I have an Android box is connected via Ethernet to my ISP modem/router, which assigns it an IP in the 192.168.10.x subnet.
The ISP modem/router is physically close to the Android box, but it's 90 feet away from a second router (Flint 2).
The second router (Flint 2) is connected to a Switch, which in turn connects to a desktop running a Jellyfin server. Devices on this side receive IPs in the 192.168.8.x subnet.
The Jellyfin app on the Android box cannot discover or connect to the Jellyfin server, due to the subnet separation and lack of routing between 192.168.10.x and 192.168.8.x.
As a second best solution I use the Flint 2 Wi-Fi for the Android box, but it's not as good as what an Ethernet connection would provide.
My question is in non-technical terms if possible, what is the best way to use the Ethernet connection from the Android box, through the ISP modem/router, to the second router, to the Switch and finally to the desktop running the Jellyfin server?
Your ISP modem/router would need firewall rule(s) to redirect that 192.168.10.0/24 traffic to the inner subnet & port (to the Flint v2 — 192.168.8.0/24 by default). The Flint v2 would also need its port forwarding (opened from its 'WAN' port/outer subnet) to send the traffic from that hop to the Jellyfin server's IP & port(s).
It's your ISP combo-unit that's the real question in all this. Can you set it to 'bridged mode' or set the 'DMZ' to use the Flint v2 as the sole router? That's all that's needed to turn the combo-unit to a modem... & just a modem... for WAN/Internet access. Everything will then be on the 192.168.8.0/24 subnet; no port forwarding needed.
'Double NATing' is more trouble than it's worth for exactly this reason (read: PITA). It's even more of a problem if you torrent.
Thank you for the suggestion. I'm constrained because my Android box is connected by cable to the ISP modem/router and they both have to be 90 feet away from Flint 2. So if I were to bridge the ISP modem wouldn't its LAN ports become unusable? In that case the Android box would lose its wired connection.
I don't understand. Why would the Android box need to be segregated by physical distance from the Flint v2 & the extra switch attached to it?
How many wired/Ethernet connections do you need for your LAN? The Flint v2 has five LAN-assignable ports. If you keep the switch to act as the extension at the other end of that 90' run your Jellyfin box can just link to the Flint v2 thru that. The Android box would link into a port on the Flint v2.
Per @will.qiu 's diagram the Android box would be something like 192.168.8.3/32. The Jellyfin box would have the switch between it & 192.168.8.0/24's router (Flint v2 @ 192.168.8.1) to extend that Cat. cable run. The ISP unit would just be a 'dumb modem'... as it should be & removes the double NAT deficiency.
The Android box and the ISP modem/router are in a different room than my Flint 2. Before my recent problem with having two routers, the Android box was connected to a LAN port on the ISP modem/router. Another LAN port had (still has) the 90 feet cable run to my TP-Link switch and from there to the desktop.
Now with Flint 2 in the picture the 90 feet long connection goes to Flint 2 (WAN port), and from a LAN port to the TP-Link Switch. From the switch on to the desktop.
Well, if it works for you, it works. I still see no technical reason to not consolidate it all under one subnet. A double NAT is going to require you to port forward for every daemon/server you have downstream... & good luck if you ever start torrenting.
Thank you for your comment. While it's true that consolidating would simplify some flows, I value modularity and audit clarity more than convenience. Every exposure is intentional, rollback-ready, and tagged. If I ever go full torrent, I’ll scaffold that with its own VLAN and rollback plan.
Edit: Based on a very quick test there was no problem with torrents.
Just be aware double NAT definitely doesn't provide any addn'l security benefits while you're relying on your ISP for firmware. VLANs are the way to go.
If I was limited to this setup, I would move the Flint 2 to the ISP router location and just have 1 LAN, and maybe use a Beryl AX as an AP. When I had cable company internet, I bought my own modem (no integrated router).
I'm assuming that your Flint 2 is wired to the ISP router. How difficult would it be to run a 2nd ethernet cable back to your Android box.
Unfortunately the Android box is close to my ISP modem/router, but it's in a different room from my Flint 2 which close to my desktop. Running a cable from one to the other would be impractical and/or unsightly.
My ISP states on their website that I could use a different router than theirs. Maybe I could consider your suggestion if it would be technically feasible and within my admittedly limited technical knowledge scope.
… but you’re already running a 90’ cable now, aren’t you? Is that run already between the modem & the Flint v2? If so move the Flint v2 near the modem & use the 90’ cable to run the switch. Hang a cheap AP off the switch if Wi-Fi won’t reach fr the Flint v2 &/or put it into ‘repeater’ mode. At least then the double NAT would be limited to the repeater’s Wi-Fi subnet.
Use static IP/DHCP reservations on the Flint v2 for IP/hostname management. Boom. Done.
Thank you for the suggestion. If I may, networks are like a plateful of spaghetti to me both physically and mentally and I would like to set down what I know and what I assume will happen, plus a few questions that are confusing me.
My ISP modem connects to the Internet. IP 192.168.10.x?
One port on the ISP modem connects to the TV (nearby). IP ?
One port on the ISP modem connects to the Android box. IP 192.168.10.53
One port on the ISP modem connects to the Flint 2 router 90 feet away (Ethernet cable connected to Flint 2 WAN port). Flint 2 IP to WAN is 192.168.10.20
The Flint 2 router connects to the TP-Link switch. TP-Link switch IP is 192.168.8.187
The TP-Link switch connects to the desktop PC where the Jellyfin server is installed. Desktop IP 192.168.8.192 (Jellyfin port: 8096)
The TP-Link switch connects to a laptop in the same room. IP 192.168.8.184
The jellyfin server IP is 192.168.10.15:8096
The ISP modem, the TV set and the Android box are together, but about 90 feet away from Flint 2, the TP-Link switch, the desktop and the laptop.
If I physically move Flint 2 near to the ISP modem, then I suppose that:
My ISP modem will connect to the Internet (as above).
One port on the ISP modem will connect to the TV (nearby) (as above?).
One port on the ISP modem will connect to Flint 2.
One port will connect to the TP Link switch 90 feet away (Ethernet cable).
The TP-Link switch will connect to the Android box.
The TP-Link switch will connect to the desktop PC where the Jellyfin server is installed.
The TP-Link switch will connect to a laptop in the same room.
Question: How will the Android box connect to the Jellyfin server on my desktop?
Will the Android box have a connection to the Internet (as it now does direct from the ISP modem)?
If I have a Jellyfin server on the laptop will the Android box be able to connect to that?
Provided the modem/router combo unit is set to 'bridge mode' or the Flint v2 is in the modem/router's 'DMZ' the only IP would the WAN IP. A 192.168.x.x is internal-only subnetting for a LAN. The Flint v2 would get that WAN IP via it's WAN port... unsurprisingly. The subnet (per my diagram) would be a LAN of 192.168.8.0/24. The Flint v2's IP would be 192.168.8.1/32.
No. Per above the ISP modem/router is designated to act as just a modem to simply feed the WAN into your residence. The Flint v2 would take care of all the routing within your LAN/subnet.
All client devices will be able to reach all others & the WAN in the diagram above as there would only be one NAT, as there should be, to protect the entire subnet/LAN. That assumes the use of a Wi-Fi device in access point mode rather than a Wi-Fi 'repeater'... if so that repeater will be the second NAT... but it would at least be limited to those Wi-Fi devices so they can use the WAN.
Wait... your switch pulls an IP via the upstream DHCP server/daemon? That seems to imply it it is a managed switch. Is it a managed switch? A dumb one (read: unmanaged) just acts as a glorified network port expander. What is its model number? I'll look it up.
