Sign in with
Sign up | Sign in
Your question
Solved

How to Connect 2 Different LAN

Last response: in Networking
Share
April 9, 2013 1:06:08 AM

I'm in a Office where 192.168.2.1 Network with a Router and Switch with 10 people. On the Same Floor, there is another Company, with 192.168.1.1 Network with a Router and switch with 16 People. Both Company is Under One Management. Then also using different Internet.

Now planning to Purchase FOCUS ERP Software with One License to use on both Company.

How can I connect this two network, so when I ping from 192.168.1.1 to 192.168.2.1 , I get Pinged?

Please help. I can pull the Network cable from here to there.

More about : connect lan

April 9, 2013 1:59:23 AM

jaabi379 said:
I'm in a Office where 192.168.2.1 Network with a Router and Switch with 10 people. <...> another Company, with 192.168.1.1 Network with a Router and switch with 16 People. <...>
How can I connect this two network, so when I ping from 192.168.1.1 to 192.168.2.1 , I get Pinged?

Assume
Gateways are 192.168.1.253 and 192.168.2.253
New server on 192.168.1.252

You need a "route" between the two networks that is set up on the routers. Your routers are key, as generally only enterprise class routers support what you need:

On the ..1. network where the new server is, one port on the router need to be given a reserved IP address from the ..2. network - call it 192.168.2.251. NOTE this is a PORT on the 192.168.1.253 router. Cable this port back to the switch on the ..2. network.

On the ..2. network you then need to define a route for traffic from that network to traverse to the new server .1.252 VIA the port on the ..1. network you just set up (192.168.2.251). Depending on the router, that might need to be an entry for each client, or an overall route on a mask...

I've done this on Nortel kit connected to just about anything, and using WatchGuards. It is possible to do the routing at a point inside the router if you have a hardware proxy or firewall with added capabilities.... I believe it's also possible using small specialist routers running pfsense/iptables/monowall etc which are *way* cheaper than WatchGuards or Nortel routers :) .

Good luck
m
0
l
April 9, 2013 8:23:26 PM

Yes you can,

You only have to chose which internet you will use, you have to choose only one intrnet and that is going to be your default gateway. This way you will have two connections, wit the internet you choose.

Else, if you use DHCP for both connections, you have no control on which internet you will use since your computer will choose it for you.
m
0
l
Related resources
April 9, 2013 10:10:20 PM

If these are independent networks, you can connect them to each other like any other networks, using an ordinary router! Let’s call it the “shared” router. The tricky part is properly configuring it.

You connect the WAN of the shared router to a LAN port on the router of network 192.168.1.x, and connect a LAN port of the shared router to a LAN port on the router of network 192.168.2.x.

[192.168.1.1](lan)<-- wire -->(wan)[shared router](lan)<-- wire -->(lan)[192.168.2.1]

So now you have a physical path between the networks. The shared router acts as a gateway between them. The problem is that clients of either network don’t know that this gateway exists. By default, any network whose whereabouts are unknown will result in the client passing the request to its default gateway (usually its own router). But the router doesn’t know where the other network is either. So you need to add static routes to each network’s router so it can locate the other network, using either the WAN or LAN IP of the shared router, as appropriate. Also disable the shared router's DHCP server (we're not using it to support its own local network, it's ONLY a gateway). Finally, it works a lot smoother and easier if you drop the firewall on the shared router and disable NAT.

It sounds more complicated than it really is. All you’re really doing is defining a new gateway and using a third router to support it, and updating each network’s router so clients of that network can find that gateway and thus access clients of the other network.
m
0
l
April 9, 2013 10:27:11 PM

I have not interpreted the question the same way...
m
0
l
April 9, 2013 10:31:24 PM

s-h-a-w-n said:
I have not interpreted the question the same way...


That's always a problem, understanding exactly what the OP wants. To me, it sounds like a simple problem of needing access between two different networks, both in the same physical location, but each using their own router, modem, etc. And if all you want to do is route between them, you use a router. Simple.

But hey, I could have very well have misinterpreted it myself. Only the OP knows for sure.
m
0
l
April 10, 2013 9:45:57 AM

Indeed!
The best solution would be the one that is easier for him.
m
0
l
April 10, 2013 11:27:33 PM

eibgrad said:
If these are independent networks, you can connect them to each other like any other networks, using an ordinary router! Let’s call it the “shared” router. The tricky part is properly configuring it.

You connect the WAN of the shared router to a LAN port on the router of network 192.168.1.x, and connect a LAN port of the shared router to a LAN port on the router of network 192.168.2.x.

