How to route (connect) 2 different IP networks on 1 router?

[dss311]

I need to link two separate networks with a DD-WRT router but I am unfamiliar with how to accomplish. Basically, need to route packets from 10.5.60.1 over to 10.1.10.250. Both networks are connected to the dd-wrt router 10.1.10.237. (See diagram)

How would I set up the router to accomplish this? I would assume I can just set up in the static routing table but I am new to this advanced routing and would appreciate any help.


Full Description
Needing to forward cash register receipts from 10.5.60.1 to recording NVR located at 10.1.10.250

 

[camieabz]

Well assuming you have everything set up on the same subnet (they ought to be, judging by their IPs), then it should be a case of configuring:

The 10.5.60.1 router to forward packets from the registers to the 10.1.10.237 router (on interface 'x' via port 'y'...interface is the physical port, while 'port' is the logical network port, such as port 80, or HTTP). See static route setup for that router.

Then setup firewall to allow outgoing packets from 10.5.60.1 on whatever port(s) are required for this function.

Then configure 10.1.10.237 to accept and forward packets from 10.5.60.1 over said port(s) to 10.1.10.250, and again see static route manual for the DD-WRT router.

Perhaps configure DVR to listen / accept packets over said port(s) from 10.1.10.237, if applicable.

I'm assuming that all kit has some form of explicit deny in place, so requires opening up, whether it's routing, firewalls, ACLs and so on. That's the basic level of what's needed. For all I know, there's a really easy way to do it though.

 

[dss311]

Well assuming you have everything set up on the same subnet (they ought to be, judging by their IPs), then it should be a case of configuring:

The 10.5.60.1 router to forward packets from the registers to the 10.1.10.237 router (on interface 'x' via port 'y'...interface is the physical port, while 'port' is the logical network port, such as port 80, or HTTP). See static route setup for that router.

Then setup firewall to allow outgoing packets from 10.5.60.1 on whatever port(s) are required for this function.

Then configure 10.1.10.237 to accept and forward packets from 10.5.60.1 over said port(s) to 10.1.10.250, and again see static route manual for the DD-WRT router.

Perhaps configure DVR to listen / accept packets over said port(s) from 10.1.10.237, if applicable.

I'm assuming that all kit has some form of explicit deny in place, so requires opening up, whether it's routing, firewalls, ACLs and so on. That's the basic level of what's needed. For all I know, there's a really easy way to do it though.

Yes, We have cash register server pointing transactions to 10.1.10.250 on port 10101. And the DVR is set to receive packets from 10.5.60.1 on port 10101. The firewall at 10.5.60.1 is also open to allow cash register server to send out packets.

We know this part works because we can put the DVR address (we temporarily set DVR 10.5.60.15 & Cash Register Server to send to this IP) to inside the cash register network (10.5.60.x) and everything is working fine. When we put it back to the address we want (10.1.10.250) we cannot get packets to pass properly through router 10.1.10.237.

So it does look like we need to configure static routes on DD-WRT router. But the setting I have tried are not working. (likely I am doing something wrong)

 

[failboat]

The static route needs to have destination and interface. destination would be the 10.1.10.250. interface would be the ip address of the interface on the ddwrt router. Then it will send packets for that destination over that interface.

Having the right equipment for router and layer2+ is nice. Then you can configure everything on the router and the switches/APs only need vlan/trunking configuration.

 

[dss311]

The static route needs to have destination and interface. destination would be the 10.1.10.250. interface would be the ip address of the interface on the ddwrt router. Then it will send packets for that destination over that interface.

Having the right equipment for router and layer2+ is nice. Then you can configure everything on the router and the switches/APs only need vlan/trunking configuration.

I think that may have been my problem. (Interface IP). I will try the suggestion on Monday and report back.

 

[failboat]

The static route needs to have destination and interface. destination would be the 10.1.10.250. interface would be the ip address of the interface on the ddwrt router. Then it will send packets for that destination over that interface.

Having the right equipment for router and layer2+ is nice. Then you can configure everything on the router and the switches/APs only need vlan/trunking configuration.

I think that may have been my problem. (Interface IP). I will try the suggestion on Monday and report back.

10.1.10.250 should be a known client on the dd-wrt router. I'm not sure how the ddwrt vlan implementation works. I feel like it should work without manually making a static route. I would look at the firewalls to make sure the packet is moving. 10.5.60.1 firewall should allow outbound -> the 10.1.10.250. The ddwrt firewall needs to allow that vlan to make an inbound to the 10.1.10.250 vlan. The DVR itself needs to allow the inbound as well.

