Hi, I have the following scenario:
Internet/ISP-----Modem/Router R1-----Router R2-----PC/Server
Mobiles, NAS, Printer, etc...
Local network of R1: 192.168.2.0/25.
Local network of R2: 192.168.1.0/28.
ISP is providing a public IP address x.x.x.x.
Now, here's what's happening:
And here's what I tried:
Is there anything missing?
Any suggestion is highly appreciated...
devices on R1's LAN cannot access to or ping devices on R2's LAN
devices on R2's LAN can access other devices on R1's LAN.
So then for that happen there is no issue with routing it sounds like s security policy negating echo-reply returning from R2 to R1
R1 host initiate ping (echo request) R2 hosts (echo-reply) = fail
R2 host initiate ping (echo request) R1 hosts (echo-reply) = works
So PC/server doesn’t have a software fw and you say other device attached to R2 are experiencing the same thing, so it cannot be down to an individual device from Rtr2 lan perspective. And you are saying it isnt the WRT negating icmp and you have no access-list or security policy’s on R1....time for a debugging session I think!
So does that Dlink or WRT rtr have the capab.ility to debug if not can you wireshark from the laptop?
Yes, the PC/Server has the McAfee anti-virus installed on it, but when I completely disabled it (turned off firewall) and tested it, it didn't change much the outcome.
Besides that, the NAS was previously on the same network as the PC/Server and assigned with IP address 192.168.1.100, but wasn't replying to ping echo requests from any device on network 192.168.2.0/25. So you could tell it's not the firewall software on PC/Server that's causing all this.
In my opinion, there's a security policy hidden somewhere within other functionalities and that I'm not aware of, and/or a misconfiguration in the DMZ option.
The PC/Server has Wireshark installed on it and upon trying some debugging, I noticed that any ping echo request that I expected to get from, let's say, IP address 192.168.2.20 was simply not found in the Wireshark output. And I also tried from several devices on network 192.168.2.0/25, not just one to eliminate any doubt...
So I assumed that packets are reaching R2, but are not being forwarded by R2 to PC/Server or previously the NAS.