Problem reaching a "sub lan" from my NethServer

Support
#1

Hi,

I am trying to create a isolated network from my main network using a spare router I have. The router is configured with a static IP from my Nethserver : 192.168.30.0/24 is the network and I have set it to use a WAN with 192.168.30.2. The router will handle DHCP and will internally use 192.168.50.0/24.

The problem I am having is, I cannot reach 196.168.50.1 because my Nethserver doesn’t know about network 192.168.50.0/24 (only 192.168.20.0/24 and 192.168.30.0/24).

I think I know the solution to this problem and it would be to create a Static Route in Nethserver to make it aware that it exists but I am unsure how to do that with Nethserver. Or maybe I’m totally wrong with my assumption and a Static Route is not the answer.

Anyone has a clue how to do that?

Thanks

#2

I did find the documentation for this but, somehow I don’t see any STATIC ROUTE page?? Was that functionality removed?

This is the old documentation so I guess this is no longer valid
https://docs.nethserver.org/en/v7/base_system.html#static-routes-section

Can’t find anything in the new yet.

#3

In Cockpit, System > Network >Interface > far right options button for the static route option. I don’t know about your networking issue above but that is how you access the static route via Cockpit.

image
image1916×460 36.2 KB

1 Like
#4

Thank you! Yeah apparently that doesn’t solve my issue, I still can’t see 192.168.50.0/24 from any of my GREEN lans.

#5

@tessierp

Hi Patrick

Static Route IS the right way to achieve what you want: connection to a device on the “other” network.

The problem is not with your NethServer settings, but the “spare” router you’re using.

The router you’re using for the 192.168.50.0/24 network is probably an old Internet Router, the Internal Firewall is blocking any connections from “the Internet”, as it sees it. However, what that router sees as Internet is your LAN, which get’s blocked off.

Depending on the type / make / modell of router, you might be able to open up ports or more, using the internal firewall configuration options.
But very often such “spare” internet routers are often only usable for an Internet connection, not for connecting two more or less “equal” networks. I’ve seen a lot of such devices, which will allow exactly 8 rules - which is not enough to connect two networks. Also, you’re using WAN, which often has more limits. Routing from WAN to LAN is often NOT possible with such devices, NAT can’t be switched off, etc.

My 2 cents
Andy

#6

Hey Andy,

That router is fairly recent. It is an ASUS RT-AC3100 using Merlin’s firmware. The problem I was having was actually because I forgot to set the router to be reachable from the WAN. By opening that up, I was able to reach the router itself. And you are right, to reach INSIDE the network I’ll have to do some customization.

In any case, this is not something permanent, it is temporary solution since I had to change the ISP Modem / Router in bridge mode.