How to access 192.x address space from 10.x address space?
Solution 1
It sounds like you have more than one NAT gateway on a small network. Doing “Double NAT” — as this is called — usually causes several hassles, just one of which is the one you’re experiencing: part of your network is on the public/WAN/untrusted side of one of your NATs, and can’t reach the machines on the other side.
The best solution to avoid this and other hassles of Double NAT is to reconfigure the downstream router so it’s not doing NAT. Some routers let you disable NAT and make the WAN port become bridged in with the LAN ports. Others don’t have a way to do that, so you have to just disable the DHCP Server on them, and plug one of their LAN ports into a LAN port on the upstream router.
Solution 2
You will need to make changes on both your routers -
On the child router - Assign the WAN interface a static IP address (you can either assign it on the child router by having it in the 10.x.x.x range but outside the DHCP range, or can use the parent router to do DHCP Reservation to assign an address from the parent router). Disable NAT on the child router.
On the parent router you need to set a static route for 192.168.x.x with a gateway of the child routers WAN IP address.
Related videos on Youtube
03 : 47
11 : 12
09 : 38
03 : 46
01 : 40
Walrus the Cat
Updated on September 18, 2022Comments
-
Walrus the Cat over 1 year
I have a child router with 192.x.x.x address space. On any machine here I can access the 10.x.x.x address space. The reverse is not true. A machine on 10.0.x.x cannot ping 192.168.x.x. How do I configure my router to make this possible?
-
davidgo over 6 yearsWhile this answer is factually correct, there is additional work which needs to be done (ie setting a route from the parent to child router)
-
Walrus the Cat over 6 years@davidgo can you elaborate on the last part of your answer? i.e. assigning a static route for that subspace of addresses.
-
davidgo over 6 yearsI cant give specifics without knowing the router, but the logic is thus: The router needs to know where to send any packet it receives. It does this by looking for the most specific route in the routing table it knows - and it knows about itself, the LAN its connected to, the WAN its connected to and its default route. It DOES NOT know (in this case) that 192.168.x.x devices should be reached through a router on its LAN, so you need to tell it, otherwise it will send the packets for 192.168.x.x out the WAN interface.
-
davidgo over 6 yearsdd-wrt.com/wiki/index.php/Linking_Subnets_with_Static_Routes explains how this works and how to do it on dd-wrt (but breaks down 192.168 into smaller blocks, rather then using 2 networks - but the logic is the same)
-
psusi over 6 years@davidgo, not really since doing this will eliminate the whole 192.168.x.x network and everything will be 10.x.x.x.
-
davidgo over 6 years@psusi Fair enough. I misread that Spiff was suggesting flattening the network.
-
kasperd over 6 years@davidgo I misunderstood the suggestion the first time around as well. I think it is because it first suggests disabling NAT, which I took to imply that it would still be routing and addresses assigned to network interfaces would remain the same. When this answer says disable NAT it really means to disable routing altogether. -
Mathew Lionnet over 6 yearsSince the ping works in one direction (which means reply packets arrive too) it is not a routing problem. -
davidgo over 6 years@eckes Not true. The child router is, among other things, acting as a one way valve which lets ONLY packets incoming packets associated with outbound packets through - and it does this by fiddling with the source address if outgoing packets and reversing the fiddling for associated incoming ones.
-
Mathew Lionnet over 6 yearsStill the routing tables must be correct for nat to function
-
davidgo over 6 years@eckes Not necessarily. - the routing table on the child router would be valid, but not on the parent router - the parent router most likely does not know the IP addresses used on the child router LAN, because these are changed by the child router to appear on its WAN IP, which, of course, is known to the parent router.
-
Mathew Lionnet over 6 yearsYour definition of correct differs from mine. (If nat is used (which is not mentioned in the q) then you only need routes for the NATed addresses, I would call the routing table correct in that case - after all the ping works.
-
davidgo over 6 years@eckes If NAT is used (which is almost certainly the case based on the symptoms and typical router configurations) then the parent routing is incorrect because it does not know about the routes on the child LAN and thus it can't send the packet to it -which is almost certainly why it is not getting a response in the one direction.
