Question Remote Access second router behind Xfinity Xfi Gateway ?

[JSmith5150]

So I have been trying to find a solution for this situation and have come across none. Here I go:

I would like to access my second routers USB port, that has a USB HDD attached to it, from outside the home network (example: from the library or a friends house). My setup is the following:

Primary Router:

• Xfinity Xfi Modem/Router: TG4482A
• WAN IP: xx.xx.xx.250
• LAN IP: xx.xx.xx.1
• DHCP: ON - Starts at xx.xx.xx.5 to 150

Second Router: Access Point setup / Connected LAN port to LAN port / DHCP disabled

• Router Model: TP-Link AC1750 A7
• WAN IP: N/A
• LAN IP: xx.xx.xx.2 (this follows one number higher than the Xfi Routers LAN IP)
• DHCP: OFF
• USB Settings - With connected USB HDD
  • UserName: <name provided in settings>
  • UserPassword: <set to something different than router password>
  • Network/Media Server Name: TP-Share
  • Access Method:
    • Network Neighborhood: ACTIVE
      • Link: \\TP-Share
    • FTP: ACTIVE
      • Link: FTP://xx.xx.xx.2:21
    • FTP (via Internet): NOT ACTIVE (no WAN port setup)
      • Link: FTP://0.0.0.0:21

As we move forward, we will refer to
Xfinity Gateway Router = R1
TP-Link Router = R2/AP

I can access both routers from within the home network by entering each of their LAN IP addresses. I can also access the USB HDD also from within the network using the FTP Link address or the Network Neighborhood Link address. But I cannot seem to figure out the configuration between R1 and R2/AP to allow me to access R2/AP Admin GUI or R2/AP USB HDD from outside the Home Network.

R1 will not let me set Port Forwarding to the R2/AP unless the R2/AP is connected via LAN to WAN setup. But R1 does give me access to Port Triggering and DMZ manual configurations, just unsure if that is what I need or how to setup.

The reason I am trying to do this setup is because R1 does not have any USB slots and I want to be able to upload photos or files from my phone or other portable device while on the go.

I also signed up with NO-IP service, but again, not clear on how to use it properly to solve for my situation.

Any help in breaking down the setup would be greatly appreciated and I would say I am rather still novice about networking and I am not looking to place big expense into purchase of a NAS setup either.

 

[bill001g]

Not sure if it is going to be possible.

I don't understand why you can't put portforward rules into R1. How can it possibly know that x.x.x.2 is another router rather than just some random pc on your network. But lets say you just use DMZ if that will work.

The actual problem I suspect is a routing issue. This is almost kinda funny when you consider they call the tplink box a "router". Unfortunately all these devices are not actual routers they are best called a gateway because they provide a connection to the internet for a home user.

Almost all home "routers" have a LAN interface with a single subnet on it. They do not support anything other than single subnet. They assume any other IP address will go out the wan port. Unlike a PC that has a default route/gateway the LAN interface on the device always assumes the gateway is the wan even when it is not active.

The problem is the traffic from some random IP x.y.z.xx can get to the device but the device can not return the traffic because it does not have a route.

I have not checked but does that device support third party firmware like dd-wrt. DD-WRT has many actual router feature and it should still support the NAS functions.

Only other solution I can think of is to use the WAN port of linksys. That maybe messy depending on what restrictions the linksys has for accessing stuff like NAS via the WAN. It also pretty much makes it useless as a AP.

 

[JSmith5150]

Not sure if it is going to be possible.

I don't understand why you can't put portforward rules into R1. How can it possibly know that x.x.x.2 is another router rather than just some random pc on your network. But lets say you just use DMZ if that will work.

The actual problem I suspect is a routing issue. This is almost kinda funny when you consider they call the tplink box a "router". Unfortunately all these devices are not actual routers they are best called a gateway because they provide a connection to the internet for a home user.

Almost all home "routers" have a LAN interface with a single subnet on it. They do not support anything other than single subnet. They assume any other IP address will go out the wan port. Unlike a PC that has a default route/gateway the LAN interface on the device always assumes the gateway is the wan even when it is not active.

The problem is the traffic from some random IP x.y.z.xx can get to the device but the device can not return the traffic because it does not have a route.

I have not checked but does that device support third party firmware like dd-wrt. DD-WRT has many actual router feature and it should still support the NAS functions.

Only other solution I can think of is to use the WAN port of linksys. That maybe messy depending on what restrictions the linksys has for accessing stuff like NAS via the WAN. It also pretty much makes it useless as a AP.

Thank you for responding bill001g

When you say
[QOUTE] I don't understand why you can't put port forward rules into R1. [/QOUTE]

Are you saying to setup port forward rules from R2/AP admin settings?


Also, you say linksys, but I think you mean TP-Link in this case:
[QOUTE] Only other solution I can think of is to use the WAN port of linksys. That maybe messy depending on what restrictions the linksys has for accessing stuff like NAS via the WAN. It also pretty much makes it useless as a AP. [/QOUTE]

R2/AP (TP-Link) has access to NAS like features and many other features, but I am so new to networking setup I am not sure what options I would use

 

[bill001g]

No port forwarding rules only go in the main router. DMZ is a port forwarding rules that forwards all ports. It is strange that you can do DMZ but not port forward.

So what is the main use of the tplink router. If you only want to use it as a NAS maybe that will work. If you want to use it both as a AP and a NAS then you can't use the WAN port.

The first thing you must do is read the manual and see if there is a way to access the NAS from the internet. You need to pretend the router has a direct connection to the internet on its wan port. You need to find example of how they setup the router to use the NAS from the internet. This is a huge security exposure so they may not support it. This would be the first step. You would then worry about the portforwarding/dmz stuff.

 

[SamirD]

Not sure if you found a solution to this, but I would simply put the tplink lan address in the dmz of R1--this technically should do it. It's no the safest thing, but if there is no port forwarding, it should work.