Though it should work configured as you describe, you can (and should) also put a route to the other LAN in each of the sub routers as well. This will avoid those packets taking another hop through the main router.
2 Likes
I didn't think about this -- yes, a route in each of the sub routers will be good. I don't think it is strictly necessary -- the packets from one sub network should simply be routed via the main router to the other, but it does mean that the upstream router has to deal with that routing which is less efficient than going straight to the second sub router.
Each hop goes through the firewall/main router in any case, since both router wans are connected to the firewall (and only to the firewall). And there is really only one "hop".
It will switch through at layer 2 though which if there are hardware switches does not involve the firewall CPU.
1 Like
okay, okay, okay, okay...
Aside from feeling somewhat of a fool, I found the problem - or at least where the problem is. Somehow my firewall is blocking the "inter-subnet" traffic. Don't know why, yet.
Placed a simple switch between firewall and routers. That way, traffic between the two routers could bypass the firewall. Thanks @mk24 for reminding me to think about network layers, stacks, etc. Been a very long time for me, about the time tcp-ip and ethernet were the new kids on the block.
Now just need to figure out what this firewall is actually doing; makes me suspicious of some of its other functions.
Thanks again for all.
ken