Question want to connect on router on subnet2 from pc on subnet1

[pbrainii]

Hi all,

I have 2 subnets at home.
My cable modem/router is on network 192.168.0.1
To this I have connected with a cable a 2nd router, let's call it routerb (ip of routerb on subnet1 is192.168.0.10 and on subnet2 is 192.168.11.1

Both routers have dhcp enabled, and a different wifi and it all works fine and my basic understanding is that devices on subnet2 are even more protected from online threats (got an ip camera there and a solar inverter too) and that subnet1 and subnet2 are isolated.

But, it would be desirable to be able to connect to routerb from a PC on subnet1.

Is this thing possible using any way?

thanks

 

[bill001g]

As you say the devices are "more" protected.....but not really. The only protection assumes the main router was somehow compromised.

For the same reason you can not get access to the devices behind router2 bad people on the internet can not get to devices behind router 1.

The NAT is a really stupid but effective firewall. It keeps track of traffic going out and allows it to return from the sites you contact. If some location attempt to send traffic to your router from the internet the NAT does not know which of your internal machines to send it to so it just discards it.

You can use things like port forwarding and DMZ in router2 but then you lose the so called protection.

I would run everything on a single subnet. If you have devices that never have a need to talk to things outside your network just leave the gateway field blank or put in a IP other than your router. This prevents any communication outside your lan.

 

[pbrainii]

I have tried to port forward the ip of router2 itself but it doesn't allow this, it only allows port fwding of other devices connected to the router.

Also, when run on a single subnet, for some unknown reason, the ip camera refuses to work at all.

I'm happy to keep things as they are.
I would be happier if I could access router2 from subnet1.

 

[BFG-9000]

With double-NAT, you have protected yourself from connecting to VPN, torrenting, or IPv6 on subnet2.

Both the WAN and LAN sides of your 2nd router are private networks, so any UPnP or port forwarding you set on that router won't work, because any incoming remote access requests never make it that far -- they arrive at the public IP address on the other router, where they're promptly discarded. You'd need to shepherd them through both layers of NAT. So on the gateway, forward the port you need to the IP address of routerb's WAN port. Then on routerb, forward the same port to the address of the device you need to reach. That's less secure than single-NAT.

You could install a 2nd NIC on the PC and plug that one into routerb. That would work even if you removed the connection between the two routers--do things on subnet2 even need internet access at all? Can't get more secure than not connected.

 

[pbrainii]

Well, I'm sort of doing sthng similar as I can access the IP camera externally. I'm port fwding the ip cam from routerb and also port forwarding to routerb from routera. So all that remains is to port forward from routerb to my PC on routera? I don't quite get that, my PC is on the other subnet.

The 2nd NIC idea cannot happen as routerb is on a different floor. I think I'll just connect a wifi dongle on my PC, connect to the wifi of routerb and be done with it.