Need help setting up router behind router/firewall

By Shifty
in Smart Home, Network & Security

 Share

Recommended Posts

Mentor

Shifty

Posted
Posted

I finally got Verizon's Fios at my house and boy is it FAST!!

Since I got the TV service as well, I got stuck with their modem/firewall/gateway/WAP box. The wireless part sucks big time... low signal and frequently drops connections. I still have my old trusty Linksys WRT54G with the DD-WRT firmware installed.

Here is how I have my network setup...

(internet)<===>(Fios Modem)<===>(Linksys)<===>(wireless devices)/(3 PC's/Servers)/(Switch)<===>PS3/wii/360

Since the Linksys is in my office with all the other PC's and servers, I just ran a CAT6 cable through my floor to the basement and plugged it into one of the LAN ports.

I've been trying to fiddle with the linksys and can hardwire to it and get to the internet. But when i check my Fios modem, it shows the IP of my PC, NOT my linksys. I tried in vain to configure the "Router" section of the webgui, but i either can get to the internet or I get nothing...

fios IP is 192.168.1.1

Linksys IP is 192.168.1.10 (Static), DHCP on the linksys is enabled to dish out IP's to who ever connects to it.

Under the part where I can choose the role of the linksys I get 4 options:

1) gateway

2) BGP

3) RIP2 router

4) OSPF router

I did some googling and found that the last 3 are for big ass networks or WAN specific tasks.

and this is a dumb question... which port on the linksys does the CAT cable get plugged into that goes to the Fios Modem? LAN? WAN?

I am so confused as to how to get this configured and working.

Thanks in advanced!

*crosses fingers Budman finds this thread*

Mentor

Shifty

Posted
  • Author
Posted
  x2p said:
right on the linksys router the modem shold be connteced to the wan port from what i can gather.

thats what I thought too... I tried both, rebooting the Linksys each time to be sure and seems to pass right through the linksys straight to the fios box.

I've been tinkering it some more and getting now where. hte dd-wrt forum search engine sucks.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

your NOT going to want to use the linksys as a router, there is NO point to it in your type of setup. You want to use it as an assesspoint when you have a different border router.

http://www.dslwebserver.com/main/wireless-...cess-point.html

How to Use a Wireless Router as a Wireless Access Point

in nutshell you connect your primary router to the linksys on one of the linksys LAN ports.. you have already changed the linksys IP so that is good.. You turn off dhcp on the linksys.

Your devices will then get IPs from the primary routers dhcp server

with dd-wrt you can change your wan port to be just like a lan port if you want, if you need more ports. But if your not short on ports you can just disable it.

Mentor

Shifty

Posted
  • Author
Posted
  BudMan said:
your NOT going to want to use the linksys as a router, there is NO point to it in your type of setup. You want to use it as an assesspoint when you have a different border router.

http://www.dslwebserver.com/main/wireless-...cess-point.html

How to Use a Wireless Router as a Wireless Access Point

in nutshell you connect your primary router to the linksys on one of the linksys LAN ports.. you have already changed the linksys IP so that is good.. You turn off dhcp on the linksys.

Your devices will then get IPs from the primary routers dhcp server

with dd-wrt you can change your wan port to be just like a lan port if you want, if you need more ports. But if your not short on ports you can just disable it.

Budman FTW!!

I knew that making the linksys a dedicated router is actually pointless, but I wanted to learn more networking setups. I figured it would be good practice in the long run (CCNA by June?) One of the problems that I have is that the Fios box sucks at handling more than 4 or 5 IP's at a time. The Fios tech said it was a known issue and that Actiontec (maker of the modem/router) has yet to address the performance issues with firmware updates. I can reproduce the problem everytime if i have all 3 PC's and my ps3, 360 and wii all hardwired in. when the 6th device gets on the network, the Fios box craps out and i have to restart it and take one device off the network. There is no limitations with DHCP and plus all my PC's and the game consoles have static IP's for port forwarding purposes. I have friends that come over with wireless laptops, so DHCP is enabled for them. The point of the router was to offload the fios box a bit and have a more stable internet connection. I have already had the fios box replaced twice thinking it was a defective device... but its just a limitation of the firmware.

Right now the linksys is being used as a gateway and even still when more than 5 devices get on the network the connection craps out. I had borrowed a cisco 1800 series router from work that was preconfigured by a network tech at my office. with that, I can have 10 devices on my network and no problems accessing the internet from it. on the Fios box on the IP of the router shows up, which is what I want with my linksys.

