Building a Network Inside of Another Network

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
PaperRoute
DD-WRT Novice


Joined: 22 Jan 2023
Posts: 3

PostPosted: Sun Jan 22, 2023 12:26    Post subject: Building a Network Inside of Another Network Reply with quote
Hello! I am hoping to get some advice. I am setting up a network for a small business that operates inside of another large office. The internet is provided by the large office. I setup a router which is connected to the bigger network through the WAN port on my router. All devices can connect to my router. They have access to the internet and all that good stuff.

Recently we have been trying to connect a Pin Pad for the service Stripe. The Pin Pad itself connects to the network and updates it's software. Then I complete the setup of the pin pad by pairing it with the payment processing software. To do this I put the pin pad in a pairing mode. Using an iPad I complete the pairing process and that works properly too. But when I try to process a payment from the iPad I get a network connectivity error (both devices have to be on the same network). Which they are. So I also tried to use one of the hardwired terminals to pair and process payments, but I get the same error.

I am wondering if this is a potential double NAT issue? I tried disabling the firewall with no effect. My router is operating in gateway mode, which could be an issue.

Does anyone have advice on what could be preventing the pin pad from processing a payment, even though it's connected to the internet?
Sponsor
securedparty
DD-WRT Novice


Joined: 07 Dec 2017
Posts: 22

PostPosted: Sun Jan 22, 2023 15:40    Post subject: Reply with quote
If you're behind a network that you're not an administrator for, there may likely be an issue there: on that other network.

Do you have an alternate way of connecting to the internet with your router? Assuming it's a DDWRT router, and you're on these forums, perhaps you could use one of the wifi SSIDs of the router and tether it to your wireless phone. At that point, then check to see if there are issues this way.

Learning how to use your ddwrt router as a wireless client would certainly be useful on its own.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Sun Jan 22, 2023 20:45    Post subject: Reply with quote
Finally are the pin pad and the processing unit are on different network...so one is on the main network, the other is on your router local network...isn't it...and you are worried one is behind the NAT...

No idea how those pair together than...and than you have connectivity error..

And later you are talking about double NAT... sorry, but i got a bit lost...

2 devices on the same network and your fears of double NAT...this doesn't make any sense to me...

To me its a bad setup issue, or you need to add a static route somewhere...and even thow as you pair the devices this means they can see each other, but you said those are not operating as they should...is it a device issue...as we dont know the devices and their settings, this is on you to check those...i guess Razz

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
PaperRoute
DD-WRT Novice


Joined: 22 Jan 2023
Posts: 3

PostPosted: Sun Jan 22, 2023 22:24    Post subject: Reply with quote
Thank you for the replies. The error says they are on a different network, but when I look at the clients that are connected to my DD-WRT router, the pin pad and the other device are both connected. I suspect that since they pair properly and the pin pad can update itself over the internet, I'm thinking the payment processing is making a request of some kind that can't be resolved.

If I look at the diagnostics on the Pin Pad it says that DNS Resolution has failed. The DNS server is 192.168.1.1 which is the address of the DD-WRT router, should that be updated to something else? I'm assuming the device could still connect to the internet and update itself without proper DNS resolution if it's making a direct connection to an IP.

One other thing is that someone from the business took the pin pad home and connected it to their home network and was able to process a payment.

https://support.stripe.com/questions/my-point-of-sale-application-cannot-connect-to-the-reader
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Mon Jan 23, 2023 11:46    Post subject: Reply with quote
"If I look at the diagnostics on the Pin Pad it says that DNS Resolution has failed. The DNS server is 192.168.1.1 which is the address of the DD-WRT router, should that be updated to something else? I'm assuming the device could still connect to the internet and update itself without proper DNS resolution if it's making a direct connection to an IP. "

Do you have correct DNS on your DDWRT router...??

Post pic of basic setup page, and services especially
DNSmasq advanced settings...
you can cover the sensitive data like your WAN IP, Mac addresses and ect.

it seams...you ve messed up your DNS settings... Rolling Eyes

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
PaperRoute
DD-WRT Novice


Joined: 22 Jan 2023
Posts: 3

PostPosted: Tue Jan 24, 2023 1:50    Post subject: Reply with quote
Thank you. Yes it must be DNS related. It's weird because this router has been used in the building for years with no issue. all the computers printers, and cell phones can access the internet just fine. only the pin pad has had issues.

here are some of the settings pages:

https://ibb.co/qYT44Ss

https://ibb.co/3SghJw5

https://ibb.co/nRw2yXR

https://ibb.co/VtybjdL

Thanks again for the assistance.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Tue Jan 24, 2023 2:26    Post subject: Reply with quote
Definitely related to using mostly default settings out of the box without further research. While the DNSMasq wiki is dated, there are some valuable tidbits in there. Another source of information is the upstream dnsmasq website, particularly the man page. Anyway, by default, the router's IP address is passed out to clients as DNS server. This may or may not be benign, dependent on further settings. It seems that your router is running an older build, simply due to lack of certain current options in the webUI. If you are running 44715/9 and not 51440, then please consider upgrading first. The router database is not current on current release information and never will be, most likely.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Tue Jan 24, 2023 7:59    Post subject: Reply with quote
ok...as KP-69 advised update to a new build currently 51440... https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2023/

Than reset and manually reconfig you router,
do not use save file from a different builds...

Than i would ve disable SFE shortcut forwarding engine, unless you desperately needed, as it tend to interfere with some settings...

As you are using auto DHCP form the router ahead IP and DNS are given and this is the DNS your TP-link is using...
to mitigate this you can ignore the WAN DNS (on the new builds there is an option for it) or simply
add to Advanced DNSmasq box...

no-resolv
server=9.9.9.9

In simple words, first line will tell DNSmasq to not use any DNS fetched by the DHCP and second line is the DNS server you want to use (9.9.9.9 is a quad9 public DNS...im using it)
Try this way...it should work...

As an option, you can tick Forced DNS redirection (basic setup page down the bottom)...
This option will force the clients of your router to use exclusively only the DNS you specified in server= line, so devices with hardcoded DNS will not be able to use their own...as some devices have their hardcoded/baked DNS preferred server to use instead..or someone may want to force and use their own DNS...
it is a bit touchy situation, as some devices may cease to work....to mitigate this you can make an iptables rules like:

iptables -t nat -I PREROUTING -s 192.168.45.163 -p udp --dport 53 -j DNAT --to 9.9.9.9
iptables -t nat -I PREROUTING -s 192.168.45.163 -p tcp --dport 53 -j DNAT --to 9.9.9.9

-s 192.168.45.163 is source IP of the device you want to address(give this device a static IP in range of your subnet) and 9.9.9.9 is the server you want to use for this device...

Also, make sure your router local IP/subnet does not interfere with any other routers ahead as
192.168.1.1 I usually change it like 192.168.123.123 or what ever...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum