Router cascade w/o double NAT
Posted: Wed May 11, 2022 5:00 am
Hello,
based on this tutorial I started a setup of router cascade w/o double NAT.
This means primary router is setup with disabled NAT and additional routing rules.
The visualization would look like this:
clients ↔ Gargoyle router (no NAT) ↔ routing rules ↔ ISP router with NAT ↔ Internet
Actually the clients are represented in a LAN subnet (172.16.1.0/24) and DMZ subnet (172.16.11.0/24).
This works as expected.
Now I want to connect a secondary router to a free NIC of the primary router. This secondary router provides multiple subnets, e.g. Office, Guest, IoT.
The secondary router's LAN subnet is identical to primary router's LAN: 172.16.1.0/24.
This subnet is only for router access (SSH and HTTPS).
As a result the following IPs are assigned:
primary router:
LAN: 172.16.1.1/24
DMZ: 172.16.11.1/24
eth1: 172.16.0.1/30
WAN: 192.168.1.2/24
secondary router:
LAN: 172.16.1.2/24
Office: 172.21.10.1/24 (VLAN)
Guest: 172.21.20.1/24 (VLAN)
WAN: 172.16.0.2/30
The current issue is:
No internet access from secondary router, means I cannot upgrade software packages.
DNS on secondary router works, though.
I assume the issue is related to the configuration of the primary router.
eth1 is not assigned to a firewall zone, this means there are now firewall rules etc. related to this NIC and subnet 172.16.0.0/30.
But I don't understand how network traffic on this subnet would be routed to WAN interface of primary router.
Can you please advise how to troubleshoot this issue?
based on this tutorial I started a setup of router cascade w/o double NAT.
This means primary router is setup with disabled NAT and additional routing rules.
The visualization would look like this:
clients ↔ Gargoyle router (no NAT) ↔ routing rules ↔ ISP router with NAT ↔ Internet
Actually the clients are represented in a LAN subnet (172.16.1.0/24) and DMZ subnet (172.16.11.0/24).
This works as expected.
Now I want to connect a secondary router to a free NIC of the primary router. This secondary router provides multiple subnets, e.g. Office, Guest, IoT.
The secondary router's LAN subnet is identical to primary router's LAN: 172.16.1.0/24.
This subnet is only for router access (SSH and HTTPS).
As a result the following IPs are assigned:
primary router:
LAN: 172.16.1.1/24
DMZ: 172.16.11.1/24
eth1: 172.16.0.1/30
WAN: 192.168.1.2/24
secondary router:
LAN: 172.16.1.2/24
Office: 172.21.10.1/24 (VLAN)
Guest: 172.21.20.1/24 (VLAN)
WAN: 172.16.0.2/30
The current issue is:
No internet access from secondary router, means I cannot upgrade software packages.
DNS on secondary router works, though.
I assume the issue is related to the configuration of the primary router.
eth1 is not assigned to a firewall zone, this means there are now firewall rules etc. related to this NIC and subnet 172.16.0.0/30.
But I don't understand how network traffic on this subnet would be routed to WAN interface of primary router.
Can you please advise how to troubleshoot this issue?