router behind a router questions
Results 1 to 7 of 7

Thread: router behind a router questions

  1. #1
    Blast From the Past
    Join Date
    Jan 2003
    Posts
    729

    router behind a router questions

    hey all

    i recently aquired a working dlink router for free.
    wireless. which is good cause the wireless router for my family is on the other side of the house.

    anyway.

    i would like to run a router behind a router. so i can have a network i can pratice securing, destroying, rebuilding. etc..
    and allow me to simulate problems that my friends experience...*help me omg i cant connect to battle.net!"

    so this is how the network is setup




    internet ---> cable modem --> Linksys router(192.168.1.1)
    ...................................................................................|
    ...................................................................................|
    ...................................................................................---> Dlink router (192.168.0.1)

    if i have a computer connected to the dlink... example address of 192.168.0.102... and i want to connect to a web-server running directly connected to the linksys with address of 192.168.1.138... i simply type that address in the address bar, right?

    how i see it, try and follow me on this one... trying to connect to an IP on the internet from the linksys is the same as trying to connect to a comp on the linksys from the dlink... i just type in the address of that computer and NAT will find its way correctly.


    its important that i leave NAT enabled on my dlink so i can make an enviornment inside an enviornment...

    if any of this is confusing please tell me, id be happy to clear it up

    thanks for your time! hex
    work it harder, make it better, do it faster, makes us stronger

  2. #2
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    I sometimes run a router behind a router at a friend's place. He's got a Belkin and I put a Netgear wireless behind it on the Belkin's DMZ. The hardware gets a little flaky (one or the other router crashes, or the dsl modem) and it's not unusual to have to reset them several times a day. Other times they play well together. What I can't figure out is that despite being on the Belkin's DMZ, I'm always able to access the Belkin (192.168.2.1) from the Netgear NAT. I can only conclude the Belkin is a piece of junk (is Belkin Italian?)

    The second router picks up its WAN address from the first router via DHCP so you should be ok with the D-Link's NAT. Don't be surprised by having to reset one or the other unit from time to time though. Got my doubts routers were designed to be piggybacked like that but it should work for you for the most part.

    I actually did a little troubleshooting on a similar setup this weekend in a local coffeehouse. After I demo'ed some wireless linux tools (etherape mainly) a few weeks back to show the security weaknesses of wireless, the owner became concerned and bought a second wireless router (Linksys) to run behind the first (also a Linksys) on some advice he got at a local CompUSA (not my idea). He runs the first router wide open for obvious reasons (too cheap to pay for tech support?) and the second router is WPA-enabled so he can run his laptop and the office computer thru it. That setup was flaking out on him after running ok for a few days, with the WPA-enabled router unable to access the web. After some finagling and a reset or three, we got it working again. I'm not sure why his setup flakes out, but he's got a blackhat or two who pass thru from time to time (another customer, a sys admin from the local university, once warned me of at least one customer who's been arrested by the FBI). Better watch your back in those coffeehouses.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  3. #3
    Blast From the Past
    Join Date
    Jan 2003
    Posts
    729
    i had a belkin

    that thing was a router simply because it looked like one....

    if you have one i wouldnt expect much out of it...

    i have a laptop connected to the dlink wirelessly... gonna run some network tests to see wht i can see, what i cant, what i can connect to, etc...

    il report back with what i find, hey... maybe even write a tut about setting up a complete secluded networked enviornment
    work it harder, make it better, do it faster, makes us stronger

  4. #4
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Yeah, too bad they didn't make Belkins any bigger. Can't even use it as a boat anchor.

    “Everybody is ignorant, only on different subjects.” — Will Rogers

  5. #5
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    Here's how it works...

    Let's use Router-A and Router-B to describe them... The Internet Connection (Regardless of type) will be called Internet... We'll have a PC off Router A Which We'll Reference as PC-A and a PC off B that we'll reference as PC-B... We'll also have a web server on each (Server-A and Server-B)

    Let's assign IPs..

    Router-A WAN Address(70.70.70.70) Connected to Internet
    Router-A Internal Network (192.168.1.0/24)
    Router-A Internal Address (192.168.1.1)
    PC-A 192.168.1.100
    Server-A 192.168.1.101
    Router-B WAN (192.168.1.2)
    Router-B Internal Network (192.168.2.0/24)
    Router-B Internal Address (192.168.2.1)
    PC-B 192.168.2.100
    Server-B 192.168.2.101

    (attached is a diagram)

    So Everything can access the Internet. Devices on 192.168.1.0/24 will send their requests to their default gateway (192.168.1.1 - Router A) which forwards them to the Internet Devices on 192.168.2.0/24 will send their requests to their default gateway (192.168.2.1 - Router B) Which forwards on to it's default Gateway (192.168.1.1) which forwards on to the internet.

    Everything on Network B can access everything on Network A... It's forwarded to the Router B which passes it on to Router A.

