Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

OpenDNS has raised a TCP/IP question

Status
Not open for further replies.

GPz900r

Technical User
Oct 30, 2014
3
AU
I've had a crack but after a couple of days I'm stuck! Long post though :-(

Scenario: to use openDNS web filtering requires input of DNS into the WAN settings of the modem- but the issued Telstra (Australia) modem/routers have their WAN settings disabled in firmware. Solution: - use another router.

Complication: for end user (not me) simplicity I don't want to replace the OEM modem/router - this way if there are internet supply problems then users can *easily* default back to their original set-up.

**** I know it will work by replacing with a new modem/router but this IS NOT an answer to my questions ****

So I'm using a second router (a Dlink DIR-826L that was sitting around for something else...it was dirt cheap!) but I can't bridge the first (firmware wont let me) nor can I simply use the second router as a repeater because I need to enter different DNS settings.

As I need two routers I had the light-bulb idea of using the OEM router for my computers & devices (no openDNS) and then using the second router (with openDNS) for the rug-rats. Brilliant, but it's not quite working - 80%. So far my best solution is the pretty standard set-up of:

CGD24 LAN:
IP: 192.168.0.1
Subnet: 255.255.255.0 (can only change last octet)
DHCP Server 192.168.0.2-62 (again can only change the last octets)

Set DHCP reservation lease for DIR-826L MAC = 192.168.0.4 = OK

DIR-826L
Router IP: 192.168.1.1
Subnet Mask: 255.255.255.0
DHCP: 192.168.0.64-126

Internet Connection setup works with either Static IP (192.168.0.4) or Dynamic IP.

Everything works, except:

1. I can't get access to DIR-826L connected devices from CGD24N connected devices. Can ping 192.168.0.4 from CGD24N but nothing else(extending DHCP range makes no difference)

2. Can ping everything from the DIR-826L router, and whilst DIR-826L connected devices (eg iPhone) can browse or have network access to CGD24N connected devices (eg Seagate NAS) unfortunately most apps (eg. phone backup) wont let two devices connect unless they are connected to the same router. Or perhaps need the routers connected differently.

I've turned off all firewalls and even tried putting the 192.168.0.4 IP into the DMZ of the CGD24N router.

**** I know everything will work if all devices connect directly to the DIR-826L - but that IS NOT MY QUESTION!! ****

I have been trying to get my head around subnets & subnet masks, and from what I have read there should be a way to communicate in both directions. My noob logic suggests to me the problem is because the two routers are in different subnets (192.168.0.1 & 192.168.1.1) but whenever I set up the DIR-826L with the same subnet (eg. router IP: 192.168.0.64) I get stuck. Even when trying subnet masks the problem is I can't get any internet access through to the DIR-826L using Dynamic IP Internet Connection settings - but I can't use static IP as the router then tells me I have a subnet conflict between the LAN & Internet Connection settings (which I do). Different subnet masks make no difference either. I have wondered if this is possibly a PORT issue but again I don't want to change the default set-up of the CGD24N router.

I realise this two-direction communication may not be possible, but I've got to the point where even if I *did* get it working I wouldn't actually know why, so.....


Q1. From a TCP/IP perspective, why is the communication one-way but not the other?

Q2. Is it a hardware limitation of the DIR-826L or CGD24N routers? Not really a TCP/IP question I know....

Q3. Is it possible to have two-way communication between the routers with this hardware set-up, and if so what is the TCP/IP set-up? A NO is fine BTW :)

Q4. If not, what extra hardware would I need and what would be the TCP/IP set-up?

Q5. I understand how to get remote access to the CGD24N router (Provider IP address), but how do I get remote access to the DIR-826L router if it's IP is 192.x.x.x? Not possible? Fortunately I can access the Dlink via a cloud login....


Really appreciate any thoughts - and are more than happy to be pointed in the right direction for relevant web-site references. Even if I can't get it working the way I want it will be good to know the TCP/IP reasons.

Cheers.
 
. I can't get access to DIR-826L connected devices from CGD24N connected devices.

--> Do you have a route on your Telstra router, telling it where the 192.168.1.0/24 subnet is? It's probably just default security - get on the DLink and check its security settings. and logs.

You haven't supplied enough details anyway - obviously to link the two routers together, you must have configured an interface on each that are both in the same subnet. The only details you've provided are that one router has an IP addres in one subnet and the other in another. How do they talk?
Additionally, you have your DLink handing out DHCP addresses in the other router's subnet??!!! Wha..?

Don't forget these little routers also have firewalls and NATing on them to complicate things.

