Router to Router using Gateway mode

[medora]

I currently have a Linksys Router connected to my cable modem. All is working well. However, I want to do the following:

Install a second router and have it act as a gateway to the first router in the same way that the first router is a gateway to the Internet.

Can I run a cable from a LAN port on router 1 to the WAN port on router 2? If so, should this be a patch cable or a crossover cable?

I have searched the forums and only found discussions on connecting 2 routers in Router mode. I need to do Gateway mode for reasons that are too complex to explain here.

Thanks for any help or links you can provide.

[YeOldeStonecat]

We've had lots of discussions here about a router inside of another router, both in gateway mode. By default home routers are run in gateway mode.

It's not an issue, just have different IP scopes on each one.

Example: Router #1...the one that's connected to your broadband modem, the LAN side of that router is 192.168.0.1, which serves a network of 192.168.0.XXX.

One of the LAN ports has a cable that uplinks to the WAN Port of Router #2
The WAN port of Router #2 is set to a static IP like 192.168.0.11, or simply just "Obtain IP automatically". The LAN side of router #2 is set to a different IP scope than router #1, something like 192.168.1.1, serving up it's LAN of 192.168.1.XXX.

Works fine, I do it all the time. Have a Netgear RT314 right next to me that I build or work on clients machines from, so they're separated from the network in our building, which itself is NAT'd.

[lenwest]

To YOS:
If the 2nd router is set to a different IP scope than router #1 (with the numbers you set out), does that mean that all computers plugged into router #2 can only see each other and can't see computers plugged into router #1 (and vice versa)?

I assume they can all have Internet access.

Would you use DHCP on BOTH routers or assign IP's? I had thought it best to only have 1 DHCP server going at once - but would the different IP scopes of the 2 routers allow each to have a DHCP server??

I look forward to your reply

[newbie1]

We've had lots of discussions here about a router inside of another router, both in gateway mode. By default home routers are run in gateway mode.

It's not an issue, just have different IP scopes on each one.

Example: Router #1...the one that's connected to your broadband modem, the LAN side of that router is 192.168.0.1, which serves a network of 192.168.0.XXX.

One of the LAN ports has a cable that uplinks to the WAN Port of Router #2
The WAN port of Router #2 is set to a static IP like 192.168.0.11, or simply just "Obtain IP automatically". The LAN side of router #2 is set to a different IP scope than router #1, something like 192.168.1.1, serving up it's LAN of 192.168.1.XXX.

Works fine, I do it all the time. Have a Netgear RT314 right next to me that I build or work on clients machines from, so they're separated from the network in our building, which itself is NAT'd.

Sorry to hijack thread, But I found your post post interesting and I decided to try it. I've messed around with the settings a little bit, and everything is working. I have 1 question though...

Router #1 (connected to internet) can't ping LAN machines on Router #2, but Router #2 can ping and access machines on the LAN of router #1.

I can ping the WAN IP of router #2 from router #1, I just can't access the LAN part of it.

How do I make it so Router #1 can ping (access) machines on the LAN side of Router #2?

[YeOldeStonecat]

To YOS:
If the 2nd router is set to a different IP scope than router #1 (with the numbers you set out), does that mean that all computers plugged into router #2 can only see each other and can't see computers plugged into router #1 (and vice versa)?

I assume they can all have Internet access.

Would you use DHCP on BOTH routers or assign IP's? I had thought it best to only have 1 DHCP server going at once - but would the different IP scopes of the 2 routers allow each to have a DHCP server??

I look forward to your reply

"YOSC"...as "YOS" is another member here (Yard of Stuff)

And some of this reply will answer your question "Newbie1".

Anyways, yes, computers behind Router #1 will only see each other, because they are their own unique network (192.168.0.XXX). And computers behind Router #2 will only see each other (by default....more on that in a minute). (192.168.1.XXX)

The WAN side of Router #2 is separating the networks, it's doing its job of preventing outside traffic (the router 1 network in this example) from seeing the computers behind router 2. Just like any NAT router on a basic LAN, the internet cannot see computers on your network. Well same thing here...except "the wild side" of router #2...is actually the LAN side computers behind router #1.

But.....computers behind route #2 can get to computers behind router #1...by opening them up by IP address. Remember, home routers allow traffic outbound....they just don't allow traffic inbound. That's why computers behind router #1 will not be able to get a reply from pings or browsing requests to computers behind router #2. Router is doing it's job...it's a NAT router, and it's in the way. You won't see them in network neighborhood (I recon you could get them in there if you used some hosts files)...but you should be able to open them up just by typing \\192.168.0.100\nameofshare Or run PcAnywhere or VNC hosts.