[192.168.1.1](lan)<-- wire -->(wan)[shared router](lan)<-- wire -->(lan)[192.168.2.1]

So now you have a physical path between the networks. The shared router acts as a gateway between them. The problem is that clients of either network don’t know that this gateway exists. By default, any network whose whereabouts are unknown will result in the client passing the request to its default gateway (usually its own router). But the router doesn’t know where the other network is either. So you need to add static routes to each network’s router so it can locate the other network, using either the WAN or LAN IP of the shared router, as appropriate. Also disable the shared router's DHCP server (we're not using it to support its own local network, it's ONLY a gateway). Finally, it works a lot smoother and easier if you drop the firewall on the shared router and disable NAT.

It sounds more complicated than it really is. All you’re really doing is defining a new gateway and using a third router to support it, and updating each network’s router so clients of that network can find that gateway and thus access clients of the other network.


m
0
l
April 10, 2013 11:31:35 PM

I think, this is the easiest one. but what IP i want to give to the shared router?

Also how to do static route, please put an example. i am not that much experienced.

Also what you mean by "drop firewall" ? There is no separate firewall or anything here. Also don't have a server also.

All is just like some computers we connected to a switch and switch to normal router from the Etisalat (provider).
m
0
l

Best solution

April 11, 2013 6:47:27 AM

jaabi379 said:
I think, this is the easiest one. but what IP i want to give to the shared router?


You assign a static IP to the WAN and LAN interfaces that’s valid on the network each happens to be facing.

Let’s assume the two networks are 192.168.1.x and 192.168.2.x. The WAN side of the shared router must face one of those networks, while the LAN side must face the other. Let’s assume the WAN faces the 192.168.1.x network, and the router used by the 192.168.1.x network is assigned 192.168.1.1. Assuming it’s available, assign the WAN ip of the shared router 192.168.1.2. Similarly, let’s assume the LAN faces the 192.168.2.x network, and the router used by the 192.168.2.x network is assigned 192.168.2.1. Assuming it’s available, assign the LAN ip of the shared router 192.168.2.2.

You’re just giving the shared router valid IPs on its WAN and LAN interfaces so it’s addressable from each network.

jaabi379 said:
Also how to do static route, please put an example. i am not that much experienced.


Most (but not all) routers will let you add static routes using the router’s GUI. You need to add static routes because the routers used by the respective networks (192.168.1.1 and 192.168.2.1 in our example) don’t know that a gateway between the two networks even exists.

Continuing w/ our example IP assignments, we go to the GUI of the 192.168.1.1 router and add the following static route:

Destination: 192.168.2.0
Mask: 255.255.255.0
Gateway: 192.168.1.2

What this says is, any ip address in the 192.168.2.x network should be routed to the gateway at 192.68.1.2 (the WAN ip of the shared router we assigned previously).

Similarly, we go to the GUI of the 192.168.2.1 router and add the following static route:

Destination: 192.168.1.0
Mask: 255.255.255.0
Gateway: 192.168.2.2

What this says is, any ip address in the 192.168.1.x network should be routed to the gateway at 192.68.2.2 (the LAN ip of the shared router we assigned previously).

So now, anytime a client on either network refers to an ip address that resides on the other network, those clients will pass the traffic to their respective default gateways (which is the router on their respective networks), which in turn will pass the traffic to our shared router, because each router now KNOWS how to reach the other network thanks to our static routing.

Admittedly, a lot of this sounds more complicated than it really is because we’re describing this in text rather than pictures, but hopefully some of it is sinking in.

jaabi379 said:
what you mean by "drop firewall" ? There is no separate firewall or anything here. Also don't have a server also.


The firewall I was referring to was that of the shared router. By default, most routers block all traffic from the WAN side into the LAN side, while allowing traffic to flow freely from the LAN side to the WAN side. It would make sense to drop/disable the shared router’s firewall in this case. We want traffic to flow freely in either direction. If both these networks are going to share resources, they should be considered ”friendly” to each other, making the use of a firewall between them unnecessary. But if you want to use the firewall and restrict access between them (e.g., only allow specific IPs to talk to each other), you certainly have that option. But at least for initial setup purposes, it’s a lot easier to configure everything and make sure it’s working if you disable the shared router’s firewall.

jaabi379 said:
All is just like some computers we connected to a switch and switch to normal router from the Etisalat (provider).


Sorry, I don’t understand the question (or if it even is a question).
Share
April 12, 2013 10:11:02 AM

It seems like to me, that eibgrad's solution will work. The only issue I see is that some crossover cables are required to hook LAN ports of 2 routers together.

Maybe eibgrad might was to clarify this ??

