Can't access NAS on different network

Sciamano · June 30, 2019, 12:22pm

Hello everybody.
I am not a network expert, therefore bear with me on this issue, because even if I have already searched a lot for the solution, I seem to be unable to solve the problem.

I have a GL-MT300N-V2 connected to another router "main router” (the GL-MT300N-V2 WAN port is connected to one of the the main router's LAN ports with a static IP address).

The GL-MT300N-V2 is configured as an openvpn client, connected to a VPN server.
The address of the GL-MT300N-V2 is 192.168.8.1

Attached to the LAN interface of the GL-MT300N-V2 is a computer that needs to be constantly connected to the VPN. It's address is 192.168.8. 242

The main network is 192.168.1.x, with the main router connected to the internet (the router is the gateway and it's address is 192.168.1.254)

Attached to the main router is a NAS, with static address 192.168.1.103

I need the "192.168.8.242" computer attached to the GL-MT300N-V2 to access the shares of the "192.168.1.103" NAS, but I am unable to achieve this.

I thought I had to create a static route for the WAN interface of the GL-MT300N-V2 to the 192.168.1.103 NAS, with the main router (192.168.1.254) as the gateway, but it didn't work.
Any help would be very much appreciated.
Thank you very much.

Luca

jeff · June 30, 2019, 2:27pm

Are you using Windows file sharing?

Sciamano · June 30, 2019, 3:50pm

I've tried both CIFS and NFS, but none works.
I can't even ping the NAS from the computer attached to the GL-MT300N-V2.

Hegabo · June 30, 2019, 3:54pm

Wouldn't he need to create a different zone and assign it to a separate VLAN?

Sciamano · July 2, 2019, 9:14am

Any insights? It has been working until I changed ISP. The new one gave me a new modem/router and now I can't even ping the NAS (which responds when pinged from the main network)!

lleachii · July 2, 2019, 2:59pm

You don't need a static route, you need port forwarding. If you're NATing, no need to static route anyways. Also confirm that your ISP issues a public IP to your modem port/WAN interface.

Also verify that your ISP allows that traffic inbound to customers.

Sciamano · July 2, 2019, 3:15pm

Hi. Thanks for your reply. I don't think it's a port forwarding problem, since all the involved devices are on the LAN.
All the traffic happens locally, although they are on two different networks (192.168.1.x and 192.168.8.X).
Or am I missing something?

lleachii · July 2, 2019, 3:22pm

You're missing something major...if they're local and on two different networks...what does that really mean???

And why do you think static routing will fix it?

You need to properly [physically] divide your networks.

jeff · July 2, 2019, 3:23pm

If it were me, I'd get out tcpdump and start looking for the packets.

As far as I know, Microsoft sharing is link-local only, but I don't know what your network topology is there. A picture would probably help.

Sciamano · July 2, 2019, 3:42pm

I have described the network layout in the first post:

Internet
|
ISP Router (192.168.1.254) --- NAS (192.168.1.103)
|
|
GL-MT300N-V2 (192.168.8.1) connected to PIA VPN
|
PC (192.168.8.242)

Does this help?

PC (192.168.8.242) can't see (nor ping) the NAS (192.168.1.103)

jeff · July 2, 2019, 3:44pm

What do your routing tables look like on the GL-MT300N-V2?

ip route

Sciamano · July 2, 2019, 4:03pm

root@GL-MT300N-V2:~# ip route
0.0.0.0/1 via 10.8.2.1 dev tun0
0.0.0.0/1 dev tun0 scope link
default via 192.168.1.254 dev eth0.2 proto static src 192.16
8.1.64 metric 10
10.8.2.0/24 dev tun0 proto kernel scope link src 10.8.2.4
82.102.21.227 via 192.168.1.254 dev eth0.2
128.0.0.0/1 via 10.8.2.1 dev tun0
128.0.0.0/1 dev tun0 scope link
192.168.1.0/24 dev eth0.2 proto static scope link metric 10
192.168.8.0/24 dev br-lan proto kernel scope link src 192.16
8.8.1

Sciamano · July 6, 2019, 10:08am

Please, please, please help me!

mbo2o · July 6, 2019, 10:23am

Add a static route on the ISP router to direct traffic for 192.168.8.0/24 via second routers wan IP

For reference only
https://openwrt.org/docs/guide-user/network/routes_configuration

Read your ISP router manual for setting up static routes

Sciamano · July 6, 2019, 11:05am

Add a static route on the ISP router to direct traffic for 192.168.8.0/24 via second routers wan IP

Thank you, I will try and see if it's possible, as the ISP Router has been limited in what the user can do.

It's funny how I was made fun of for thinking a possible solution would be setting up static routes, though

mbo2o · July 6, 2019, 11:45am

If you have a firewall on second router then yes you will need port forwarding

Sciamano · July 6, 2019, 12:09pm

No firewall on second router. Unfortunately static routes are disabled on the ISP router. I will have to find a way to "hack" it and get static routes available again.

mbo2o · July 6, 2019, 12:31pm

Is NAT/masquerading disabled on second router.

mbo2o · July 6, 2019, 1:03pm

Um, on second reading static route is not going to help you in this case.

But would be good to setup anyway.

I am curious what was the IP/subnet of your previous ISP router.

Sciamano · July 6, 2019, 1:20pm

I don't know how to check this.

I recreated the network as it was with the old ISP: same IPs for the networks and for every machine