Access a device in a different subnet

Question

I have router A connected to router B on a LAN to WAN setup.
Router A is 192.168.0.1 (subnet mask 255.255.255.0) Router B is 192.168.1.1 (subnet mask 255.255.255.255)

I have a NAS device connected to router A with IP 192.168.0.108. How can I access this NAS device from a device connect to router B? (say from a device with IP 192.168.1.50)

Can I create a static route on router B to access the NAS? If so what will be the Destination IP, Netmask and Gateway?

Answer 1

First you'll need the external IP of router A (as reachable by router B), let's say it is 10.0.0.2/24, and router B (as reachable by router A) let's say it's 10.0.0.3/24. Router A or B could also be on one of each-others subnet (as I perhaps incorrectly assumed previously before my edit). Here the destination IP would be 192.168.0.0, the netmask would be 255.255.255.0, and the gateway would be 10.0.0.2.

Now, assuming:

• Router B is running Linux.
• You have root access (or CAP_NET_ADMIN) on Router B.
• Router A allows forwarding to 192.168.0.0/24 from 10.0.0.0/24 (which can be used with or without NAT/IP-masquerading) or can be configured to do so.
• Devices on router B are using 192.168.1.1 as their default gateway.

You can allow devices to access the entire 192.168.0.0/24 subnet through router B. On router B execute one of the two depending on what tools you have available ...

Using iproute2: ip route add 192.168.0.0/24 via 10.0.0.2

Using route: route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.0.0.2

On a Cisco router you can also use equivalently:

Router> enable
Router# configure terminal
Router(config)# ip route 192.168.0.0 255.255.255.0 10.0.0.2

If router B is not using NAT, you will also have to add a route on router A in order for packets to be able to be routed back to the 192.168.1.0/24 subnet. In order to make this work, we will have to add a few new assumptions:

• Router A is running Linux.
• You have root access (or CAP_NET_ADMIN) on Router A.
• Router B allows forwarding to 192.168.1.0/24 from 10.0.0.0/24 (which can be used with or without NAT/IP-masquerading) or can be configured to do so.
• Devices on router A are using 192.168.0.1 as their default gateway.

I'm also going to guess that your /32 netmask on router B is a typo, if this is not the case you will have to replace routes to to 192.168.1.0/24 with multiple routes to each device reachable through 192.168.1.1 which need to be able to access your NAS.

On router A execute one of the two depending on what tools you have available ...

Using iproute2: ip route add 192.168.1.0/24 via 10.0.0.3

Using route: route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.0.0.3

On a Cisco router you can also use equivalently:

Router> enable
Router# configure terminal
Router(config)# ip route 192.168.1.0 255.255.255.0 10.0.0.3

Now, when a device on 192.168.1.0/24 attempts to send packets to 192.168.0.180, it will know it cannot be reached on their configured 192.168.1.0/24 subnet, so it will route it to the configured default gateway (router B at 192.168.1.1). Router B does know how to reach the 192.168.0.0/24 subnet, through router A at 10.0.0.2 and will route the packets there. Router A can reach your NAS at 192.168.0.108, and will forward the packets there, and back again.

Of course, these routes will disappear when router A (or B) reboots. How to add this route every boot will depend greatly on what distro, init system, or job schedulers are available. There is no doubt also a way to do exactly this on BSD and other systems, I'm just not sure what they are.

If you are using DHCP for router A and B you can configure it to hand out the appropriate routes to the routers. If devices on router A and B are not using those routers as their default gateway, then they will need to be configured to reach 192.168.1.0/24 through 192.168.0.1 and 192.168.0.1/24 through 192.168.1.1 respectively. You can use DHCP to do this as well.

It would be good for you to clarify your network topology a little bit. I would have commented, but didn't have that privilege.

Answer 2

What is probably missing from your configuration is answers to these two questions:

• How an information packet from a device connected to router B can be routed to your NAS?
• How an information packet from your NAS can be routed to a device connected to router B?

To answer specifically to your situation you would have to:

• Setup a rule in the routing table of router B telling it that all packets to 192.168.0.108 has to be sent to router A since it knows how to reach it directly.
• Setup a rule in the routing table of router A telling it that all packets to the subnet 192.168.1.0/24 has to be sent to router B since it know how to reach that subnet.

You shouldn't have to modify to modify the following information on your routers though:

• Netmask: All it does is inform this device what IP addresses it can reach directly and which ones it has to refer to its routing table to know where to send it.
• Gateway: The is the default IP address the device will send a packet if this device can't reach the destination directly or through its routing table.

Now since I don't know the specifics of your devices, your will have to to figure out how to configure the relevant routing tables. If your two routers were linux devices, it could look somewhat like this:

On router B:

# ip route add to 192.168.0.108 via 192.168.0.1 dev XXX

On router A:

# ip route add to 192.168.1.0/24 via 192.168.1.1 dev XXX

(You would need superuser access to perform these command)

But you will have to look into, understand and ajust this configuration to your situation. For example, the configuration is going to be a little different if it's not just the NAS that has to be accessed but the whole subnet.