GREAT forum and GREAT answers BTW !!
m
0
l
April 12, 2013 1:02:35 PM

Crossover cables are rarely necessary these days. Virtually all modern networking equipment (since ~2006) has supported auto-mdix, which will automatically configure the connection appropriately using standard ethernet cabling. You don't even need auto-mdix on both devices, just having ONE endpoint w/ auto-mdix is sufficient.

I also was to stress again (which I did mention initially), the shared router should have NAT disabled! You don't want the shared router altering network packets as traffic flows between the WAN and LAN in this configuration.
m
0
l
April 12, 2013 1:49:49 PM

Oh, I just *wish* all my routers were newer than 2006 models !! I live in the world of small mom and pop businesses, where the newest bells and whistles aren't always necessary or needed.

Crossover cables would work on older -and- newer routers as well.
m
0
l
April 15, 2013 10:17:11 AM

eibgrad said:
jaabi379 said:
I think, this is the easiest one. but what IP i want to give to the shared router?


You assign a static IP to the WAN and LAN interfaces that’s valid on the network each happens to be facing.

Let’s assume the two networks are 192.168.1.x and 192.168.2.x. The WAN side of the shared router must face one of those networks, while the LAN side must face the other. Let’s assume the WAN faces the 192.168.1.x network, and the router used by the 192.168.1.x network is assigned 192.168.1.1. Assuming it’s available, assign the WAN ip of the shared router 192.168.1.2. Similarly, let’s assume the LAN faces the 192.168.2.x network, and the router used by the 192.168.2.x network is assigned 192.168.2.1. Assuming it’s available, assign the LAN ip of the shared router 192.168.2.2.

You’re just giving the shared router valid IPs on its WAN and LAN interfaces so it’s addressable from each network.

jaabi379 said:
Also how to do static route, please put an example. i am not that much experienced.


Most (but not all) routers will let you add static routes using the router’s GUI. You need to add static routes because the routers used by the respective networks (192.168.1.1 and 192.168.2.1 in our example) don’t know that a gateway between the two networks even exists.

Continuing w/ our example IP assignments, we go to the GUI of the 192.168.1.1 router and add the following static route:

Destination: 192.168.2.0
Mask: 255.255.255.0
Gateway: 192.168.1.2

What this says is, any ip address in the 192.168.2.x network should be routed to the gateway at 192.68.1.2 (the WAN ip of the shared router we assigned previously).

Similarly, we go to the GUI of the 192.168.2.1 router and add the following static route:

Destination: 192.168.1.0
Mask: 255.255.255.0
Gateway: 192.168.2.2

What this says is, any ip address in the 192.168.1.x network should be routed to the gateway at 192.68.2.2 (the LAN ip of the shared router we assigned previously).

So now, anytime a client on either network refers to an ip address that resides on the other network, those clients will pass the traffic to their respective default gateways (which is the router on their respective networks), which in turn will pass the traffic to our shared router, because each router now KNOWS how to reach the other network thanks to our static routing.

Admittedly, a lot of this sounds more complicated than it really is because we’re describing this in text rather than pictures, but hopefully some of it is sinking in.

jaabi379 said:
what you mean by "drop firewall" ? There is no separate firewall or anything here. Also don't have a server also.


The firewall I was referring to was that of the shared router. By default, most routers block all traffic from the WAN side into the LAN side, while allowing traffic to flow freely from the LAN side to the WAN side. It would make sense to drop/disable the shared router’s firewall in this case. We want traffic to flow freely in either direction. If both these networks are going to share resources, they should be considered ”friendly” to each other, making the use of a firewall between them unnecessary. But if you want to use the firewall and restrict access between them (e.g., only allow specific IPs to talk to each other), you certainly have that option. But at least for initial setup purposes, it’s a lot easier to configure everything and make sure it’s working if you disable the shared router’s firewall.

jaabi379 said:
All is just like some computers we connected to a switch and switch to normal router from the Etisalat (provider).


Sorry, I don’t understand the question (or if it even is a question).


m
0
l
April 15, 2013 10:18:31 AM

eibgrad said:
jaabi379 said:
I think, this is the easiest one. but what IP i want to give to the shared router?


You assign a static IP to the WAN and LAN interfaces that’s valid on the network each happens to be facing.

Let’s assume the two networks are 192.168.1.x and 192.168.2.x. The WAN side of the shared router must face one of those networks, while the LAN side must face the other. Let’s assume the WAN faces the 192.168.1.x network, and the router used by the 192.168.1.x network is assigned 192.168.1.1. Assuming it’s available, assign the WAN ip of the shared router 192.168.1.2. Similarly, let’s assume the LAN faces the 192.168.2.x network, and the router used by the 192.168.2.x network is assigned 192.168.2.1. Assuming it’s available, assign the LAN ip of the shared router 192.168.2.2.

