Skip to main content

LAN behind a LAN access to Internet [Resolved]

I work at home and have work equipment.

They are installed in the work LAN, on a switch, itself connected to a server with a DHCP server (on and routing with the personal LAN.

The internet comes from a router which is a DHCP server (on This LAN is for personal equipment.

Now the equipments on the work LAN can't reach the internet. I've run tcpdump at the equipment, at the work/personal LAN router, at the WAN/personal LAN router, and the remote server on the internet.

I can see the packets leaving the equipment, passing through the first router and through the second router. However I don't see them reaching the online server.

I also don't see the packets coming back from the internet.

Equipments in work LAN can ping the personal equipments just fine.

Where would be the routing issue?

Here's the network map:

eth1 (DHCP server)
   Router 1 - DHCP server for devices on
wls1 (DHCP client)
   Router 2 - DHCP server for devices on
vlan2 xx.xx.xx.xx public internet IP

Routing table on router 1:

default via dev wls1
default via dev eth1 metric 1 dev eth1 proto kernel scope link src dev wls1 proto kernel scope link src

On router 2:

default via xx.xx.xx.1 dev vlan2 via dev br0
xx.xx.xx.0/24 dev vlan2  proto kernel  scope link  src dev lo  scope link dev br0  proto kernel  scope link  src dev br0  proto kernel  scope link  src

On device:

default via dev eth0 via dev eth0 dev eth0  proto kernel  scope link  src dev eth0  scope link via dev eth0 

Question Credit: Benoit Duffez
Question Reference
Asked September 14, 2019
Tags: routing
Posted Under: Network
1 Answers

Routing seems to be OK and you are saying that tcpdump shows packets passing trough the routers R1 and R2. Only issue i can see here is the NAT, you have to SNAT or MASQUERADE on R2. If its a linux box with something like:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

credit: vx3r
Answered September 14, 2019
Your Answer