All i really need is a general idea of how to set this all up on the linksys.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

And is this 1800 series router doing NAT? I would assume so if what you say is true that the fios router craps out when 6 devices get all plugged into the fios router directly.

It might be having a hard time with handling nat for more than a few devices. If you have some other device doing the nat -- then the fios router would be doing nat for only 1 device behind it (the linksys routers wan IP)

If you set it up the linksys as just a router/bridge/accesspoint, your fios router would still being doing nat for all the IPs behind it -- does not matter if they are on a different segment or not.

If the fios device can not handle doing nat for more than say 4 or 5 devices -- then you need to setup the linksys as a normal gateway (doing nat). An setup the linksys wan interface IP address in the DMZ of the fios device. Or better yet just turn the fios device into just a bridge/modem vs doing double nat.

If you just do normal routing on the linksys -- then your fios device would still be handling all the nat for all the ips behind it -- even if they were on a different segment.

inet--fiosrouter(192.168.1.1)--192.168.1.x/24--(192.168.1.2)linksysrouter(192.168.2.1)--192.168.2.x/24

You would need to setup a route on the fiosrouter to point to the linksys wan ip as the hop to the 192.168.2.x/24 network.. You could do this by hand or use RIP or OSPF to exchange the routes -- but with only 1 other segment an more than likely no other segments being added on the fly, etc.. there would be little use to running a routing protocol between the 2 routers.

You would then setup on the linksys a default route of using the fiosrouters private interface as its gateway.

To be honest if the linksys is going NAT, I am not sure if you could handle the FULL bandwidth between the wan an its lan that you might be able to get with FIOS.. What is the bandwidth your suppose to get?

From some of the testing I have done with the linksys wrt54g(version 3.1) running dd-wrt the max bandwidth it could handle between the wan an lan without natting was only like 25Mbits tops! With nat it dropped to somewhere more like 15 to 20Mbit. I did not get to do a full battery of tests, since the kids were complaining that their wifi was offline ;)

You would have to do your own testing to see if can handle the bandwidth your fios connection provides.

I can appreciate you wanting to learn how to route between multiple segments, etc.. an dd-wrt is great for letting you do that. But it sounds like your fios devices has a problem doing the nat for a higher number of devices, so normal routing would not remove that issue -- an from my own personal testing, I am not sure if the linksys (depending on your model) is really up to doing the nat, an provide the bandwidth you might be able to see with fios.

If your fios device can not handle doing nat for the number of devices you have -- then normal routing is not going to remove that issue -- you need another device to handle the nat (say your 1800 series). Or maybe you could just let your current linksys handle the nat -- depending on how much bandwidth your getting from your fios connection -- but you would not want to do double natting for sure!!!

Double natting for starters will put a performance hit on your bandwidth, along with other issues that come about with doing that -- forwarding, access between devices between the nats, etc.. etc..

Good luck -- an happy to help in anyway I can.. just let me know.

Mentor

Shifty

Posted
  • Author
Posted
  BudMan said:
And is this 1800 series router doing NAT? I would assume so if what you say is true that the fios router craps out when 6 devices get all plugged into the fios router directly.

It might be having a hard time with handling nat for more than a few devices. If you have some other device doing the nat -- then the fios router would be doing nat for only 1 device behind it (the linksys routers wan IP)

If you set it up the linksys as just a router/bridge/accesspoint, your fios router would still being doing nat for all the IPs behind it -- does not matter if they are on a different segment or not.

If the fios device can not handle doing nat for more than say 4 or 5 devices -- then you need to setup the linksys as a normal gateway (doing nat). An setup the linksys wan interface IP address in the DMZ of the fios device. Or better yet just turn the fios device into just a bridge/modem vs doing double nat.

If you just do normal routing on the linksys -- then your fios device would still be handling all the nat for all the ips behind it -- even if they were on a different segment.

inet--fiosrouter(192.168.1.1)--192.168.1.x/24--(192.168.1.2)linksysrouter(192.168.2.1)--192.168.2.x/24

You would need to setup a route on the fiosrouter to point to the linksys wan ip as the hop to the 192.168.2.x/24 network.. You could do this by hand or use RIP or OSPF to exchange the routes -- but with only 1 other segment an more than likely no other segments being added on the fly, etc.. there would be little use to running a routing protocol between the 2 routers.

You would then setup on the linksys a default route of using the fiosrouters private interface as its gateway.

To be honest if the linksys is going NAT, I am not sure if you could handle the FULL bandwidth between the wan an its lan that you might be able to get with FIOS.. What is the bandwidth your suppose to get?

