2 subnets with one FIOS router

Thanks for the reply.  Can you explain what you mean by

so I've just resort to building my tests behind a second NAT router and NAT everything leaving my .2 and .3 networks first onto .1 and then out to the internet

Thanks

My home network is on 192.168.1.x (attached to the actiontec)

I have a secondary NAT router (Cisco Linksys) running in the standard internet configuration with it's WAN interface connected to the ActionTec (and getting a 192.168.1.x address) and the private LAN addressed as 192.168.2.x (it's running in NAT/Firewall mode so everything which passes thru it get's assigned the 192.168.1.x address of the WAN interface of the Linksys).

Behind the Linksys, I have a router and some switches running various configurations with VLAN's and additional networks -- such 192.168.3.x and 192.168.4.x) and these are all routed internally on that network and defined to the Cisco Linksys.  Anything from these networks that get routed to the Linksys NAT to the 192.168.1.x address on their way to the internet (the linksys can handle multiple networks).

Ok, I see that now, but is it possible to acheive the same thing without using a seperate (physical) router?  I'm wondering if I dedicate on my server's NICs and dedicate one of the Actiontec's router ports for a seperate VLAN?

Do you have an old PC sitting around? I have the Actiontec as my primary router, and IP-Cop as my secondary router. It will run on a low power PC, 60gig HD AMD 2400 CPU 515meg of ram. But I have mine running on something with a little more horse power. I also have Dan's Guardian K-12 Proxy filter installed. The PC has 3 nics and 2 subnets. It does allot, and shows the active connections on the NATs. So if you are looking to learn a bit about Linux or just need a more powerful router, look here. Easy to install and also manage through a web interface once the setup of the  hardware is complete, you remove the keyboard, mouse, and monitor. 

http://ipcop.org/index.php

I am attempeting to setup a second router for the purpose of having my personal equipment on one network and some work equipment on another.  Since I managed to lockup the Actiontec with a couple of failed attempts, I was hoping someone could walk me through the config settings on the Actiontec router.

I have the following settings available on the Actiontec, but step #3 could have resulted in the lock up when adding a new route:

1) Advanced
2) Routing  (IGMP is Checked ; Domain Routing is unchecked)
3) Route Settings as follows:
Name Options:  (What is the intent of the "Name Options" setting?)

- Network (Home/Office)
- Broadband Connection (Ethernet)
- Broadband Connection (Coax)
- Network (Home Office) Wireless 802.11g Access Point
- WANPPoE
- WAN PPoE2
Destination: 0.0.0.0 -- can this be more specific? Can I point this to the 192.168.1.1 (default) or other subnets for example?
Netmask: 255.255.255.0 assuming a /24 subnet
Gateway: 192.168.2.1
Metric ?

I'm open to any other know working solutions.  I'm not concerned about supporting wifi on the second router.  I would like to eventually allow limited external access from the public internet either via public web address or perhaps a VPN client.  Also, I plan to keep all my other family equipment on the Actiontec since I want a supported setup should something happen when I'm on the road and my wife needs to call Verizon for support.

Actiotec hardware info:

-----------------

Firmware Version: 20.19.8

Model Name: MI424WR-GEN2

Hardware Version: F

Thanks

Bill

I have the same issuewith a work lab behind routers with multiple 10.x.x.x private networks.  As you stated, none of these subnets can connect to the Internet due to the limitation that the Vz router will only NAT the directly connected 192.168.1.0 subnet.  And yes, I can ping the Vz router 192.168.1.1 from these 10.x subnets.

2 different techs had no idea what I was describing, but the 2nd escalated me to the vendor who Vz oems the router from, Actiontec.  The Actiontec engineer said all routes behind the device should get NAT'd and no settings are required.  Unfortuanetly, they (actiontec)  do not do direct customer support and he would only answer that one question after a lot of pleading on my part - I was unable to tell him he was incorrect.

I recalled that I had a previous Vz model on which I corrected this with a simple configuration setting. Since a hardware  upgrade, I cannot seem to find the same configurtation option.

Thanks to this thread, I was able to fix this issue on my own network

My network is simple, an Actiontec router with a 192.168.0.0/24 subnet for the "untrusted" home network and a second internal router with a 192.168.1.0/24 subnet for my trusted network. To get this set up to work, I first added a static route for 192.168.1.0/24 on the actiontec router to the gateway (the 2nd router). From inside the 2nd subnet I could then ping the actiontec router, but nothing on the internet. The issue was the actiontec's broadband connection subnet mask. By setting it to 255.255.254.0, it included the 2nd subnet and the NAT started working. I can do this without changing the DHCP.

For reference, the setting is not in the advanced page, it is in My Network -> Network Connections -> Network (Home/Office) -> Settings -> Subnet Mask (the first one, not the DHCP one)

If you have more complicated internal networks, you could try reducing the mask further.

---

@PointyStick wrote:

Thanks to this thread, I was able to fix this issue on my own network

My network is simple, an Actiontec router with a 192.168.0.0/24 subnet for the "untrusted" home network and a second internal router with a 192.168.1.0/24 subnet for my trusted network. To get this set up to work, I first added a static route for 192.168.1.0/24 on the actiontec router to the gateway (the 2nd router). From inside the 2nd subnet I could then ping the actiontec router, but nothing on the internet. The issue was the actiontec's broadband connection subnet mask. By setting it to 255.255.254.0, it included the 2nd subnet and the NAT started working. I can do this without changing the DHCP.

For reference, the setting is not in the advanced page, it is in My Network -> Network Connections -> Network (Home/Office) -> Settings -> Subnet Mask (the first one, not the DHCP one)

If you have more complicated internal networks, you could try reducing the mask further.

---

PointyStick, you say something that contradicts I just want clarity.  You say the issue was with actiontecs broadband connection subnet mask but then you say to go to network (Home/office).  Those are to different connections (WAN vs LAN)  

Also just so you are aware of what you did, by changing the subnet mask from 255.255.255.0 to 255.255.254.0 means that 192.168.0.0 and 192.168.1.0 are on the same network.  The 255.255.254.0 means 512 hosts which 192.168.0.1-192.168.1.254 is the subnet range.  See IP calc below.

I know this is an old posting but THANK YOU, I've been dealing with VLAN problems for about 4 weeks now, gave up on the Fios router and decided to install a Cisco1841 behind my Fios, everything was working well but my VLAN's not on 192.168.1.x were not routing.  Found you post and everything is working now!!!!

I just wanted to reply and say THANK YOU.  I was just setting up my lab at home and was about to thrown my monitor on the floor because I could not get my second subnet on the internet.  After attempting numerous static routes and firewall rules I was going to give up until I saw your post.  

At least now I know it's this crappy router, and not what I was doing that was causing the router to not forward NAT for that second subnet.