- I have two DD-WRT routers (LAN: 10.0.0.0/255.255.255.0).
- The first router (10.0.0.1) is in my living room and is the main router (e.g. default gateway for all nodes, connected to WAN, DHCP server).
- The second router (10.0.0.2) is in my office and is operating as a Client Bridge. The second router has several physical computers connected to it. On one of those machines, I run approximately 10 virtual machines and 2 virtual networks (a secure virtual network 10.10.10.0/255.255.255.0 and a DMZ 10.20.20.0/255.255.255.0). These virtual networks can be accessed through a virtual gateway (10.0.0.120).
I can access the machines on the virtual network from the second router AND from any physical nodes directly connected to the second node (if I manually set a route for 10.10.10.0/255.255.255.0 through 10.0.0.120), so I have no reason to believe that my virtual gateway is causing problems.
My problem is that I cannot connect to the virtual nodes from the first/main router. I've tried several different options for adding routers:
On the first router, I've tried specifying that all traffic destined to 10.10.10.0/255.255.255.0 and 10.20.20.0/255.255.255.0 should go through 10.0.0.120. When that didn't work, I tried specifying that traffic to those two networks should go through 10.0.0.2.
On the second router, my iptables FORWARD table does have ACCEPT anywhere-anywhere configured. While I don't think static routes on this router are necessary, I've tried it with and without.
In summary, I've tried it with the 4 permutations:
Router1: static route to router2 for virtual networks.
Router1: static route to virtual networks through virtual gateway.
Router2: no static routes.
Router2: static route to virtual network through virtual gateway.
Nothing works.
If anyone has any suggestions, feel free to let me know. I've been banging my head against this all weekend and I'm coming up empty.
I know the configuration is a little wonky, but it's for my lab. I do a lot of testing with virtual machines and I need to be able to test between multiple subnets. I would prefer to have my virtual gateway to control access to those subnets (not a physical router).
Last edited by zeitgeist on Mon Apr 30, 2012 7:49; edited 1 time in total
- I can connect from the virtual network to everywhere else (main router, internet, etc.).
- I can connect to the virtual network from the second router.
- I can connect to the virtual network from nodes connected to the second router IF I set a static router on the physical nodes.
My problem is that I don't want to have to set static routes on all of my physical nodes / virtual machines. If I can get my main router to communicate with my virtual networks, then everything should be seamless (since the main router is the default gateway for everything).
I have watched everything via IPTraf and it looks like the connection attempts from the main router are making to to the second router, but are not making it to the virtual gateway.