Basically, take a step back:
A subnet is an ethernet segment. Network devices on an ethernet segment communicate between each other using ARP broadcasts and their MAC addresses. (Not IP addresses).
You are talking about having two subnets. So you have two separate ethernet segments. Devices on one ethernet segment cannot talk to devices that are on a different ethernet segment. So they need to use IP addresses to talk to each other. So what you need is a router to connect the two ethernet segments and enable communications using IP addresses.
And then you need a router to connect to a 3rd network, which is your ISP's network.
So you have 3 networks, with a router to create the intersection between each.
A router that is joining two networks has an interface patched into each network. Each interface has the correct IP address on it for that network. Any host that wants to communicate with hosts that are on the other subnet that the router is in will need to be told to use the router interface to get to the other subnet. You do this by either configuring a route (Subnet X is via 192.168.0.rtrIP) or a default route/ default GW (0.0.0.0 (=all subnets) are via 192.168.0.rtrIP).

Now, if you sketch out what you are trying to do, but making sure you differentiate between Layer2 (switching within an ethernet segment based on MAC addresses) and Layer3 (routing between ethernet segments using IP addresses), you'll be less confused.



 
I'd written another essay (!) but from your thoughts & stepping back I'm now thinking it is most likely a limitation of the Telstra modem/router.

The ONLY way I can connect the routers is by assigning an IP address from the Telstra router to the MAC address of the Dlink router, which is exactly the same basic process for connecting a PC or other device via ethernet. Which doesn't really sound like a proper router connection. There are no Telstra options to set routes nor even the ability to set the modem into bridge mode.

So to get my head around subnets and the like I probably need to start with a clean sheet of paper ie two proper routers. I have another router sitting around so I will connect these up and see if I can get communication happening in a more controlled way. And if I get two-directional LAN communication but still can't get the iPhone apps to work across the 2 networks then I'll know its an app problem rather than anything to do with TCP/IP!

Cheers.












 
OK - got my head around ARP, MAC addresses, and subnet masks. BTW the key to understanding subnet masks was reading a reference that also explaining how [AND] works with binary numbers. Seems obvious now, but until I realised 0+1 = 0 NOT 0+1 = 1 subnet masks made no sense at all!

----------------------

So the scenario I have is:

PC1: 192.168.0.3 / 255.255.255.0 connected to Netgear cable/modem router set to: 192.168.0.1 / 255.255.255.0 and connected to web.

Dlink router WAN port connected to Netgear LAN port and assigned 192.168.0.4 to dlink MAC address.

PC2: 192.168.1.102 / 255.255.255.0 connected to dlink router set to: 192.168.1.1 / 255.255.255.0

----------------------

I gather that it is NAT that lets a router have two different IP addresses?

----------------------

PC2 can ping PC1 and tracert shows request goes first to dlink and then straight to PC1. So I'm thinking

1. PC2 recognises it is not on the same subnet as PC1 so sends it to the gateway (Dlink router)

2. dlink router must consider itself to be on the same subnet as PC1 (which it is on one side of the router) already knows the MAC address of PC1 so sends the request direct to PC1 without involving the Netgear gateway.

----------------------

- PC1 can ping dlink ONLY WHEN dlink is set to respond to ping on WAN port. 192.168.0.4 = Yes, 192.168.1.1 = No

- Netgear pings: 192.168.0.4 = Yes, 192.168.1.1 = No

- PC1 or Netgear cannot ping any devices connected to the Dlink

- Dlink can ping PC2 (Duh!)

- Other devices connected to Dlink can also ping PC2

----------------------

It was suggested (and it's definitely possible) that this could possibly be due to a firewall or other security on the Dlink. However from testing above & what I *now think* I'm thinking it's because:

1. when PC1 pings 192.168.1.102 it knows the destination device is not on the same subnet so sends the request to the gateway - the Netgear router.

2. But because there is no ability to enter [Routes] into the Netgear it receives the request from PC1 but has no idea where 192.168.1.102 is (as it needs to be sent to the Dlink gateway to 192.168.0.4/192.168.1.1) so it just times out.

I gather if I could specify [routes] then this might work by assigning 192.168.1.x to 192.168.0.4?

----------------------

BTW I'm not fussed if PC1 can't ping PC2 using this set-up. Due to firmware limitations in the Netgear I'm thinking it's just not possible without using at least one other *proper* router, preferably two.

But although not an ideal set-up, with port forwarding & QoS everything works surprisingly well considering double NAT & DHCP. The only annoyance is that:

: I cannot access the dlink router via remote management, as it's WAN IP is now delivered from the Netgear subnet.
: iOS & android mobile apps can't see across the subnets

So I'm guessing that just isn't possible.

----------------------

Appreciate any corrections :)



 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top