FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

12691 questions

15070 answers

24150 comments

47148 members

0 votes
356 views 6 comments
by

Greetings,

I have two RUT955 devices (FW: RUT9_R_00.07.02.4) in my office, and I'm testing an simple static route between them.
My topology is:

RUT955_A
wan: 192.168.99.27 (wired)
lan: 192.168.1.X

RUT955_B
wan: 192.168.99.28 (wired)
lan: 192.168.164.X

I can't ping, or otherwise connect devices from one LAN to other LAN.

There was a almost identical question in topic How To configure static routing without IP, and I tried to follow those instructions.
I added static rules on both routers:
RU955_A

RUT955_B

I also tried to allow everything in Firewall (on both routers).


And I even have two trafic forward rules (maybe redundant?) on both routers.



But, I still can't ping or connect "between" devices on two different LANs.

Besides this (attempt at) static route, RUT955 devices are working perfectly (internet, WAN connections, LAN connection, etc).
I even tested (added) port forwarding rules, and that also works.

Can someone tell me if I forgot, or missconfigured some settings (regarding static routes)?

Thank you,

2 Answers

0 votes
by
Hello,

You don't need static routes on RUT955 A and B if the default one is on the wan interface. What you need is routes at the 192.168.99.x device telling it how to reach your two LANs, ie something like:

ip -4 route add 192.168.1.0/24 via 192.168.99.27

ip -4 route add 192.168.164.0/24 via 192.168.99.28

Regards,
by
I don't have a control over WAN router (192.168.99.1).
But I do have control over RUT955 A and RUT955 B on that network.

I believe I already added static routes on those devices.

Device 192.168.99.28 (RUT955 A, LAN 192.168.164.X) has static route:
target network 192.168.1.0 (netmask 255.255.255.0), via gateway 192.168.99.27

Device 192.168.99.27 (RUT955 B, LAN 192.168.1.X) has static route:
target network 192.168.164.0 (netmask 255.255.255.0), via gateway 192.168.99.28

edit: switched IP in original response
by

I don't have a control over WAN router (192.168.99.1).

That's annoying ...

via gateway 192.168.99.27 idem .28

Unfortunately your 192.168.99.1 gateway has no way to know which networks are behind 192.168.99.27 and .28 so it won't route anything between the two if you don't teach it.

Masquerading won't help you much either, only port forwarding can do some but that's cumbersome.

One workaround would be to establish a wireguard (or IPSEC openvpn ...) tunnel between the two RUT955 and add the LAN networks to the Allowed IPs / rightsubnet / ... lists.

No, this isn't a "simple static route configuration" issue ...

by
Thank you for clarification.
I guess I haven't considered that I would need control over WAN router for this type of routing.
I did indeed think I could use a "simple solution".

At the moment, I can use port forwarding, but I will cosider vpn tunnel in future applications.
by
Hi Marko,

The main issue with your routing is that you've specified "LAN" interface in your route which is incorrect and it causes your route to not being added to routing table.

Change interface to WAN if network 192.168.99.x is connected via Wired WAN and your issue should be resolved.

Best regards,

Martynas
0 votes
by

HI, looking at your topology, the best way to approach it would think of it as your Router A, and Router B know their own routes.  They are trying to discover a path between them.  So, what is needed is a WAN to WAN connection between the 2 routers.

First make sure that you have a static IP address on you WAN interfaces of router A and B.

Next configure your Static routes between the Wan interfaces of the 2 devices.

Router A

<!--[endif]-->

Router B

<!--[endif]-->

I used your topology in this example.  You then can try to ping the other routers Lan interface.

<!--[endif]-->

 

Regards,

Jeremy

by
I changed interface from lan to wan, and it works as expected.

As long as main WAN router doesn't change IP adresses od RUT955 A and RUT955 B, I can use these static routes.
(I can make sure IPs remain static for this application.)

Thank you all for quick help and instructions, it is appriciated.
Best regards,
by
Unless I missed something, this isn't enough for a device behind RUT955_A to reach another one behind RUT955_B.