    Everything on Network A can NOT access everything on Network B... The only way that devices on Network A will access devices on Network B is if they are in Router Bs DMZ or if they are on Router Bs port forwarding list...

    Essentially to everything on 192.168.1.0/24 the Internet starts at Router A and to everything on 192.168.2.0/24 the Internet starts at Router B (Not true, but the easiest way to look at it.. especially with home network devices that really aren't true routers)...

    Further clarification and notes can be provided if required...

    To give you an idea with my network..

    I've got Cable Modem..
    Cable Modem --> Linksys Wireless Router
    Linksys Wireless Router Port 1 --> HP LaserJet 4MV
    Linksys Wireless Router Port 2 --> 5 Port Switch (Uplink) (Port 5)
    Linksys Wireless Router Port 3 --> VTech Broadband Phone Router/Gateway (WAN)
    Linksys Wireless Router Port 4 --> Desktop I
    5 Port Switch Port 1 --> 5 Port Hub Port (Uplink)
    5 Port Switch Port 2 --> 16 Port DLink Hub (Uplink)
    5 Port Switch Port 3 --> Desktop II
    5 Port Switch Port 4 --> iMac
    16 Port Hub Port 1 --> Laptop I
    16 Port Hub Port 2 --> Playstation 2
    5 Port Hub Port 1 --> 3 Port m0n0Wall Firewall
    VTech Broadband Phone Router/Gateway LAN Port --> Laptop II
    Linksys Wireless Router via Wireless --> Mac Mini

    Everyone of these devices can access the internet and works just fine... My VoIP loses some quality because it's on the back end so QoS doesn't kick in, however in a couple weeks (when I finally have time, I'll be rewiring the network to put m0n0wall at the front and using it's QoS for VoIP instead of the Broadband Phone Router/Gateway that I don't necessarily trust.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  6. #6
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    While a lot has been mentioned already, I try to answer your more specific questions
    but have questions myself:

    if i have a computer connected to the dlink... example address of 192.168.0.102... and i want to connect to a web-server running directly connected to the linksys with address of 192.168.1.138... i simply type that address in the address bar, right?
    In principle, yes. But does it actually work?


    There are two fundamental issues to consider
    1. Does the Dlink-Router (192.168.0.1) know where to route traffic to? (e.g. route all traffic except for 192.168.0.1/24 to 192.168.1.1)

    Typically, yes, in particular if the "default gateway" on 192.168.0.1 is set to 192.168.1.1.


    2. Does the Linksys-Router (192.168.1.1) know where to route 192.168.0.0/24-traffic to?

    Typically, the Linksys-Router routes all traffic (0.0.0.0) to the "Internet". You have to make sure that
    the Linksys-Router routes traffic for 192.168.0.0/24 to the appriopriate router, ie. 192.168.0.1.
    Check for "static routes".


    I have no idea how "clever" these routers are. So if you encounter any problems, you may check
    for these two issues.


    how i see it, try and follow me on this one... trying to connect to an IP on the internet from the linksys is the same as trying to connect to a comp on the linksys from the dlink... i just type in the address of that computer and NAT will find its way correctly.

    its important that i leave NAT enabled on my dlink so i can make an enviornment inside an enviornment...
    Right. In principle, you have the scenario you'd like to have. The subnet 192.168.1.0/24 represents
    the Internet, while the subnet 192.168.0.0/24 is equivalent to an ordinary in-house intranet.


    Cheers
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  7. #7
    Junior Member
    Join Date
    Jun 2006
    Posts
    5
    Hey Hey,

    Here's how it works...

    Let's use Router-A and Router-B to describe them... The Internet Connection (Regardless of type) will be called Internet... We'll have a PC off Router A Which We'll Reference as PC-A and a PC off B that we'll reference as PC-B... We'll also have a web server on each (Server-A and Server-B)

    Let's assign IPs..

    Router-A WAN Address(70.70.70.70) Connected to Internet
    Router-A Internal Network (192.168.1.0/24)
    Router-A Internal Address (192.168.1.1)
    PC-A 192.168.1.100
    Server-A 192.168.1.101
    Router-B WAN (192.168.1.2)
    Router-B Internal Network (192.168.2.0/24)
    Router-B Internal Address (192.168.2.1)
    PC-B 192.168.2.100
    Server-B 192.168.2.101

    (attached is a diagram)

    So Everything can access the Internet. Devices on 192.168.1.0/24 will send their requests to their default gateway (192.168.1.1 - Router A) which forwards them to the Internet Devices on 192.168.2.0/24 will send their requests to their default gateway (192.168.2.1 - Router B) Which forwards on to it's default Gateway (192.168.1.1) which forwards on to the internet.
    This is slightly ambiguous, the traffic coming in on router-A's switch ports (i.e. the web server and computer A) will not automaticly be forwarded to Router B. If computer-A sends a request for something off of the internet it will never go to Router-B, Router-A will just send it off to the internet. If Computer-A sends a request for Server-A it will go from one switch port right into the other (into the web server).

