Subnetting Questions

[Garet Jax]

I have two routers and one subnet (192.168.1.X\24) in my network currently. The Verizon Actiontec cable modem/wireless/router is largely a passthrough - all functionality is disabled. So it is really acting as a cable modem and the network's gateway. Its inward facing IP is 192.168.1.1.

The second wireless router is a Cisco/Linksys E4200 - it has an IP of 192.168.1.4, its wireless radios are enabled and it is acting as a DHCP server. Its WAN functionality is disabled.

All existing items on my network use 192.168.1.1 as their gateway. Right now everything can see everything else and get access to the internet.

I recently installed Toastman's Tomato on the E4200 router and much of its functionality is disabled until I enable the WAN portion of the E4200 router.

I am looking for the easiest way to turn on the WAN portion of the E4200.

I believe the easiest way is to create two subnets:

192.168.0.X
192.168.1.X

On the first subnet, there will only be two items the Verizon Actiontec router and the WAN portion of the E4200.

I made the Verizon Actiontec router 192.168.0.1. I made the WAN portion of the E4200 192.168.0.2. I changed the cabling between the two routers so that it plugged into the WAN plug of the E4200 and one of the LAN plugs of the Actiontec.

I left all other IPs the same. So effectively the Actiontec is no longer in the 192.168.1.X subnet and the bridge between the two subnets is done through the E4200.

The E4200 can ping both subnets. I enabled the SSH server and was able to ping 192.168.0.X and 192.168.1.X.

So I guess I have a few questions:

1) Is there an easier way?
2) I believe I am very close and believe the remaining issue(s) have to do with routes.
2a) I believe the gateway should change from 192.168.1.1 to 192.168.1.4 on all devices - is this correct?
2b) What routes do I need to create on both routers to allow all traffic from 192.168.1.X to be able to reach the internet?

Thanks a lot.

PS - Merry Christmas and a Happy New Years.

 

[imagoon]

I am not sure I am following what you want to accomplish. If the Verizon actiontech is offering up 192.168.1.1, then all functionality and "acting as a cable modem" is false. It is acting a NAT router meaning it is doing address translations for you. Your E4200 is going to do the same thing. What are you trying to accomplish? Setting up routes in devices also doing NAT gets to be fairly messy quickly.

 

[Pandasaurus]

Typing from my phone, so this will be short. First, it sounds like you are effectively natting twice, using the same address range for both translations, but in different subnets. To me, this seems like a bad idea. But, that's just me. Second... What imagoon said. I'm trying to figure out what you're trying to accomplish here. Is there some reason you can't do this with just the EA4200?

 

[ch33zw1z]

What is recommended for your configuration is using the Actiontec as the main router, and the E4200 as a WAP

http://www.ezlan.net/router_AP.html

This puts everything on the same network, and avoids double NAT. if the ezlan guide isn't enough, just google "soho router as wap", lots of guides.

search the network forums, this question has been coming up often as of late.

 

[Garet Jax]

I am not sure I am following what you want to accomplish. If the Verizon actiontech is offering up 192.168.1.1, then all functionality and "acting as a cable modem" is false. It is acting a NAT router meaning it is doing address translations for you. Your E4200 is going to do the same thing. What are you trying to accomplish? Setting up routes in devices also doing NAT gets to be fairly messy quickly.

Typing from my phone, so this will be short. First, it sounds like you are effectively natting twice, using the same address range for both translations, but in different subnets. To me, this seems like a bad idea. But, that's just me. Second... What imagoon said. I'm trying to figure out what you're trying to accomplish here. Is there some reason you can't do this with just the EA4200?

There are a number of points here. My ultimate goal is to get the E4200 with the WAN interface enabled so I can use the full abilities that Tomato provides.

I understand that I would be double NATing so to speak, but it seems to me there is no way around it as long as I need both routers and the WAN interface enabled on the E4200.

The side affect of doing this is that I could enable the wireless interface on both routers and use the E4200 for all internal stuff and use the Actiontec for all visitors so they have access to the internet, but don't have access to anything behind the E4200.

The only reason I am keeping the Actiontec is because it converts the coaxial signal into something ethernet compatible. I have read you can get rid of it and use a true cable modem, but I have also read it is very difficult to do through Verizon since they aren't easy to work with.

Besides I have never done subnetting and am thinking this might be a good opportunity to learn.

Assuming I do need to write routing rules, and do manual NATing, is there a place you might recommend I could go to start the education process?

Thanks.

