Setup an extra Router in your LAN

Introduction 

In our local network I use a Linksys WRT54GL as LAN Router behind the ADSL Modem/Firewall/Gateway of the Internet Service Provider (ISP). On the LAN router I have installed DD-WRT router firmware, this is free Open Source software. The rationale to add the LAN Router is using the extra features and functionality set to

• enhance security, speed and understandability
• modernize and standardize with easy central management at low cost 

In this article I explain the configuration of the routers to create transparant communication between hosts at both sites of the router. In later blogs I will explain the configuration of other functions. Our local network is shown in the figure below:

The server provides terminalservices, file services, print services, scan services and management services. The server is based on Windows XP SP3 with only 320 MB memory, the clients are based on Windows XP, Vista and Windows 7, the mobiles are Android Tablets and Phones and iPhones. The Wireless AccessPoint is configured as a bridge at a central point in the building. I still use Windows XP with limited resources to force myself to efficiently configure the server.

IP Routing

Hosts and networks
IP adressing is based on the concept of hosts and networks. A host is essentially anything on the network that is capable of receiving and transmitting IP packets on the network, such as a PC, a Server or a Router.
The hosts are connected together by one or more networks. An IP address is 32 bits wide, and as said, it is composed of two parts: the network number, and the host number (like zip code and house number).
The subnet mask or the CIDR prefix determines how the IP address is divided into network and host parts. By convention, it is expressed as four decimal numbers separated by periods, such as 192.168.2.1.
In our case the network number consists of the first three numbers (192.168.x), this is defined with the netmask 255.255.255.0 or with the 192.168.x.0/24 CDIR notation where 24 is the number of bits of the network number. In our local network we use two (sub)networks with the IDs: 192.168.2.0 and 192.168.3.0. The host numbers per network can range from 1 to 254, 255 is a broadcast address.

Use of ARP
Each host has a hardware (or MAC) address, which is six bytes long, this is a unique identifier assigned to network interfaces. They are normally written in hexadecimal form separated by dashes (02-FE-87-4A-8C-A9 for example).
Suppose the laptop on the network 192.168.3.0 wants to send a packet to the server for the first time, and it knows the IP address of the server. To send a packet, the laptop needs to know the hardware address of the server. The Address Resolution Protocol (ARP) is used for dynamic discovery of this address. ARP caches IP addresses and corresponding hardware adresses he has discovered. ARP wil broadcast a request when the IP address is not yet in the cache.
In the case the laptop on the network 192.168.2.0 wants to send a packet to the server on the 192.168.3.0 network the Router must forward the packet from the 192.168.2.0 network to the 192.168.3.0 network. This is accomplished by having the laptop use the hardware address of the Router and the IP address of the server. The Router will forward the packet to the hardware address of the server. These hardware addresses are obtained using ARP as described earlier. Hosts that cannot be reached on the same network must be forwarded by a Router.

Routing
In the IP configuration of each host the IP address of a Default Gateway is defined, this Gateway is the router that forwards packets to other networks.
In the case of the 192.168.2.0 network there are two Routers, the LAN Router will forward the packets to the 192.168.3.0 network and the ISP Router will forward the packets for other networks on the Internet. This means that on the 192.168.2.0 network, besides the Default Gateway to the Internet, the Route to the 192.168.3.0 network must me defined.

Router Configuration

Configuration of the ISP Router
The route from the 192.168.2.0 network to the 192.168.3.0 network must be configured as a Static Route in the Router of the ISP with [Destination IP=192.168.3.0, Gateway=IP address LAN router].

When the laptop in the 192.168.2.0 network wants to send a packet to the server in the 192.168.3.0 network, the laptop sends it to the Default Gateway, this is the Router of the ISP, this Router forward the packet to the LAN Router, who will forward the packet to the server.
When the laptop on the 192.168.3.0 network sends a packet to a host on the Internet, the laptop sends the packet first to his Default Gateway, this is the LAN Router, who forwards the packet of his Default Gateway, this is the ISP Router, who forwards the packet to the host on the Internet. When a packet returns from the Internet, the ISP router knows the Route to the server through the Gateway defined in the Static Route.

Configuration of the LAN Router
The WAN port of the LAN router must be connect to a LAN port of the ISP router.
Most commodity routers has two Operating Modes, Gateway or Router. By default the router is configured with the operating mode Gateway. Gateway mode is intended for the connection to the Internet, Gateway mode gives you firewall and network address transalation (NAT) functionality which makes the LAN addresses invisible on the WAN side. The ISP Router must keep the default Gateway operating mode setting but for the LAN router the operating mode must be changed to Router to make network addresses visible from both sides of the router. You should also want to disable the firewall on the LAN router to allow full communication between the local networks.

As was described earlier the Default Gateway of the LAN router is the ISP Router.
With these changes we are able to communicate to devices throughout the network and have added new features and functionality.