1

I'm connecting an embedded device to a remote server via TCP/IP using HTTP. I have two layers of routers, and am having issues connecting to the remote server if both layers are in place. My upper most router is 10.0.0.X, and my lower (local) router is 192.168.1.X.

If I bypass the 192.168.1.X router, and put my device and laptop on a hub connected to the 10.0.0.X router, my device completes the handshaking sequence to the server correctly. I see my SYN go out, the server responds with a SYN/ACK, to which I respond with an ACK. HTTP takes over from there.

If I plug my device and laptop into the 192.168.1.X router, and plug this router into the 10.0.0.X router, then I still see my SYN request go out, but I get no response from the server.

It seems to me that my 192.168.1.X router is blocking either my request from leaving, or the response from getting back in. I checked the (192) router settings, and the firewall is off (wide open).

I have Wireshark available on my laptop, and have considered sniffing the other side of the 192 router, but I don't know if I can the traffic, since I would expect the 10.0.0.X router won't pass them back down to other ports, even if they're there.

My questions:

  • Any ideas how I can debug this to see where the breakdown is occurring? Will Wireshark pick up those packets if the laptop is connected to another port on the router?

  • Why would one router pass the packets in both directions, while the other is blocking them one way or the other? It seems if I can answer this philosophical question, I might be able to deduce the real problem.

Thanks,

Chris

gregory
  • 10,969
  • 2
  • 30
  • 42
Christopher Garman
  • 71
  • 1
  • 1
  • 5
  • Can you connect from your laptop to the server with both routers in the way? – pmoleri Oct 04 '12 at 16:35
  • Yes. I also can connect from the LT to any other Internet site. – Christopher Garman Oct 04 '12 at 17:29
  • I thought so, but now I'm not certain. PING to the server times out. However, since it's on a different network, I'm not sure that this is conclusive. – Christopher Garman Oct 04 '12 at 17:39
  • Where exactly are you tracing that you say you see the SYN go out but not response? A dump between your device and Router1, between Router1 and Router2, and between Router2 and Internet would probably tell you everything you need to know. Also, what is this embedded device? (Rough guess... Router2 isn't doing NAT.) – Brian White Oct 04 '12 at 17:51
  • It's times like this when an old, cheap, 10-baseT *hub* (not _router_) is handy to have around -- all traffic gets replicated to all ports. – Brian White Oct 04 '12 at 17:52
  • If my laptop is on the 'lower' router (192.168.1.X), with the device, then I can see the SYN go out via Wireshark. I tried moving my laptop up a layer - to be under the 10.0.0.X router (essentially parallel with the lower router) but I see no traffic pass from the 'bottom' (192) network to the 'upper' (10.0) network. It looks like the 192 router isn't letting the traffic out. Any idea how I can prove this theory? – Christopher Garman Oct 04 '12 at 17:54
  • Yup - I have one of those in the works already. I have a single feed from the 'upper' 10.0 router, which goes to the uplink of the 10Base-T hub. The hub feeds my laptop, and the WAN port of the 'lower' 192.168 router. My device sending the SYN request is under the 'lower' router. – Christopher Garman Oct 04 '12 at 18:04
  • Is your local router in NAT mode? WAN port of local router connected to the global router? If so, you are in a double nat situation that 'should' work ok. – pmoleri Oct 04 '12 at 18:15
  • The WAN port of my local router is connected to a LAN port of the remote router. I'm not sure how this applies to NAT mode... – Christopher Garman Oct 04 '12 at 18:28
  • The connections seem right. Your local router should be doing NAT to translate addresses between networks, unless NAT is disabled or configured on some kind of switch mode. – pmoleri Oct 04 '12 at 18:45
  • I just went back to factory defaults, in the hopes that it was a weird setting (port forwarding, etc.) But alas, I am still hosed. – Christopher Garman Oct 04 '12 at 18:48
  • Do you need different subnetworks? You could just use the router as a swith (or hub), disabling NAT and DHCP and using only the lan ports of your local router. – pmoleri Oct 04 '12 at 19:13
  • I suppose I could work around, but since I'm writing the code on the device, I'll need to be generic enough to handle these types of situations. Having a router under a router isn't rare, so I want to be sure users can drop my device on their network without compatibility issues. You know, like this one. :) – Christopher Garman Oct 04 '12 at 19:51
  • Does your local router have an IP address in the 10.0.0.X range?(check status page). It should have one via dhcp or static assignment. – pmoleri Oct 04 '12 at 21:19
  • Yes - via DHCP, it is being set to 10.0.0.39. The real issue is that the packets never get to the WAN side of the router. I use Wireshark to sniff there, and they're just not present. I just repeated the test with a different (US Robotics) router, and I get the same result. So, I'm pretty sure it's not a *broken* router, but some semi-intelligent blocking that's going on. Argh. – Christopher Garman Oct 05 '12 at 15:07
  • @ChristopherGarman, are you trying to use FTP through to this device? – Mike Pennington Oct 07 '12 at 10:25
  • Eventually, yes, but I haven't gotten that far yet. I'm trying to get basic HTTP handshaking to work. – Christopher Garman Oct 09 '12 at 14:59

0 Answers0