlans, etc.   And when you can add route to a downstream router, its always going to be asymmetrical because there is no ability to create a transit network.

 

If your goal is for stuff to talk to each other.. Why would not just use these asus routers as Access Points and put everything on you 192.168.0 network?

 

What is the goal here, do you want a properly setup network with multiple segments that you can route and firewall between your segments.  Or do you just want stuff to be able to talk to each other, and what you currently have setup you don't know how to do that?