Skip to main content

LAN behind a LAN access to Internet [Resolved]

I work at home and have work equipment.

They are installed in the work LAN, on a switch, itself connected to a server with a DHCP server (on 10.7.37.0/24) and routing with the personal LAN.

The internet comes from a router which is a DHCP server (on 192.168.0.0/24). This LAN is for personal equipment.

Now the equipments on the work LAN can't reach the internet. I've run tcpdump at the equipment, at the work/personal LAN router, at the WAN/personal LAN router, and the remote server on the internet.

I can see the packets leaving the equipment, passing through the first router and through the second router. However I don't see them reaching the online server.

I also don't see the packets coming back from the internet.

Equipments in work LAN can ping the personal equipments just fine.

Where would be the routing issue?

Here's the network map:

   Device
eth0 10.7.37.2
  |
  |
eth1 10.7.37.1 (DHCP server)
   Router 1 - DHCP server for devices on 10.7.37.0/24
wls1 192.168.0.14 (DHCP client)
  |
  |
br0 192.168.0.1
   Router 2 - DHCP server for devices on 192.168.0.0/24
vlan2 xx.xx.xx.xx public internet IP
  |
  |
Internet

Routing table on router 1:

default via 192.168.0.1 dev wls1
default via 10.7.37.10 dev eth1 metric 1
10.7.37.0/24 dev eth1 proto kernel scope link src 10.7.37.10
192.168.0.0/24 dev wls1 proto kernel scope link src 192.168.0.14

On router 2:

default via xx.xx.xx.1 dev vlan2
10.7.37.0/24 via 192.168.0.14 dev br0
xx.xx.xx.0/24 dev vlan2  proto kernel  scope link  src 47.152.241.191
127.0.0.0/8 dev lo  scope link
169.254.0.0/16 dev br0  proto kernel  scope link  src 169.254.255.1 192.168.0.0/24 dev br0  proto kernel  scope link  src 192.168.0.1

On device:

default via 10.7.37.10 dev eth0 
9.9.9.9 via 10.7.37.10 dev eth0 
10.7.37.0/24 dev eth0  proto kernel  scope link  src 10.7.37.20 
10.7.37.10 dev eth0  scope link 
192.168.0.14 via 10.7.37.10 dev eth0 

Question Credit: Benoit Duffez
Question Reference
Asked September 14, 2019
Tags: routing
Posted Under: Network
31 views
1 Answers

Routing seems to be OK and you are saying that tcpdump shows packets passing trough the routers R1 and R2. Only issue i can see here is the NAT, you have to SNAT or MASQUERADE on R2. If its a linux box with something like:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

credit: vx3r
Answered September 14, 2019
Your Answer