From some of the testing I have done with the linksys wrt54g(version 3.1) running dd-wrt the max bandwidth it could handle between the wan an lan without natting was only like 25Mbits tops! With nat it dropped to somewhere more like 15 to 20Mbit. I did not get to do a full battery of tests, since the kids were complaining that their wifi was offline ;)

You would have to do your own testing to see if can handle the bandwidth your fios connection provides.

I can appreciate you wanting to learn how to route between multiple segments, etc.. an dd-wrt is great for letting you do that. But it sounds like your fios devices has a problem doing the nat for a higher number of devices, so normal routing would not remove that issue -- an from my own personal testing, I am not sure if the linksys (depending on your model) is really up to doing the nat, an provide the bandwidth you might be able to see with fios.

If your fios device can not handle doing nat for the number of devices you have -- then normal routing is not going to remove that issue -- you need another device to handle the nat (say your 1800 series). Or maybe you could just let your current linksys handle the nat -- depending on how much bandwidth your getting from your fios connection -- but you would not want to do double natting for sure!!!

Double natting for starters will put a performance hit on your bandwidth, along with other issues that come about with doing that -- forwarding, access between devices between the nats, etc.. etc..

Good luck -- an happy to help in anyway I can.. just let me know.

BudMan, you never cease to amaze me!

My co-worker who configured the 1800 also has fios, and when he let me borrow it, he said it was a "plug and play" install. Nice, but of course i really don't get a change to learn how its setup and how it's supposed to work, networking wise.

as for the Fios connection, I have the 20MBit package. So doing the NATing will not be a huge issue on performance. as long as i can transfer files and do streaming at full speed on my LAN, thats all i care about. so NATing is definitely not an issue.

I thought this was going to be semi easy install and configure job... install dd-wrt, cable everything up, set the linksys to be a router, enter destination IP, subnet, etc and DHCP and it would just work.

Also one of the main reasons for this project is the physical attributes of my house... all hardwood floors and a finished basement makes for a tough time doing cable drops. I just so happened to have a pre-existing hole in my office that has a PVC pipe between the floor that goes straight to where my Fios Router is. Talk about lucky!! My living room is about 50 feet away from the office and I ran a CAT6 cable behind the crown molding. There I have a 4 port 100Mbit switch where all my game consoles are hooked up. Since I don't feel like spending $100 on a 360 wireless adapter, this is the best bang for my buck. The self effort to make this happen will more than justify saving $100.

i guess i can modify a tutorial i found on setting up a wireless repeater bridge. The concept is similar in nature to what i want to do, sans linking over WLAN. Should this be a good start?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted
  Shifty said:
The concept is similar in nature to what i want to do, sans linking over WLAN. Should this be a good start?
So you want to use the dd-wrt router as wireless link to your fios device??

Sure it has a client mode -- this will bridge its wireless to your 1st wireless router (the fios router). The dd-wrt router will do the meat of the nat for you.. which should remove the issue it seems your fios device has will lots of devices being natted.

http://www.dd-wrt.com/wiki/index.php/Client_Mode_Wireless

Do want devices to connect to the dd-wrt as well? Client mode will not work like that.

I would really not suggest this mode -- unless you have not other choice, double natting is never a good thing. But to be honest your issue seems to be one of the few valid reasons when you would need to do it ;)

If you can run a cable from your fios device to the linksys, then you could setup the linksys as a normal gateway.. You just need to make sure the lan side network is different then what your fios private side is, if your fios is 192.168.1, then make your dd-wrt lan side 192.168.2

But I would look to see if your fios device support bridge/modem mode -- ie turn off its NAT function. This would put a public IP on your dd-wrt routers wan interface -- an only 1 nat, an your fios would not really be taxed with doing anything other than as a bridge from your fios to your ethernet medium.

What is the model number of your fios device? Can look to see instructions on using as just a modem.

But yes double natting can work -- its just RARE that it would ever make sense to do it. I gave you the meat of how to do it in the other post an in this one -- no reason for a guide ;)

Mentor

Shifty

Posted
  • Author
Posted
  BudMan said:
What is the model number of your fios device? Can look to see instructions on using as just a modem.

The model is: MI424-WR

flashed with the newest firmware from Verizon: 4.0.16.1.55.0.10.4.3

I have the TV service as well and there is a coax connection from the fios junction box to the modem. I have tried to fiddle around with the actiontec, but to no avail.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

I have not read this whole thread yet, but this seems to be exactly your problem - an how to turn it into a bridge

http://www.dslreports.com/forum/r17679150-...-network-bridge

How-to: make ActionTec MI424-WR a network bridge

Why make the MI424-WR a bridge?

