I do not have any trouble accessing my synology from far away. It works allright from outside of my home (through internet). My problem is that I want the devices inside my home to access synology (and PC.2) via lan
Ok, all clear, i also removed route “No.7” from ISP router, so only the last instructions are applied
Great, but where is the ping result? you need to ping form both sides: PC1 to PC2 and vice versa.
Unfortunately the same result…
PC.1 to PC.2
Sorry for replying late but I keep getting messages (from the forum because I am new user) that I have reached max replies in a single day and I have to wait x minutes, or x hours etc…
PC.2 to PC.1:
I lost connection! (worked before as in my drawing), but I found out that if I enable masquerading then again PC.2 can see PC.1 (but PC.2 still cannot see PC.1)
I say again only with masquearade ON can PC.2 see PC.1 (Wan=accept or drop does not matter to this)
PC.1 cannot eitherway see PC.2 (I mean with “WAN input=accept or drop” and Masquerade ON or OFF)
So this last setting I tried did not change anything, only the masquerade turning off, did chagne things (to the worse)
Just for the record pinging PC.2 to PC.1, tv box etc brings this (with maquerade ON)
With “Wan Input=accept” still no device under ISP can see any device under Opal
Great progress.
I want to verify something
- Can you now test enabling the DMZ and putting the PC.2 in it. Then ping PC.2 from PC.1? If ping worked, disable the DMZ again.
- Please provide also the routing table for both routers.
- PC1 and PC2, execute the command to display the routing table: C:> route print -4
I am with you here until the point when you mention disabling NAT. How will the router’s VPN (or any other routing) functionality work without the ability to NAT? Is it not just impossible?
It would work fine because the NATing is not disabled on all - only the inbound traffic from his WAN interface:
If you look at the screenshot the traffic going from the VPN interface to the WAN would still NAT the traffic.
1 Like
Hello guys, criminal here. After my last posts the forum gave me a 10 hour penalty for beeing a new user… Also it does not allow me post more than one image in a single post (new guy), so if I make a second post, I hit the max new guy limit and so on…LOL
Ok, so:
-Wan=accept
-DMZ=PC.2 ip
-Wan masquerade On or Off? (can try both)
it does not matter - but you can try both.
SpitzAX3000, removing that Static route may mean the ISP router does not know where to route the traffic of the 192.168.5.x network. The firewall on the GL.Inet is should also be handled.
Wan masquerade likely has to stay on for the devices on the 192.168.5.x network to have internet access.
Given that that network cannot be reached from the ISP’s network(192.168.1.x), disabling WAN masquerade will not allow internet traffic to reach those devices on its way back. Although it might work if all traffic goes into the VPN in which case it is NATTED into the VPN and the VPN traffic is coming from the GL.Inet device itself.
My honest guess would be to allow forwarding from WAN to LAN.
All the above are with
Wan=accept
Masquerade=ON
DMZ=ip of PC.2
Can I ask something else?
Does how a device is connected to either router play any role?
Ethernet or wifi?
I ask this because… I also have another gl.inet router (Slate AX) that is connected to my ISP router wirelessly but in the ISP’s route table there is no rule for it (such No.6 for the Opal). The Slate Router has ip’s range 192.168.9.1
The reason that I did not mention the Slate router ealrier is that it is not permanent part of my home topology. (I take it with me wherever I go), but now that I am home I use it temporarily from my home too. Also Slate AX in our discussion up until now (and during our test) was not part in them in any way.
Just saw now and wondered why does it not have a rule in ISP’s route table like the one Opal has (No.6). Slate AX is connected wirelessly to my ISP and has one device connected to it (laptop) and basicaly does and works the same way as Opal (wireguard internet connection, laptop can see ISP’s devices like Opal, but ISP’s devices cannot see the laptop like Opal). Also disconnecting it and turning it off, does not change anything in the discussion and behaviour of the “Opal” issue we are trying here to solve
Agree.
Disagree. His ISP router will handle the NATing for the Internet access.
That’s what I am thinking about too… but he also needs to add static route.
-
disable the DMZ
-
disable the masquerade
-
change all to accept
-
click edit and in the destination zones, check your lan (for now later you can test the vpn)
-
end result look like this
ping from either PC and let us know.
I do disagree, but let’s go with this now and see if this results in at least access from the ISP network onto the GL.Inet network with possibly some internet accessing issues for devices on the GL.Inet network. In case that happens, turning masquerade back on is just 1 checkbox away.
I am trying to route his traffic between the two networks without NAT. Once his devices in Opal’s network want to reach the Internet, then the NATing should be performed by the ISP router. OF Course I am assuming the ISP router has NAT enabled and configured correctly.
This is the same thing I am referring to:
Now that you mentrion VPN…, at all times the VPN client is connected. Shall I disconnect during the testing? All previous tests and results are done with wireguard client connected
Ok, here are the results:
-Wan: Accept, accept, accept / destination zone: Lan / VPN On or Off (tried both just in case no difference)
PC.1 to PC.2: Request timed out, 100% loss (even tried Masquerade ON, nothing changed)
PC.2 to PC.1: Masquerade OFF-cannot ping (but I have internet access)
Masquerade ON- I get ping
I am not sending pictures (except if you ask me to) because I will be arrested and imprisoned (new guy) LOL. Also I do not make new reply but edit my last one for the same reason LOL
Now please just keep the same settings you and make sure Masquerade is still OFF. Then go to your ISP router (as you did two days ago) and show me in the static route other interface you have?
Please check your ISP router and find out the IP that is allocated for your Opal’s interface? If it is still 192.168.1.51, then add static router as you did before:
IP Address: 192.168.5.0
Gateway: 192.168.1.51
Subnet Mask: 24 (or 255.255.255.0)
Make sure you keep the last settings we discussed.
IMPORTANT: during all the test you have to FULLY disable Windows Firewall which blocks the ping for inbound traffic !!