You’re just giving the shared router valid IPs on its WAN and LAN interfaces so it’s addressable from each network.

jaabi379 said:
Also how to do static route, please put an example. i am not that much experienced.


Most (but not all) routers will let you add static routes using the router’s GUI. You need to add static routes because the routers used by the respective networks (192.168.1.1 and 192.168.2.1 in our example) don’t know that a gateway between the two networks even exists.

Continuing w/ our example IP assignments, we go to the GUI of the 192.168.1.1 router and add the following static route:

Destination: 192.168.2.0
Mask: 255.255.255.0
Gateway: 192.168.1.2

What this says is, any ip address in the 192.168.2.x network should be routed to the gateway at 192.68.1.2 (the WAN ip of the shared router we assigned previously).

Similarly, we go to the GUI of the 192.168.2.1 router and add the following static route:

Destination: 192.168.1.0
Mask: 255.255.255.0
Gateway: 192.168.2.2

What this says is, any ip address in the 192.168.1.x network should be routed to the gateway at 192.68.2.2 (the LAN ip of the shared router we assigned previously).

So now, anytime a client on either network refers to an ip address that resides on the other network, those clients will pass the traffic to their respective default gateways (which is the router on their respective networks), which in turn will pass the traffic to our shared router, because each router now KNOWS how to reach the other network thanks to our static routing.

Admittedly, a lot of this sounds more complicated than it really is because we’re describing this in text rather than pictures, but hopefully some of it is sinking in.

jaabi379 said:
what you mean by "drop firewall" ? There is no separate firewall or anything here. Also don't have a server also.


The firewall I was referring to was that of the shared router. By default, most routers block all traffic from the WAN side into the LAN side, while allowing traffic to flow freely from the LAN side to the WAN side. It would make sense to drop/disable the shared router’s firewall in this case. We want traffic to flow freely in either direction. If both these networks are going to share resources, they should be considered ”friendly” to each other, making the use of a firewall between them unnecessary. But if you want to use the firewall and restrict access between them (e.g., only allow specific IPs to talk to each other), you certainly have that option. But at least for initial setup purposes, it’s a lot easier to configure everything and make sure it’s working if you disable the shared router’s firewall.

jaabi379 said:
All is just like some computers we connected to a switch and switch to normal router from the Etisalat (provider).


Sorry, I don’t understand the question (or if it even is a question).


m
0
l
April 15, 2013 10:19:37 AM

Thanks a Lot for the well described answer from eibgrad. Thanks a lot my friend.
m
0
l
April 16, 2013 11:23:42 AM

Hey Guys according to that topic i think that for connecting 2 different LAN is like a complex working and those whose are handy on their field can do it easily.For knowing about that connection must visit that url:

internetdunia.com/internet/how-to-connect-two-computers-of-two-different-lan-networks/1577/

m
0
l
September 27, 2013 2:59:34 AM

connect lan port of both the routers OR connect swithes of both the networks with the help of a lan cable
systems connected to 1st router should have ip address 192.168.1.2-99 sub-net of 255.255.255.0 and gateway 192.168.1.1
systems connected to 2nd router should have ip address 192.168.1.101-200 subnet of 255.255.255.0 and gateway 192.168.1.100
simple
both local networks are connected and can share files and printers and can use different internet
dhcp should be disabled in both the routers.
I had done this in my office and is working fine.
AND PLEASE MAKE SURE TOTAL NO. OF SYSTEMS IN BOTH NETWORKS IS LESS THAN 245
m
0
l
September 27, 2013 4:35:32 AM

I could have very well have misinterpreted it myself.
m
0
l
September 27, 2013 5:31:04 AM

Quote:
eibgrad said:
jaabi379 said:
I think, this is the easiest one. but what IP i want to give to the shared router?


You assign a static IP to the WAN and LAN interfaces that’s valid on the network each happens to be facing.

Let’s assume the two networks are 192.168.1.x and 192.168.2.x. The WAN side of the shared router must face one of those networks, while the LAN side must face the other. Let’s assume the WAN faces the 192.168.1.x network, and the router used by the 192.168.1.x network is assigned 192.168.1.1. Assuming it’s available, assign the WAN ip of the shared router 192.168.1.2. Similarly, let’s assume the LAN faces the 192.168.2.x network, and the router used by the 192.168.2.x network is assigned 192.168.2.1. Assuming it’s available, assign the LAN ip of the shared router 192.168.2.2.

