two routers port forwarding, ftp

shmish · 05-08-2008, 04:15 PM

I have set up two routers in my home network, the reason being that i want a division between my network and the tenant's (we share the internet access). The set up is as follows:

external IP -> router 1 (192.168.0.1) -> DHCP and 192.168.0.254 DMZ -> router 2 (192.168.10.1) -> DHCP

router 1 is using DHCP, and I set 192.168.0.254 as a DMZ

router 2 is given static IP 192.168.0.254, LAN from router 1 is connected to WAN of router 2

router 2 has gateway of 192.168.10.1 and does DHCP for my network

For the most part I have this working. I'm able to RDP into my network by port forwarding 3389 on router 1 to 192.168.0.254, then on router 2 I port forward 3389 to 192.168.10.x

The problem is that I can't ftp into my network when I'm remote. I've tried forwarding port 21 the same as RDP, as well as forwarding extra ports for passive ftp. I also temporarily put my ftp server (actually it's a NAS) into a DMZ and that didn't help.

I believe that the handshaking is not working and is hitting a timeout. The ftp server tries to report its gateway and I don't know if the gateway is 192.168.10.1 or 192.168.0.1.

I have two questions. First, other than the problems with ftp is there anything fundamentaly wrong with how I setup up the network? Secondly, any suggestions on what I could do to fix the ftp?

Lastly, I've read where other people disable the dhcp on router 2 and go from the router 1 LAN to router 2 LAN. Would this also bypass the firewall in router 2 (NAT?) and therefore not prevent my tenants from accessing my network?

thanks

johnwill · 05-09-2008, 06:32 AM

You're doing this the hard way. Here's the "cookbook" to make router 2 into a switch/WAP and lose the NAT layer that is causing the issues.

Connecting two (or more) SOHO broadband routers together.

Note: The "primary" router can be an actual router, a software gateway like Microsoft Internet Connection Sharing, or a server connection that has the capability to supply more than one IP address using DHCP server capability. No changes are made to the primary "router" configuration.

Configure the IP address of the secondary router(s) to be in the same subnet as the primary router, but out of the range of the DHCP server in the primary router. For instance DHCP server addresses 192.168.0.2 through 192.168.0.100, I'd assign the secondary router 192.168.0.254 as it's IP address, 192.168.0.253 for another router, etc.

Note: Do this first, as you will have to reboot the computer to connect to the router again for the remaining changes.

Disable the DHCP server in the secondary router.

Setup the wireless section just the way you would if it was the primary router, channels, encryption, etc.

Connect from the primary router's LAN port to one of the LAN ports on the secondary router. If there is no uplink port and neither of the routers have auto-sensing ports, use a cross-over cable. Leave the WAN port unconnected!

This procedure bypasses the routing function (NAT layer) and configures the router as a switch (or wireless access point for wireless routers).

05-08-2008, 04:15 PM	#1 (permalink)
shmish Registered User Join Date: Apr 2008 Location: Canada Posts: 3 OS: WinXP SP2 / Vista Prem SP1	two routers port forwarding, ftp I have set up two routers in my home network, the reason being that i want a division between my network and the tenant's (we share the internet access). The set up is as follows: external IP -> router 1 (192.168.0.1) -> DHCP and 192.168.0.254 DMZ -> router 2 (192.168.10.1) -> DHCP router 1 is using DHCP, and I set 192.168.0.254 as a DMZ router 2 is given static IP 192.168.0.254, LAN from router 1 is connected to WAN of router 2 router 2 has gateway of 192.168.10.1 and does DHCP for my network For the most part I have this working. I'm able to RDP into my network by port forwarding 3389 on router 1 to 192.168.0.254, then on router 2 I port forward 3389 to 192.168.10.x The problem is that I can't ftp into my network when I'm remote. I've tried forwarding port 21 the same as RDP, as well as forwarding extra ports for passive ftp. I also temporarily put my ftp server (actually it's a NAS) into a DMZ and that didn't help. I believe that the handshaking is not working and is hitting a timeout. The ftp server tries to report its gateway and I don't know if the gateway is 192.168.10.1 or 192.168.0.1. I have two questions. First, other than the problems with ftp is there anything fundamentaly wrong with how I setup up the network? Secondly, any suggestions on what I could do to fix the ftp? Lastly, I've read where other people disable the dhcp on router 2 and go from the router 1 LAN to router 2 LAN. Would this also bypass the firewall in router 2 (NAT?) and therefore not prevent my tenants from accessing my network? thanks

05-09-2008, 06:32 AM	#2 (permalink)
johnwill Manager, Networking Forums Join Date: Sep 2002 Location: S.E. Pennsylvania, US Posts: 27,300 OS: XP-Pro, Vista, Linux Blog Entries: 1	Re: two routers port forwarding, ftp You're doing this the hard way. Here's the "cookbook" to make router 2 into a switch/WAP and lose the NAT layer that is causing the issues. Connecting two (or more) SOHO broadband routers together. Note: The "primary" router can be an actual router, a software gateway like Microsoft Internet Connection Sharing, or a server connection that has the capability to supply more than one IP address using DHCP server capability. No changes are made to the primary "router" configuration. Configure the IP address of the secondary router(s) to be in the same subnet as the primary router, but out of the range of the DHCP server in the primary router. For instance DHCP server addresses 192.168.0.2 through 192.168.0.100, I'd assign the secondary router 192.168.0.254 as it's IP address, 192.168.0.253 for another router, etc. Note: Do this first, as you will have to reboot the computer to connect to the router again for the remaining changes. Disable the DHCP server in the secondary router. Setup the wireless section just the way you would if it was the primary router, channels, encryption, etc. Connect from the primary router's LAN port to one of the LAN ports on the secondary router. If there is no uplink port and neither of the routers have auto-sensing ports, use a cross-over cable. Leave the WAN port unconnected! This procedure bypasses the routing function (NAT layer) and configures the router as a switch (or wireless access point for wireless routers). __________________ If TSF has helped you, Tell us about it! or Donate to help keep the site up! Microsoft MVP - Windows Desktop Experience