 

[Garet Jax]

What is recommended for your configuration is using the Actiontec as the main router, and the E4200 as a WAP

http://www.ezlan.net/router_AP.html

This puts everything on the same network, and avoids double NAT. if the ezlan guide isn't enough, just google "soho router as wap", lots of guides.

search the network forums, this question has been coming up often as of late.

Very good. This is half the battle - learning the name of what I want to do so I can search properly. Thanks so much for the link and also the name of what I am trying to do.

 

[Garet Jax]

What is recommended for your configuration is using the Actiontec as the main router, and the E4200 as a WAP

http://www.ezlan.net/router_AP.html

This puts everything on the same network, and avoids double NAT. if the ezlan guide isn't enough, just google "soho router as wap", lots of guides.

search the network forums, this question has been coming up often as of late.

Just read through this and it doesn't help me :-(

This is the configuration I already have. My problem is that I want to use the WAN port on the second router. This article specifically says not to use it.

Back to my original question - where do I go to learn about the routing rules required for connecting two subnets?

 

[JackMDS]

I have two routers and one subnet (192.168.1.X\24) in my network currently. The Verizon Actiontec cable modem/wireless/router is largely a passthrough - all functionality is disabled. So it is really acting as a cable modem and the network's gateway. Its inward facing IP is 192.168.1.1.

Your premise is that the above is a Transparent Gateway.

It is Not. Transparent Gateway's output is the public IP provided by the ISP.

Since your Modem IP is private (191.168.x.x), it means that the output is Routed/NAT.

I do not know what are the functions that are provided by the "Toastman" that are going to make you happy and whether it is a real functional need or a pie in the sky. You should try to find other ways to achieve these functions since FIOS does not provide all the flexibilities that our heart Desires.

P.S. Most of the Modem/Router devices provided by the ISPs are Not General Standard main stream devices. There are lacking some capacities. that helps the ISP to reduce cost ,and control aspects of users behaviors that their ""Heart Desired"".

Edit: The post by ch33zw1z bellow is one example for the another way solution

 

[ch33zw1z]

Just read through this and it doesn't help me :-(

This is the configuration I already have. My problem is that I want to use the WAN port on the second router. This article specifically says not to use it.

Back to my original question - where do I go to learn about the routing rules required for connecting two subnets?

Then use it the way you set it up. It's just going to cause a bit more work for you.

1) Is there an easier way?

Yes, the way is setting up the router as a WAP

2) I believe I am very close and believe the remaining issue(s) have to do with routes.

What routes, exactly

2a) I believe the gateway should change from 192.168.1.1 to 192.168.1.4 on all devices - is this correct?

no, anything behind the E4200 will need to use the E4200's LAN IP as the default gateway

2b) What routes do I need to create on both routers to allow all traffic from 192.168.1.X to be able to reach the internet?

None, it will do this by default, as long as you have the IP setup ok.

What traffic is not being routed. With this double NAT setup, if you want specific ports open then it will take some extra steps.

Example, let's forward SSH traffic on port 22 a device behind the E4200:

Actiontec: 192.168.0.1
E4200: WAN 192.168.0.2, LAN 192.168.1.1
device: 192.168.1.100

-On the Actiontec, you forward traffic on external port 22 to internal port 22 to IP 192.168.0.2
-On the E4200, you forward traffic from external port 22, to internal port 22 to device IP 192.168.1.100

You external, internal, and IP address may be different. But, that's basically how to forward through two routers

Are you having any specific issues?

 

[Enigma102083]

Does the actiontec support a DMZ IP address? If so, put the E4200 in the DMZ and be done with it.

 

[VirtualLarry]

The only reason I am keeping the Actiontec is because it converts the coaxial signal into something ethernet compatible. I have read you can get rid of it and use a true cable modem, but I have also read it is very difficult to do through Verizon since they aren't easy to work with.

NEVER DO THIS! You are liable to burn out the MOCA WAN interface on the ONT. A device that is expensive to replace, if VZ determines that it was your fault it was damaged.

If you don't also have TV service, you can have your ONT provisioned for a Cat5e internet WAN connection, and then you would be able to connect your E4200's WAN port directly to the ONT.

 

[VirtualLarry]

I have FIOS, using a Rev F ActionTec router, connected using MOCA WAN to my ONT. (I also have TV service.)

I have an E2500 running Tomato connected as a secondary router, which handles my port-forwards and VPN and such.

Basically, you want to "static NAT" or "DMZ" the secondary router. The idea is, all un-solicited incoming traffic is forwarded to the WAN interface of the secondary router to deal with.

I use the ActionTec for "guest" machines, while putting all of my real machines behind the secondary router.

Which, btw, gives me IPv6 service as well. But that's well beyond the scope of this thread.