Trouble Communicating Between Two Routers

[TC10284]

I am running IPCop 1.4.10 as my main router (192.168.1.1) and gateway to the internet. I am trying to setup a second router which is Brazilfw 2.26 (192.168.2.1) and I am having all sorts of trouble getting the two routers to ping properly when I disable NAT. I disabled NAT because I would like to be able to cross the networks similar to a VLAN (connecting through a UNC share and ping the IPs in the other network). When using NAT, this is not possible.

OK, on the main IPCop router which has an IP of 192.168.1.1 I have this in the rc.local file:

#Static Route for BrazilFW router
/sbin/route add -net 192.168.2.0 netmask 255.255.255.0 dev eth0

And these are the current routes for the IPCop router:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
24.148.144.128 * 255.255.255.128 U 0 0 0 eth1
192.168.2.0 * 255.255.255.0 U 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
default user-0c99441.ca 0.0.0.0 UG 0 0 0 eth1

On the BrazilFW router (192.168.2.1), I have nothing added to the rc.local file yet but I temporarily added routes using the route add command and this is the current routing table:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 * 255.255.255.0 U 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth1


As for my results, well, I have none really. The BrazilFW router can ping ANY IP (inside or outside of BrazilFW router and any internet IP address). But none of the clients can ping anything other than what's behind the BrazilFW router. I am confused on how to get this to work properly. =(

Can anyone suggest anything?

 

[JackMDS]

If you disbale the NAT. I.e. it is not a Router anymore, you have to put the devoce on the same subnet as the first one.

This page explains the principle, http://www.ezlan.net/router_AP.html

:sun:

 

[TC10284]

Actually I found this link to be more accurate:
http://www.ezlan.net/shield.html

I've already accomplished what was on the link you posted with a BEFSR41 and BEFR81 Linksys and a Netgear MR814v2 routers (setting them as switches or WAP's, just disable DHCP, change the router IP basically, and connect to regular ports and not the WAN port).

What I'm working toward is similar to my Cisco 2514 router capabilities. I know that it has two ethernet ports E0 and E1 and NAT disabled by default and the two networks will communicate like I want (Taking CCNA1-4, getting ready to start semester 3). But I assumed that you could setup two hardware routers such as IPCop and BrazilFW, etc, disable NAT as instructed by a developer for BrazilFW and setup routes between the two networks.
In theory it should work if the routes are setup properly. I tried something different than what I posted a little later (I haven't been able to get any help from any forum I've posted that question on) and I got limited results. I could ping some IPs on the other network but not other ones. Like, I could ping the DNS server IP, but not regular client IPs in the other network (and they were not running any firewall on the PCs themself)

Gah...I really would like to figure this one out =\

 

[nweaver]

I would try a simple linux box, and enable routing, unless you are looking for the statefull packet inspection.

 

[RebateMonger]

You DID remember to reset the Default Gateway of those clients to BrazilFW, right? Just asking....since that would certainly cause the symptoms you mention.

 

[TC10284]

IPCop and BrazilFW are simple Linux boxes basically.

 

[TC10284]

After setting up the BrazilFW router and connecting it to the specified switch, I released the IP on one of the clients that would use the BFW router and it retained the BFW gateway IP of 192.168.2.1 the whole time.

 

[RebateMonger]

What about Tracert 192.168.1.1 from a client computer?

Also, aren't you going to lose your ability to browse the Internet unless you leave NAT on a public-facing router? Requests to get web pages will be coming from a private IP address (the IP address of the originating client). Responses will be sent back to that same private IP address. The responses won't get very far, I'm sure.

 

[TC10284]

I understand what you are saying. Sorry if I confused you but I did leave NAT enabled on the IPCop router and disabled it on the BrazilFW router. IPCop is the main router that goes out to the Internet (connected to my cable modem). I can't remember exactly about the tracert. I know I did it a few times but I can't remember to what IPs I traced and how far it got. Yes, I understand about the replying to a private IP address (any packet from a private IP will automatically be dropped by default or forwarded (if setup) by an outside (wan side) router)