    If Computer-B sends a request for webserver-A it will go through Router-B into Router-A and then to the webserver, if Computer-B sends a request for internet it will go Router-B into Router-A into the internet.


    Everything on Network B can access everything on Network A... It's forwarded to the Router B which passes it on to Router A.
    This is iffy sometimes, if you have Router-A's ethernet connection coming into Router-B via the Internet/WAN port it will probably work best.


    Everything on Network A can NOT access everything on Network B... The only way that devices on Network A will access devices on Network B is if they are in Router Bs DMZ or if they are on Router Bs port forwarding list...

    Essentially to everything on 192.168.1.0/24 the Internet starts at Router A and to everything on 192.168.2.0/24 the Internet starts at Router B (Not true, but the easiest way to look at it.. especially with home network devices that really aren't true routers)...
    This is very true on most home routers default OS/firmware. You can change all of this with adding your own (openwrt and the like).




    Why home router's get flaky when they are daisy chained is... the manufacturers are cheap bastards and/or they are trying to get you to buy more expensive pieces of equipment.

    There are basicly 2 kinds of protocols routed and routing. Routed is IP and the like, these are how all the PC's transfer data. Routing protocols are the protocols that are under routed protocols and control how that data makes it from point A to point B. The "home router" usually doesn't support any routing protocols, at all. If you are lucky you will get R.I.P., but not usually. These home routers are basicly super-simplified routers, or an enhanced switch if you will, they are made to route between 2 subnets and that is it (internet and your home network).

    So how does it work sometimes? If one of your Router-A's switch ports is connected to Router-B via the Internet/WAN port:

    Most routers come with NAT capabilities, so all computers sitting on one side (the LAN side) can talk to each other (if they are on the same network and subnet).

    So with NAT the WAN side (which for Router-B is Router-A and its connections, and the internet for Router-A) sees only the IP of the router and not its clients.

    So why Router-A can't get to Router-B's clients is because Router-A's switch ports are usually assumed to be on the same subnet and/or at least on the same network (192.168.0.0/24 and 192.168.1.0/24) are not the same network or subnet (this is because of the bitmask being 24 bits long, look at fix action 1 below for more explaination)! REMEMBER that most "home" routers are ment to ONLY ROUTE BETWEEN 2 NETWORKS, LAN and WAN, HOME and internet.

    Fix action 1: Router to router via ethernet (Don't forget to read action 2 too :

    Step 1: Take a ethernet cable and make a cross over cable, or buy one.
    Step 2: Connect Router-A switchport* port 1 to Router-B switchport* 1
    Step 3: Make settings on Router-B:
    Turn off DHCP on Router-B
    Set default router IP to Router-A's LAN IP
    **Optional** Set Router-B to dumb or switch mode if you can
    This way you will get an address from Router-A and all the computers will be on the same subnet and network.

    To make this work for the original question:
    Make a manual configuration on the servers and workstations, default router is Router-A's LAN IP.
    Set the machines connected to Router-B in the 192.168.1.0/255.255.255.0 network (a.k.a /24).
    And hope that your "home router" is smart enough to do routing within its switchports, if not just go for fix action 1 with all the computer's being the same network.

    Fix Action 2: Router to router via ethernet with firmware upgrade!
    Step 1: See if you can get custom firmware on your router model, I like openwrt but there are others.
    Step 2: Install custom firmware on both of the router's and setup IGRP, RIP, or OSPF (I would not recommend OSPF because of high overhead, if you only have 2 routers stick with RIP).
    Step 3: Enjoy the new autonomous network that u have.

    Fix Action 3: Router to router via ethernet with config settings:
    Step 1: You can try to add the route to Router-B's clients via route.exe in windows.
    route add "Computer-B" mask "/24" "Router-B's WAN IP"
    route add "Server-B" mask "/24" "Router-B's WAN IP"
    Like this:

    route add 192.168.1.2 mask 255.255.255.0 192.168.1.1
    Step 2: Get the mac address of Computer-B and Server-B and staticly add them to your arp cache
    arp -s 192.168.1.2 00-DE-AD-BE-EF-00
    arp -s 192.168.1.3 00-12-23-34-45-56

    * = You need the cross over cable because you are do a connection between DCE and DCE equipment so they both use the same wires for transmit and receieve on both ends. Router to switch is DTE to DCE that is why it works, they use opposite pairs for transmit and receieve.

    * = The switchports (<~-- see plural) are the ports that are physically connected like 5 all connected together, the Internet/WAN port is the loner on the far sides of the router, they are usually labeled.


    Don't be scared or freaked out by this post, I wrote it and can barely understand half of it. If you got ne more questions feel free to ask, I really have nothing better to do...

    HF

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •