So I set up a simple network: first comes the modem, then comes the router and behind the router my end devices. I can access the modem network from my local area network behind the router, but when I try to access the local area network behind the router from my modem side, nothing happens. Why is that so? I don't quite understand this and am wondering if the router sees the modem as a device on its local network, so the connection works, but the modem doesn't see its own NAT as part of the local network? What should I do to be able to communicate from the modem to the local network behin the router?
Asked
Active
Viewed 205 times
0
-
See [networking - I am setting up a network in another network. For port forwarding to work, do the ports need to be opened on both networks? - Super User](https://superuser.com/questions/1566356/i-am-setting-up-a-network-in-another-network-for-port-forwarding-to-work-do-th) – DavidPostill Aug 09 '22 at 07:01
-
See [router - What is port forwarding and what is it used for? - Super User](https://superuser.com/questions/284051/what-is-port-forwarding-and-what-is-it-used-for) – DavidPostill Aug 09 '22 at 07:01
-
2Does this answer your question? [What is port forwarding and what is it used for?](https://superuser.com/questions/284051/what-is-port-forwarding-and-what-is-it-used-for) – harrymc Aug 09 '22 at 07:15
-
Yes, in some way, yes, nice addition. But my question, which is now cleared, was about why a intercommunication between two NAT work only in one direction. See below in the answer. – Koala Aug 13 '22 at 19:41
1 Answers
0
tl;dr: Look at your routing table. Look at the routing tables of both routers. They show exactly which networks a router (or a host) is aware of, and they show where packets for any given address would be sent.
Your 1st router (the modem) is not automatically aware of networks behind the 2nd router. It's only aware of the two networks it's directly attached to (the 1st LAN subnet and the ISP's WAN subnet). For everything else, it only has a single "default" route telling it to reach all other networks via the ISP.
However, it does not have a correct route for the 2nd subnet (there is no commonly accepted way for it to learn one¹), so all packets you send towards the 2nd subnet actually follow the default route over the WAN.
(Your other devices in the 1st subnet are the same: they don't know about the 2nd subnet, they only have their local routes and a default route.)
The only reason your 2nd subnet has any sort of outbound access at all is because the 2nd router's outbound NAT hides that network. This layer of NAT makes all outbound packets look like they came from the 2nd router itself – which is part of the 1st subnet, so your 1st router and other 1st subnet devices already know how to reach it.
That's how 1st subnet devices are able to reply to packets from the 2nd subnet despite having no routes leading there – they think they're replying to a local device (the 2nd router).
The correct way to make this work without double NAT is to add routes on the 1st subnet (either on the 1st router and/or the individual devices) telling them to use the 2nd router to reach the 2nd subnet. Look for the "Static routes" section in the modem's configuration pages.
¹ There's no automatic "inner/outer" relationship between the two networks.
Larger networks use various protocols for exchanging routes automatically (OSPF, IS-IS, iBGP, RIP, Babel, and so on), but consumer gateway manufacturers have almost zero interest in that. Only some routers happen to include RIP, but it's only useful if both routers speak it...
In theory, IPv6-capable routers should be able to learn routes using DHCP Prefix Delegation (the mechanism by which they obtain the v6 subnet prefix in the first place), but that doesn't help IPv4.
u1686_grawity
- 426,297
- 64
- 894
- 966
-
That clears up a few things. So I realized that the second router is simply part of the WAN network and then can additionally build a LAN network. Devices from the LAN network communicate with the Internet in such a way that router transfers the outgoing connection through its address in the WAN network. What I still wonder is that the modem gets its own address on the WAN network, but then I wonder what is the gateway? Is it something physical or logical? – Koala Aug 09 '22 at 10:33
-
Do you mean the modem *isn't* set up as a router, but just directly connects you to the ISP as a bridge? (In that case you can't really solve this "properly"; instead just avoid this kind of connection in general.) – u1686_grawity Aug 09 '22 at 11:07
-
Gateways and routes on the WAN side work exactly the same as on LANs. The "default gateway" address always belongs to a physical router somewhere – for a WAN link it might just be a router several km away at your ISP's central office (a dedicated enterprise router which handles far more than 2 networks at once). – u1686_grawity Aug 09 '22 at 11:10
-
So if the modem is indeed just a bridge, then the "1st router" is the one at your ISP (and you can't really add any routes to it nor look at the current routes), but otherwise the answer as posted generally still applies. – u1686_grawity Aug 09 '22 at 11:14
-
Well, first of all, thank you very much for your help. Yes it will be as you say, the WAN gateway belongs to my ISP. But tell me one more thing to make sure, so is it actually not possible to connect devices from inside the WAN network to devices on the LAN network behind the router as long as the WAN gateway belongs to my ISP provider and I can't get access to it? Or is there another possibility, e.g. setting up a routing on the modem inside the WAN or the router? – Koala Aug 09 '22 at 12:05
-
-
1I'm not sure if I can provide any good recommend without knowing for sure whether the modem is *really* entirely on the WAN side or not (i.e. is it in bridge mode or is it in router mode). You say it gives access to the WAN, but your earlier "double NAT" description says the complete opposite. Which one is it really, and how did you determine that it is so? – u1686_grawity Aug 09 '22 at 12:46
-
Yes, as you say, in principle it is not a double NAT if the WAN gateway is on the ISP side.. although basically yes, we are still dealing with 2 NATs. You're right, my modem in the WAN network is only used as a bridge and for personal use. But I would still like to know whether it is possible to access the LAN behind the router from the modem if you don't have access to the WAN gateway? – Koala Aug 09 '22 at 13:01