Bridge Mode on Cisco DPQ3925?

[OP Yorak 415]

So I recently moved into a new apartment, and the modem we received from Cox Communications was a Cisco DPQ3925. Unfortunately, I was not here when they set it up. It probably would not have mattered either way, but I would have at least requested a standard modem rather than a modem/router combination. I have my own router that I have configured with Tomato, tons of scripts and configured just the way I want. I thought it would be no problem to put their device in bridge mode. Yikes... I was certainly wrong. I went searching and found this post which explains that the option is there but hidden. The firmware version I have on mine must have corrected that, because it is no longer available. Sure, I can go pay for a new modem, but I would rather not. I called Cox and they said they only offer the combination boxes and of those there were only two models. I looked up the other one they mentioned and it also has no way to change the mode.

 

I would prefer not to double NAT. Could I just place the router in the combo's DMZ? Would that work fine? Thanks in advance. :)

[JJ_ 127]

You could DMZ your router but you would have to disable DHCP on the Cisco gateway, increment the IP of your router and set its IP address range to avoid any clashes.

 

I can't really understand why any ISP would patch out the option for bridge mode because we all know how great combo gateways are... not! Double check your Cisco gateway though and see if there is a way to bridge. Try the below using Firefox

1. Login to your gateway (usually at http://192.168.0.1)
2. Click on the Wireless tab
3. Set Wireless Network to disabled
4. Click Save Settings at the bottom
5. Click on the Administration tab
6. Press Alt + V -> Page Style -> No Style (page may now look weird but continue on)
7. Next to Working Mode select the option for Bridged Only
8. Click on Save Settings at the bottom
9. Once your gateway has cycled power, turn it off and wire your router to it.
10. Win (hopefully)

 Instructions courtesy this blog

[OP Yorak 415]

You could DMZ your router but you would have to disable DHCP on the Cisco gateway, increment the IP of your router and set its IP address range to avoid any clashes.

 

I can't really understand why any ISP would patch out the option for bridge mode because we all know how great combo gateways are... not! Double check your Cisco gateway though and see if there is a way to bridge. Try the below using Firefox

1. Login to your gateway (usually at http://192.168.0.1)
2. Click on the Wireless tab
3. Set Wireless Network to disabled
4. Click Save Settings at the bottom
5. Click on the Administration tab
6. Press Alt + V -> Page Style -> No Style (page may now look weird but continue on)
7. Next to Working Mode select the option for Bridged Only
8. Click on Save Settings at the bottom
9. Once your gateway has cycled power, turn it off and wire your router to it.
10. Win (hopefully)

 Instructions courtesy this blog

Yeah I tried those instructions too. :( The option must definitely be gone now. So ridiculous.

 

When I disable DHCP on the combo, how do I set the IP it is giving my router? It defaults to 192.168.0.13 and I have that in the DMZ, but ports are still being blocked.

[JJ_ 127]

In the Cisco gateway settings, set the LAN IP range between 192.168.0.1/2

 

On your Tomato router, go to Basic -> Network and set the LAN settings to something similar to this

 

 

Just read your ports are still blocked with DMZ :s As the Cisco is still doing the routing, try creating a port forward rule for ports 1-65535 to your routers IP 192.168.0.2

[OP Yorak 415]

Thanks. :)

 

Here is what I have on the Tomato router:

 

 

And on the Cisco POS:

 

 

 

I am probably missing something simple here, but it still is not working correctly.

[JJ_ 127]

The problem is your router and gateways IPs are in a different subnet. Without making drastic changes to your routers settings, getting your gateway in the same subnet as your router should do the trick and changing the routers IP so it doesn't clash with the gateway. Change to below then if your Cisco gateway doesn't cycle power on saving settings, manually cycle it's power.

 

 

Finally change the DMZ host IP in Cisco gateway to 192.168.1.2

[OP Yorak 415]

The problem is your router and gateways IPs are in a different subnet. Without making drastic changes to your routers settings, getting your gateway in the same subnet as your router should do the trick and changing the routers IP so it doesn't clash with the gateway. Change to below then if your Cisco gateway doesn't cycle power on saving settings, manually cycle it's power.

 

Finally change the DMZ host IP in Cisco gateway to 192.168.1.2

Doh! I completely missed the fact that they are in a different subnet. Finally I can get some rest. :P Thank you very much for the help!

[JJ_ 127]

Great. Double NAT isn't ideal but because you've DMZ'd your router, it shouldn't cause problems with port forwarding. Now hassle Cox for a standalone modem :D

[The_Decryptor 1,105]

That won't work, well it'll work but only because you aren't using the Tomato router as an actual router, you're using the Cisco one.

The Tomato should go between the Cisco and your network, by putting the Tomato router on the same subnet as the Cisco router it's more like a server on the network, you'll have 2 DHCP boxes, etc.

[JJ_ 127]

DHCP/wireless are turned off on the Cisco so all it is doing is passing WAN traffic to the Tomato router which will be handling everything else LAN side so I don't anticipate there will be any issues.

[+BudMan 2,783]

If your going to use tomato as nat, gateway for the network behind it.. You can not have its wan same as its lan network..

As mentioned even if you dmz your tomato behind your cisco - its still a double nat, you just don't have to worry about port forwarding on the cisco since all unsolicited traffic to your public IP would just be sent to your DMZ IP.

you would want something like this.

publicIP -- cisco 192.168.0.1/24 -- 192.168.0.2/24 (static) tomato 192.168.1.1/24 --- 192.168.1.x (dhcp from tomato) PC

Does not matter if you turn off dhcp on the cisco to be honest, only reason you want tomato wan to be static is that so it doesn't change, you could also just use a dhcp reservation on cisco so it always gives tomato wan the same IP. Since you need your tomato wan IP to be the IP that you set for dmz on your cisco.

Again this is still double nat.. And you could still run into problems with things that have issues with nat, like hosting a ftp server might be a bit of PITA. You would be still limited by the cisco nat table for one, its possible there might be a small performance hit on your overall wan to lan bandwidth since you have 2 boxes having to process the packets with NAT. Its normally not best option to double nat like what seems your forced to have to do if you want to use your tomato as the control for port forwarding, etc. But it generally will work - but it can have some issues, but as long as your aware that there is a double nat you should be able to work through most of them.

Normally where you see problems is the user is actually unaware that a double or even triple nat is going on, and they can not figure out why port forwarding doesn't work when they do it on the nat router their PCs are connected too - when they didn't open/forward the ports on the nat device in front of it.