You’re just giving the shared router valid IPs on its WAN and LAN interfaces so it’s addressable from each network.

jaabi379 said:
Also how to do static route, please put an example. i am not that much experienced.


Most (but not all) routers will let you add static routes using the router’s GUI. You need to add static routes because the routers used by the respective networks (192.168.1.1 and 192.168.2.1 in our example) don’t know that a gateway between the two networks even exists.

Continuing w/ our example IP assignments, we go to the GUI of the 192.168.1.1 router and add the following static route:

Destination: 192.168.2.0
Mask: 255.255.255.0
Gateway: 192.168.1.2

What this says is, any ip address in the 192.168.2.x network should be routed to the gateway at 192.68.1.2 (the WAN ip of the shared router we assigned previously).

Similarly, we go to the GUI of the 192.168.2.1 router and add the following static route:

Destination: 192.168.1.0
Mask: 255.255.255.0
Gateway: 192.168.2.2

What this says is, any ip address in the 192.168.1.x network should be routed to the gateway at 192.68.2.2 (the LAN ip of the shared router we assigned previously).

So now, anytime a client on either network refers to an ip address that resides on the other network, those clients will pass the traffic to their respective default gateways (which is the router on their respective networks), which in turn will pass the traffic to our shared router, because each router now KNOWS how to reach the other network thanks to our static routing.

Admittedly, a lot of this sounds more complicated than it really is because we’re describing this in text rather than pictures, but hopefully some of it is sinking in.

jaabi379 said:
what you mean by "drop firewall" ? There is no separate firewall or anything here. Also don't have a server also.


The firewall I was referring to was that of the shared router. By default, most routers block all traffic from the WAN side into the LAN side, while allowing traffic to flow freely from the LAN side to the WAN side. It would make sense to drop/disable the shared router’s firewall in this case. We want traffic to flow freely in either direction. If both these networks are going to share resources, they should be considered ”friendly” to each other, making the use of a firewall between them unnecessary. But if you want to use the firewall and restrict access between them (e.g., only allow specific IPs to talk to each other), you certainly have that option. But at least for initial setup purposes, it’s a lot easier to configure everything and make sure it’s working if you disable the shared router’s firewall.

jaabi379 said:
All is just like some computers we connected to a switch and switch to normal router from the Etisalat (provider).


Sorry, I don’t understand the question (or if it even is a question).


I am in the same situation like jaabi379, however my my situation is that the two location are not in the same building. And what I am trying to do is to be able to access location 1 through wifi connection from location 2. Is there a way to do what you have suggested without cabling the routers?
m
0
l
November 28, 2013 2:03:35 PM

I've tried following these instructions step-by-step, but I think I'm missing something.

This is what I did:
[Router 1] (192.168.2.1) (LAN) <-----> (WAN) (192.168.2.240) [Shared Router D-Link 655] (10.2.7.240) (LAN) <-----> (LAN) (10.2.7.1) [Router 2]

Router 1 set the Shared router to static IP 192.168.2.240 and has the static route:
Destination: 10.2.7.0
Mask: 255.255.255.0
Next Hop: 192.168.2.240
Router 2 set the Shared router to static IP 10.2.7.240 and has the static route:
Destination: 192.168.2.0
Mask: 255.255.255.0
Next Hop: 10.2.7.240

From LAN 1 (192.168.2.x) I can ping the Shared router at 192.168.2.240
From LAN 2 (10.2.7.x) I can ping the Shared router at 10.2.7.240

However that's where the communication stops. I can't ping anything on LAN 2 from LAN 1, or vice versa.

Do I need static routes inside the Shared router too? Or is the D-link router not appropriate for this test?

I think the D-link is probably the problem because I think NAT cannot be disabled and it may be interfering with WAN-port functionality.

eibgrad said:
jaabi379 said:
I think, this is the easiest one. but what IP i want to give to the shared router?


You assign a static IP to the WAN and LAN interfaces that’s valid on the network each happens to be facing.

Let’s assume the two networks are 192.168.1.x and 192.168.2.x. The WAN side of the shared router must face one of those networks, while the LAN side must face the other. Let’s assume the WAN faces the 192.168.1.x network, and the router used by the 192.168.1.x network is assigned 192.168.1.1. Assuming it’s available, assign the WAN ip of the shared router 192.168.1.2. Similarly, let’s assume the LAN faces the 192.168.2.x network, and the router used by the 192.168.2.x network is assigned 192.168.2.1. Assuming it’s available, assign the LAN ip of the shared router 192.168.2.2.