[newbie1]

you're are the man YOSC! thanks for help!

IMHO with all the help and explanations (with your wide range of experience) you've shared here on the forums, you truly deserve a reward, keep up the great work

[lenwest]

YOSC ( I stand corrected)
Thanks so much for the clearly written answer. I even understand the logic now. Now that I read the answer, why did I ask the question?? It's logical!

[JackMDS]

Adding to YOSC notion about VNC.

You can transfer files from #2 to 1 against the NAT by using VNC transfer capacity.

VNC is a free remote program.

You can open one port on each computer (not the same), and by using the second Router’s WAN IP ant the port number you would be able to connect to a specifi computer.

More detail here (it is the same idea as the Internet connection).

Link to: Ultr@VNC - Installation, and Settings.

[newbie1]

But.....computers behind route #2 can get to computers behind router #1...by opening them up by IP address. Remember, home routers allow traffic outbound....they just don't allow traffic inbound. That's why computers behind router #1 will not be able to get a reply from pings or browsing requests to computers behind router #2. Router is doing it's job...it's a NAT router, and it's in the way. You won't see them in network neighborhood (I recon you could get them in there if you used some hosts files)...but you should be able to open them up just by typing \\192.168.0.100\nameofshare Or run PcAnywhere or VNC hosts.

I've run into a problem.

I'm able to connect to computers on router #1 with \\ip address(from router #2), but I can't connect to any of the ip addresses on router #2 (from router #1). Is this the nature of NAT? is there any way around it?

[lenwest]

Newbie 1:
If I understand YOSC's reply, that's what you would expect if you run different IP scopes on each router.
If you want to access both sets of computers - each way, then the 2nd router should be set to obtain an IP automatically and not run DHCP.
The 1st router could be set to use DHCP (or you could of course allocate the IP's manually within the same scope) and that would distribute the IP's on the same scope to all computers - no matter which router they are attached to.
That should open it all up on the entire LAN.

[YeOldeStonecat]

I've run into a problem.

I'm able to connect to computers on router #1 with \\ip address(from router #2), but I can't connect to any of the ip addresses on router #2 (from router #1). Is this the nature of NAT? is there any way around it?

That is correct....read my above reply again. Router #2 is simply doing what it does...preventing ANY/ALL traffice from its WAN side from getting to its LAN side.

Routers with NAT firewalls are 1-way....all traffic from inside can go out and return. All traffic from the outside is stopped, except for specific ports that you manually open/forward, or bypass by DMZ'ing.

[newbie1]

My router doesn't have DMZ (not sure exactly what that is), manual for router doesn't mention anything about DMZ.

The thing is I want my computers from router #1 to be able to print off the printer on Router #2 (Printer connected to PC)...

I have PC anywhere, think that will do the job? list of other suggestions?

[YeOldeStonecat]

I have PC anywhere, think that will do the job? list of other suggestions?

PcAnywhere printing could do it...it's not a ball of fire, but it can do it. Forward the ports on router #2 to the LAN IP (ideally static) of the print host.

But in this situation...if you want that much interoperability between these two networks.....you might be better off stepping up to 10,000 feet and looking at your overall goals for these two networks...and looking for a more simple approach.

[newbie1]

PcAnywhere printing could do it...it's not a ball of fire, but it can do it. Forward the ports on router #2 to the LAN IP (ideally static) of the print host.

But in this situation...if you want that much interoperability between these two networks.....you might be better off stepping up to 10,000 feet and looking at your overall goals for these two networks...and looking for a more simple approach.

I like the way it's setup right now. I want to isolate one network for my personal computers and the other network for a WAN project I'm doing with my friend (for security).

The thing is that I only have one printer and that's going to have to stay on the "personal network". On the "WAN project" network I want to be able to print too.

what other simple approach is there?

Objective:

Isolate networks for security and able to print from one of the networks that is behind a NAT.

PcAnywhere printing could do it...it's not a ball of fire, but it can do it. Forward the ports on router #2 to the LAN IP (ideally static) of the print host.

what ports do i forward?

[JackMDS]

May be this can Help.

Link to: Cable/DSL Routers - NAT & Ports.

[YeOldeStonecat]

what ports do i forward?