 

[dss311]

The static route needs to have destination and interface. destination would be the 10.1.10.250. interface would be the ip address of the interface on the ddwrt router. Then it will send packets for that destination over that interface.

Having the right equipment for router and layer2+ is nice. Then you can configure everything on the router and the switches/APs only need vlan/trunking configuration.

I think that may have been my problem. (Interface IP). I will try the suggestion on Monday and report back.

10.1.10.250 should be a known client on the dd-wrt router. I'm not sure how the ddwrt vlan implementation works. I feel like it should work without manually making a static route. I would look at the firewalls to make sure the packet is moving. 10.5.60.1 firewall should allow outbound -> the 10.1.10.250. The ddwrt firewall needs to allow that vlan to make an inbound to the 10.1.10.250 vlan. The DVR itself needs to allow the inbound as well.

"I feel like it should work without manually making a static route"
This was my thoughts as well, But I do have the registers sending out to the correct DVR IP and their firewalls are allowing packets out because I can set the DVR to 10.5.60.16 and recieve them just fine.

"The ddwrt firewall needs to allow that vlan to make an inbound to the 10.1.10.250 vlan"
This is probably something I need to research as well on how to accomplish.

 

[failboat]

The static route needs to have destination and interface. destination would be the 10.1.10.250. interface would be the ip address of the interface on the ddwrt router. Then it will send packets for that destination over that interface.

Having the right equipment for router and layer2+ is nice. Then you can configure everything on the router and the switches/APs only need vlan/trunking configuration.

I think that may have been my problem. (Interface IP). I will try the suggestion on Monday and report back.

10.1.10.250 should be a known client on the dd-wrt router. I'm not sure how the ddwrt vlan implementation works. I feel like it should work without manually making a static route. I would look at the firewalls to make sure the packet is moving. 10.5.60.1 firewall should allow outbound -> the 10.1.10.250. The ddwrt firewall needs to allow that vlan to make an inbound to the 10.1.10.250 vlan. The DVR itself needs to allow the inbound as well.

"I feel like it should work without manually making a static route"
This was my thoughts as well, But I do have the registers sending out to the correct DVR IP and their firewalls are allowing packets out because I can set the DVR to 10.5.60.16 and recieve them just fine.

"The ddwrt firewall needs to allow that vlan to make an inbound to the 10.1.10.250 vlan"
This is probably something I need to research as well on how to accomplish.

It's very odd that would work by changing the ip. See if the ddwrt has iftop. you can monitor the connections on the interface going to the cash register server. you should see the connection when it's 10.5.60.15. then change the ip back to it's original and see if you can see the connection. if the 10.5.60.1 fw is dropping it; you won't see anything.

 

[dss311]

The static route needs to have destination and interface. destination would be the 10.1.10.250. interface would be the ip address of the interface on the ddwrt router. Then it will send packets for that destination over that interface.

Having the right equipment for router and layer2+ is nice. Then you can configure everything on the router and the switches/APs only need vlan/trunking configuration.

I think that may have been my problem. (Interface IP). I will try the suggestion on Monday and report back.

10.1.10.250 should be a known client on the dd-wrt router. I'm not sure how the ddwrt vlan implementation works. I feel like it should work without manually making a static route. I would look at the firewalls to make sure the packet is moving. 10.5.60.1 firewall should allow outbound -> the 10.1.10.250. The ddwrt firewall needs to allow that vlan to make an inbound to the 10.1.10.250 vlan. The DVR itself needs to allow the inbound as well.

"I feel like it should work without manually making a static route"
This was my thoughts as well, But I do have the registers sending out to the correct DVR IP and their firewalls are allowing packets out because I can set the DVR to 10.5.60.16 and recieve them just fine.

"The ddwrt firewall needs to allow that vlan to make an inbound to the 10.1.10.250 vlan"
This is probably something I need to research as well on how to accomplish.

It's very odd that would work by changing the ip. See if the ddwrt has iftop. you can monitor the connections on the interface going to the cash register server. you should see the connection when it's 10.5.60.15. then change the ip back to it's original and see if you can see the connection. if the 10.5.60.1 fw is dropping it; you won't see anything.

Nice suggestion. (Good call!) I will check on it Monday.

 

[dss311]

Just reporting back to the community:

Seems like I found the answer. A bug in TP-link wr841n Router/DD-WRT Software was preventing me from passing packets. Thank you to everyone who helped contribute to this thread! Much appreciated.

https://willhaley.com/blog/cannot-ping-dd-wrt/

https://www.reddit.com/r/DDWRT/comments/2u16tu/unable_to_pingconnect_to_other_clients_on_network/