You’re just giving the shared router valid IPs on its WAN and LAN interfaces so it’s addressable from each network.

jaabi379 said:
Also how to do static route, please put an example. i am not that much experienced.


Most (but not all) routers will let you add static routes using the router’s GUI. You need to add static routes because the routers used by the respective networks (192.168.1.1 and 192.168.2.1 in our example) don’t know that a gateway between the two networks even exists.

Continuing w/ our example IP assignments, we go to the GUI of the 192.168.1.1 router and add the following static route:

Destination: 192.168.2.0
Mask: 255.255.255.0
Gateway: 192.168.1.2

What this says is, any ip address in the 192.168.2.x network should be routed to the gateway at 192.68.1.2 (the WAN ip of the shared router we assigned previously).

Similarly, we go to the GUI of the 192.168.2.1 router and add the following static route:

Destination: 192.168.1.0
Mask: 255.255.255.0
Gateway: 192.168.2.2

What this says is, any ip address in the 192.168.1.x network should be routed to the gateway at 192.68.2.2 (the LAN ip of the shared router we assigned previously).

So now, anytime a client on either network refers to an ip address that resides on the other network, those clients will pass the traffic to their respective default gateways (which is the router on their respective networks), which in turn will pass the traffic to our shared router, because each router now KNOWS how to reach the other network thanks to our static routing.

Admittedly, a lot of this sounds more complicated than it really is because we’re describing this in text rather than pictures, but hopefully some of it is sinking in.



m
0
l
November 28, 2013 2:39:44 PM

navi_srao said:
connect lan port of both the routers OR connect swithes of both the networks with the help of a lan cable
systems connected to 1st router should have ip address 192.168.1.2-99 sub-net of 255.255.255.0 and gateway 192.168.1.1
systems connected to 2nd router should have ip address 192.168.1.101-200 subnet of 255.255.255.0 and gateway 192.168.1.100
simple
both local networks are connected and can share files and printers and can use different internet
dhcp should be disabled in both the routers.
I had done this in my office and is working fine.
AND PLEASE MAKE SURE TOTAL NO. OF SYSTEMS IN BOTH NETWORKS IS LESS THAN 245


Sure, it's simple in theory, but you make it sound like a trivial exercise to have one of location in the same enterprise change their network scheme to coincide w/ the other. Perhaps it was a mistake for them to have done so, perhaps it was intentional. We’ll never know. So we have to assume that’s not a practical solution.

Essentially what you’ve done is bridge the networks. But having to disable DHCP is crazy; who wants to be manually configuring/updating clients? That’s simply not realistic for most businesses, at least not for clients (servers, ok). So rather than disabling DHCP, why not *block* it w/ firewall rules! That’s why the use of a router is so valuable here; we don’t need to burden ourselves with disabling DHCP because we resorted to a LAN cable. Instead we firewall it.

Also, if you’re willing to change networks schemes anyway, there’s no need to limit yourself to 255 ips. You can simply increase the number of hosts by using a different network mask, say 255.255.0.0 (64k!).
m
0
l
November 28, 2013 3:19:52 PM

Daniu said:
I've tried following these instructions step-by-step, but I think I'm missing something.

This is what I did:
[Router 1] (192.168.2.1) (LAN) <-----> (WAN) (192.168.2.240) [Shared Router D-Link 655] (10.2.7.240) (LAN) <-----> (LAN) (10.2.7.1) [Router 2]

Router 1 set the Shared router to static IP 192.168.2.240 and has the static route:
Destination: 10.2.7.0
Mask: 255.255.255.0
Next Hop: 192.168.2.240
Router 2 set the Shared router to static IP 10.2.7.240 and has the static route:
Destination: 192.168.2.0
Mask: 255.255.255.0
Next Hop: 10.2.7.240

From LAN 1 (192.168.2.x) I can ping the Shared router at 192.168.2.240
From LAN 2 (10.2.7.x) I can ping the Shared router at 10.2.7.240

However that's where the communication stops. I can't ping anything on LAN 2 from LAN 1, or vice versa.

Do I need static routes inside the Shared router too? Or is the D-link router not appropriate for this test?

I think the D-link is probably the problem because I think NAT cannot be disabled and it may be interfering with WAN-port functionality.

eibgrad said:
jaabi379 said:
I think, this is the easiest one. but what IP i want to give to the shared router?


You assign a static IP to the WAN and LAN interfaces that’s valid on the network each happens to be facing.

