Business Community > All Threads > Problem with WAN to LAN port
< All Threads

Problem with WAN to LAN port

Problem with WAN to LAN port

Problem with WAN to LAN port
Problem with WAN to LAN port
2024-04-23 16:32:38
Tags: #NAT #Routing #Network Connectivity
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.1.2 Build 20230210 Rel.62992

Hi,

 

I'm struggling a bit with routing and NAT. I have the following setup.

 

I have no way to alter configurations on Router B or C. However.. PC1 can sucessfully ping WAN IP of Router D and PC2 can successfully ping the WAN port of router A. However PC1 cannot ping Router D's LAN address nor can PC2 ping Router A's LAN address. So I know traffic can travel from Router A to D.

 

I have turned OFF all firewall options on Router A and D. I have seen the post about WAN ports not sending info through to the LAN port and suggestions about NAT as well.

When I have tried to use NAT on Router A and D with the following setup...

 

 

I still can't seem to get the WAN port on Router A to pass traffic to it's own LAN port and the same on Router D. I've tried tinkering with the static routes too and have had to factory reset the routers as result as it stopped me getting into them.

Can anyone kindly advise where I am going wrong here, I'm at the head/wall interface stage. Thanks

  0      
 
  0      
 
#1
Options
5 Reply
Re:Problem with WAN to LAN port
2024-04-24 02:51:56

Hi @DrCheese 
Thanks for posting in our business forum.
If so, you cannot touch the settings on B and C, there isn't too much we can do about it.

Based on the diagram, B and C should be located in another LAN which means there is another router.

 

Unless you can make sure A and D are under the same subnet and no ACL on B and C and this "another router", you should get them working without configuring anything at all.

Make sure you have port forward on A and D, or open up the router page for them. They should work without any routing.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. Don't be a lazy asker. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#2
Options
Re:Problem with WAN to LAN port
2024-04-24 12:14:17

  @DrCheese 

 

I think you are running into the problem of the TPlink routers being gateways, not routers.  Currently you cannot turn off NAT on these devices.

 

A simple test to prove this out is to set PC1's IP as the DMZ IP of Router A and set PC2's IP as the DMZ of Router D.  PC1 should now be able to see PC2 as the WAN IP of Router D,  and vice versa for say file sharing or http access.

 

One way to fix this problem is to use VPN connections between Routers A and D.  This will limit the bandwidth at some point, but you get routing in return. You have better options on the ER605v2 than i have on the original ER605, but this is just a test, you can optimize with other VPN tech later.  Since you have public static IPs on both WAN interfaces of the ER605, you can use the built-in IPsec "branch to branch" option, so configure that on Routers A and D.  After a reboot, you should have full routing between the LAN subnets of Router A and Router D.

<< Paying it forward, one juicy problem at a time... >>
  1  
  1  
#3
Options
Re:Problem with WAN to LAN port
2024-04-24 13:54:39

  @d0ugmac1 Thank you for your reply. I will test the DMZ IP and the IPSec option as you've suggested.

 

A couple of thoughts:

 

Out of curiosity, would upgrading to a more 'advanced' TPLink router be an option to resolve the issues here? I chose the ER605 as I thought it should be able to do the job as the TPLink switches I have are great and the ER605 was cheap and cheerful, so upgrading is also an option.

 

The LAN on router D is only going to have a few IPs I need to connect to, and they will connect to a few specific IPs on router A's LAN, so the DMZ IP test works, I am I correct in thinking I could put a few entries in the NAT/DMZ on both sides?

 

Some additional info which may or may not be of any use Router B and Router C are part of an 1G "Ethernet Extension" that was recently installed and my understanding was it was a direct site to site link. Happy to accept that my understanding may be wrong!

  0  
  0  
#4
Options
Re:Problem with WAN to LAN port
2024-04-24 17:01:49

A different TP-link router will not help, they all have the same basic software architecture, the only difference is increases in CPU/memory and ports.

 

You can only have 1 DMZ IP per WAN port.  IN layman's terms, it basically forwards any port not already explicitly forwarded via a rule to that IP as default.  If you have access to addtional IP's on the WAN side, you can configure multiple WAN ports on the TPlink ER605 (or any gateway), each with it's own unique WAN IP and DMZ IP.  You will likely require a simple ethernet switch to provide enough ports to physically cable up 1-4 WAN interfaces.

 

In my experience, pt-pt links such as I suspect you have, have management IP's, but can also be L2 transparent, meaning you can run the same subnet on either side of the link and get away from all of the NAT/DMZ stuff.   Are any of the devices connected to the internet, and if so, how?

<< Paying it forward, one juicy problem at a time... >>
  1  
  1  
#5
Options
Re:Problem with WAN to LAN port
2024-04-25 16:14:03 - last edited 2024-04-25 16:15:34

  @d0ugmac1 

 

Well... this is the full network setup.Most PCs have the corp router as their gateway which gives internet access. In the cases I've been trying to test and get working, I've had PCs either directly connected to the LAN port of the ER605s OR I've changed their default gateway to the LAN port of the ER605 for testing or changed their routes to go to the ER605 in the first instance. The ideal being, if I make an error it only affects that one PC and not the rest of the network

 

 

The switches are TPLink : TL-SG3452XP

 

Today I did the following. On Router A: One To One NAT List

 

Did similar on router D using Original and Host IP of 10.1.2.253 and TranslatedIP of 10.1.2.254. Doing this I was able to ping from PC1 to Router D's LAN port. However a tracert came back with 2 hops... the first being the LAN of routerA, the 2nd being the IP of PC1. So I suspect I've done something silly.

 

EDIT: I also tried putting both routers on the same subnet and wasn't able to ping the LAN ports or PCs on the other side.

 

 

  0  
  0  
#6
Options

Information

Helpful: 0

Views: 528

Replies: 5

Tags

NAT Routing Network Connectivity
Related Articles
Traffic From Wan\LAN to LAN
626 0
Routing LAN to default WAN
363 0
ER7206 change WAN/LAN port to a WAN port
165 0
Forwarding a WAN port (external port??) to a LAN Port ???? ** Puzzled **
1140 0
wan to lan connections for internal use don't work
374 0
How to give IP from Wan to my LAN devices
338 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.