5631/5632

http://www.speedguide.net/read_articles.php?id=177

What other approaches are there? Have one router, one network, and setup VLANs is one approach.

http://www.cpx.com/proddetail.asp?c=Switches&e=81

Work with binding an exclusive group of computers to another protocol for peer to peer, like bind to NetBEUI, unbind from TCP.

Without knowing your exact setup...those might be two options for ya.

[newbie1]

Sent a .bmp link to your PM box, so you can view my network setup.

better yet here lol:

http://s94825039.onlinehome.us

I want to find an easier alternative way with my existing hardware (not in my budget to buy hardware right now).

objective: Have 2 networks or some way to isolate the "private computers" from those 2 computers on the rt311 network. I want the Rp114 network to be private and secure...I want the only printer on the network to be used by both networks, preferably to stay on that network because that computer has files to be shared on the RP114 network.

this is more of a project for me than something that "has to be done". On my way to becoming a network admin/network engineer

[YeOldeStonecat]

Ahh I see after looking at it.

Alternatives...what OS's on the computers? What about just managing who see's who through local accounts using NTFS permissions?

The only other thing I can come up with, and this depends on the physical layout, is sling that printer away from WS4, and put outside the RP114 router on a print server so it's on the same IP range as the RT311. I haven't done that before...but it "should" work.

I can post your image here if you like, it's class C subnets, so we're not giving away any secrets here, just asking your permission first.

[newbie1]

Ahh I see after looking at it.

Alternatives...what OS's on the computers? What about just managing who see's who through local accounts using NTFS permissions?

The only other thing I can come up with, and this depends on the physical layout, is sling that printer away from WS4, and put outside the RP114 router on a print server so it's on the same IP range as the RT311. I haven't done that before...but it "should" work.

I can post your image here if you like, it's class C subnets, so we're not giving away any secrets here, just asking your permission first.

sure you can post the image here, don't mind at all

Most of the computers right now are running Windows XP (NTFS), and the VPN is WIn2k advanced server, and so is the 'Server' on the RT311 network. Keep in mind I will be installing RedHat 9 in place of XP on 2 of the computers in the very near future. (connected to workstation-1 on Rp114, and workstation-6 on Rt311)

Moving the printer to the RT311 network is a problem, because I have no room on where to put that printer. Where the printer is now (workstation-4) is the perfect place. It's a Minolta 1250W laser printer.
*edit reading your post again

Know of any print servers that will support this printer? (preferably the cheapest price ) If the price is right, i'll just buy a long cat5 cable and hook it up....*looking at the hub* damn... it's a 4 port 10Mb hub, and all the ports are used up I guess i'll upgrade the hub to an 8port switch soon

"What about just managing who see's who through local accounts using NTFS permissions? "

i'm not going to go with that approach just yet, but where can I find more info on that just in case I look up on it in the near future? i'm curious to see how it would work

[YeOldeStonecat]

"What about just managing who see's who through local accounts using NTFS permissions? "

i'm not going to go with that approach just yet, but where can I find more info on that just in case I look up on it in the near future? i'm curious to see how it would work

Helmig's site is one of many great resources with good "step by step" screenshots.

http://www.helmig.com

Basically with Windows NT, you have have a large peer to peer network, with file shares, and control who gains access to whatever shares you have, based on user accounts.

Joe can access files on Tonys and Beths computers, but not access files on Tom or Dicks computers. Beth can access files on Tom, ****, and Joe's computers, but not Tonys, etc etc. Whatever you set!

Any Windows NT based OS can control this. By Windows NT based OS, I'm talking about NT 3.5, NT 4.0, Win 2K (which is really NT 5.0), and WinXP (which is really NT 6.0).

[newbie1]

ohh I thought you were talking about something else...I guess it was the way your wording looked like to me...didn't get much sleep and i'm really tired

yeah that's How i set it up before segregating my computers into 2 networks.

Actually that's how they are setup now, but in 2 separate networks.

thanks for the link though, it's handy to refer back to it or share it with others who need help


Now i'm looking for a compatible print server for my printer

can't seem to find anything on google "Minolta 1250W+print server"

[g-c0de]

You can port forward NETBIOS's ports (137-139 for file and printer sharing) on router 2, and use YOSC suggestion of using NTFS permissions to secure the share on your box connected to your printer. Although it's not completely secure, I suggest you use a strong password scheme if you're that paranoid.

beats buying more equipment