Let’s assume the two networks are 192.168.1.x and 192.168.2.x. The WAN side of the shared router must face one of those networks, while the LAN side must face the other. Let’s assume the WAN faces the 192.168.1.x network, and the router used by the 192.168.1.x network is assigned 192.168.1.1. Assuming it’s available, assign the WAN ip of the shared router 192.168.1.2. Similarly, let’s assume the LAN faces the 192.168.2.x network, and the router used by the 192.168.2.x network is assigned 192.168.2.1. Assuming it’s available, assign the LAN ip of the shared router 192.168.2.2.

You’re just giving the shared router valid IPs on its WAN and LAN interfaces so it’s addressable from each network.

jaabi379 said:
Also how to do static route, please put an example. i am not that much experienced.


Most (but not all) routers will let you add static routes using the router’s GUI. You need to add static routes because the routers used by the respective networks (192.168.1.1 and 192.168.2.1 in our example) don’t know that a gateway between the two networks even exists.

Continuing w/ our example IP assignments, we go to the GUI of the 192.168.1.1 router and add the following static route:

Destination: 192.168.2.0
Mask: 255.255.255.0
Gateway: 192.168.1.2

What this says is, any ip address in the 192.168.2.x network should be routed to the gateway at 192.68.1.2 (the WAN ip of the shared router we assigned previously).

Similarly, we go to the GUI of the 192.168.2.1 router and add the following static route:

Destination: 192.168.1.0
Mask: 255.255.255.0
Gateway: 192.168.2.2

What this says is, any ip address in the 192.168.1.x network should be routed to the gateway at 192.68.2.2 (the LAN ip of the shared router we assigned previously).

So now, anytime a client on either network refers to an ip address that resides on the other network, those clients will pass the traffic to their respective default gateways (which is the router on their respective networks), which in turn will pass the traffic to our shared router, because each router now KNOWS how to reach the other network thanks to our static routing.

Admittedly, a lot of this sounds more complicated than it really is because we’re describing this in text rather than pictures, but hopefully some of it is sinking in.





As far as you’ve described it, it appears correct. The static routes are only relevant to each network’s respective primary router, NOT the shared router.

Remember what I stated previously. Ideally you want to disable NAT and the firewall (and for completeness, DHCP). Otherwise, the WAN will not expose the ip scheme on the LAN side. You'll only be able to access the LAN network via port forwarding on the WAN ip. Not very convenient imo. The idea here is to make this as seamless as possible. However, you should be able to ping from the LAN side to the WAN side regardless of configuration, unless you’re simply encountering personal firewalls on those devices.
m
0
l
November 29, 2013 2:41:12 PM

I'm puzzled why the D-Link isn't working in either direction, but I think it'll be less headaches trying again with a DDWRT router instead. Thanks, your posts above helped me a lot.

eibgrad said:


As far as you’ve described it, it appears correct. The static routes are only relevant to each network’s respective primary router, NOT the shared router.

Remember what I stated previously. Ideally you want to disable NAT and the firewall (and for completeness, DHCP). Otherwise, the WAN will not expose the ip scheme on the LAN side. You'll only be able to access the LAN network via port forwarding on the WAN ip. Not very convenient imo. The idea here is to make this as seamless as possible. However, you should be able to ping from the LAN side to the WAN side regardless of configuration, unless you’re simply encountering personal firewalls on those devices.

m
0
l
April 30, 2014 8:34:16 AM

eibgrad said:
If these are independent networks, you can connect them to each other like any other networks, using an ordinary router! Let’s call it the “shared” router. The tricky part is properly configuring it.

You connect the WAN of the shared router to a LAN port on the router of network 192.168.1.x, and connect a LAN port of the shared router to a LAN port on the router of network 192.168.2.x.

[192.168.1.1](lan)<-- wire -->(wan)[shared router](lan)<-- wire -->(lan)[192.168.2.1]

So now you have a physical path between the networks. The shared router acts as a gateway between them. The problem is that clients of either network don’t know that this gateway exists. By default, any network whose whereabouts are unknown will result in the client passing the request to its default gateway (usually its own router). But the router doesn’t know where the other network is either. So you need to add static routes to each network’s router so it can locate the other network, using either the WAN or LAN IP of the shared router, as appropriate. Also disable the shared router's DHCP server (we're not using it to support its own local network, it's ONLY a gateway). Finally, it works a lot smoother and easier if you drop the firewall on the shared router and disable NAT.

It sounds more complicated than it really is. All you’re really doing is defining a new gateway and using a third router to support it, and updating each network’s router so clients of that network can find that gateway and thus access clients of the other network.


Hi,
Thank you for your clear and helpful explanation.
My question is: why do we need a third (shared) router?
Isn’t it enough just to connect a network cable from LAN to LAN and setup static routes on each router?



m
0
l
April 30, 2014 2:13:57 PM

dbgd said:
eibgrad said:
If these are independent networks, you can connect them to each other like any other networks, using an ordinary router! Let’s call it the “shared” router. The tricky part is properly configuring it.

You connect the WAN of the shared router to a LAN port on the router of network 192.168.1.x, and connect a LAN port of the shared router to a LAN port on the router of network 192.168.2.x.

[192.168.1.1](lan)<-- wire -->(wan)[shared router](lan)<-- wire -->(lan)[192.168.2.1]

So now you have a physical path between the networks. The shared router acts as a gateway between them. The problem is that clients of either network don’t know that this gateway exists. By default, any network whose whereabouts are unknown will result in the client passing the request to its default gateway (usually its own router). But the router doesn’t know where the other network is either. So you need to add static routes to each network’s router so it can locate the other network, using either the WAN or LAN IP of the shared router, as appropriate. Also disable the shared router's DHCP server (we're not using it to support its own local network, it's ONLY a gateway). Finally, it works a lot smoother and easier if you drop the firewall on the shared router and disable NAT.

It sounds more complicated than it really is. All you’re really doing is defining a new gateway and using a third router to support it, and updating each network’s router so clients of that network can find that gateway and thus access clients of the other network.


Hi,
Thank you for your clear and helpful explanation.
My question is: why do we need a third (shared) router?
Isn’t it enough just to connect a network cable from LAN to LAN and setup static routes on each router?





There's a general networking principle at play here. If you have two separate networks, each w/ its own ip scope (e.g., 192.168.1.x and 10.0.0.x), and presumably each w/ its own gateway/ISP, you can't just simply connect them LAN to LAN and expect things to work correctly. It’s entirely possible that DHCP request from each network might be responded to by the other network’s DHCP server. Plus, you can’t control precisely who can and can’t access which resources.

IOW, by connecting them LAN to LAN, you have, by definition, made them part of the same physical network. That’s not typically what you want. You merely want to ***route*** between the two networks. And how do you do that? Answer, you use a router!

Now that said, you have several options in how you implement that router. One is to literally get another router device. Another (and something you would most likely see in a business setting) is to create a VLAN on one of the routers, then connect those routers VLAN to LAN, add static routes, firewall rules, etc. IOW, do it in software. Either way, it’s a router. But since it’s presumptuous to assume VLAN are available, it’s just prudent to recommend a new router device since that will always work.

This is actually a very simple problem. All you’re doing is trying to find a way to get from one network to another. And you do that via routing. And a router is the mechanism/device that makes routing possible. There’s not a lick of difference in what is needed to route between two local networks and what it takes to route between your local network and the internet.
m
0
l
April 30, 2014 9:40:37 PM

Thank you for taking the time to explain this to me.

This is the part I was missing:

eibgrad said:

There's a general networking principle at play here. If you have two separate networks, each w/ its own ip scope (e.g., 192.168.1.x and 10.0.0.x), and presumably each w/ its own gateway/ISP, you can't just simply connect them LAN to LAN and expect things to work correctly. It’s entirely possible that DHCP request from each network might be responded to by the other network’s DHCP server.

Before you explained it to me I thought that each DHCP server can only respond to its own local ip scope.

Once again, thank you for your clear and helpful explanation.
m
0
l
May 15, 2014 12:41:27 AM

Daniu said:
I've tried following these instructions step-by-step, but I think I'm missing something.

This is what I did:
[Router 1] (192.168.2.1) (LAN) <-----> (WAN) (192.168.2.240) [Shared Router D-Link 655] (10.2.7.240) (LAN) <-----> (LAN) (10.2.7.1) [Router 2]

Router 1 set the Shared router to static IP 192.168.2.240 and has the static route:
Destination: 10.2.7.0
Mask: 255.255.255.0
Next Hop: 192.168.2.240
Router 2 set the Shared router to static IP 10.2.7.240 and has the static route:
Destination: 192.168.2.0
Mask: 255.255.255.0
Next Hop: 10.2.7.240

From LAN 1 (192.168.2.x) I can ping the Shared router at 192.168.2.240
From LAN 2 (10.2.7.x) I can ping the Shared router at 10.2.7.240

However that's where the communication stops. I can't ping anything on LAN 2 from LAN 1, or vice versa.

Do I need static routes inside the Shared router too? Or is the D-link router not appropriate for this test?

I think the D-link is probably the problem because I think NAT cannot be disabled and it may be interfering with WAN-port functionality.



Hi,

I’m having the same problem, were you able to figure out the solution?

Thanks

m
0
l
!