?New FiOS installations now connect you using the MoCA system from the ONT, not ethernet, thus preventing you from directly connecting a router of your choice to the ONT (some of you may say that the ethernet jack at the ONT is still there and you could run an ethernet cable to it, but it will NOT work because the ONT was not configured for ethernet connectivity during initial install by verizon).

?As part of the new FiOS installations, you are given an ActionTec MI424-WR router

?The MI424-WR is a pretty decent router (is powerful, has lots of features, and is quite flexible), however the major issue with it at the moment is the puny NAT table (only 1kb in size). The NAT table is easily overflowed just by running a single bittorrent or in some cases, playing games. When the NAT table is overflowed, you will get the "No IP for NAT - connections may fail" error logged in your MI424-WR's security log. During this time, you will unable to browse, ping, or connect to anything until you wait about 3 minutes. This problem seems to be widespread with this router, regardless of which firmware release is used. No one has been able to produce a workaround for this issue and neither Actiontec or Verizon has acknowledged this issue officially. This problem makes your FiOS connection next to useless. While your overall throughput may drop when using a store bought consumer grade router, your actual usability may increase. I personally would take this trade off over NAT errors any day.

?Instead of paying at least $100 to fix something that's not your fault (buying a MoCA to ethernet bridge), make the MI424-WR as a bridge and use a router of your choice!

This is what you will need to do:

1) Connect your computer to the MI424-WR using an ethernet connection if you have not done so

2) Open your web browser and type in 192.168.1.1 in the URL and press "enter"

3) The default username and password for the MI424-WR is "admin" and "password, however verizon techs tend to change the password to "password1". If neither works, you will need to do a hard reset on the router (hold down the reset pinhole with a paperclip for about 10 seconds). If you did a hard reset, you may not be able to reconnect to the ONT due to a configuration issue with the default router settings (I will explain how to get it working as you keep reading).

4) Once you are logged in, go ahead and reset the router to the default settings if you have done numerous customizations in the past, otherwise don't worry about it. To reset the config to defaults, click on "Advanced" at the top, then click yes in the confirmation box. You will then see "Restore Defaults" at the lower left side of the screen (under the red toolbox icon). The router will now reboot itself. Remember that the username and password resets itself to the ActionTec default of "admin" and "password". It's a good idea to change the password after this is all done of course.

5) Go ahead and log back into the router if you have "Restore Defaults", otherwise just click on "My Network" at the top of the screen. Once you are there, click on "Network Connections" at the menu on the left.

6) You should now see a list of interfaces that exist in the router. To see them all, click on the "Advanced" button below that list.

7) Now you will need to do this very important step. you will need to release your MI424-WR's IP from the ONT or you will NOT be able to have your new router DHCP an IP for itself!. To do this, click on the "Broadband Connection (Coax)" from the connection list. Then click on the "Settings" button at the bottom. You will now see a bunch of settings for this interface. Make sure the "Privacy" option is enabled (if you have reset your MI424-WR to defaults earlier, it maybe disabled. Not having this setting enabled will cause the connection to the ONT to fail!). You can click on the "Release" button if an IP address is currently assigned to the MI424-WR. Click the "Release" button and immediately change the "Internet Protocol" option to "No IP Address" (default setting is "Obtain an IP Address Automatically"). Click on "Apply" afterwards, then "Yes" (if there's a confirmation message), then "Apply" again.

8) Now you will need to turn the MI424-WR into a bridge. In the connection list, click on "Network (Home/Office)", then click on the "Settings" button. You will see a list of interfaces under "Bridge". Check the box next to the "Broadband Connection (Coax)", then check the box under the STP column. Click on "Apply" afterwards, then "Yew" (if there's a confirmation message), then "Apply" again.

9) Since the MI424-WR will no longer be used for routing, go ahead and disable its wireless interface also. Click on "Wireless Access Point" in the interface list and then click on "Disable". You can also disable this in the "Wireless Settings" section.

10) Just in case the MI424-WR will do something wacky, I disabled the built-in firewall also. Click on "Firewall Settings" and then select "Minimum", then click on "Apply".

11) Verify that the MI424-WR no longer has a connection to the internet by looking at the status information in "Main". It should have a red light and say it's on PPPOE right now. The MI424-WR should still have a connection to the ONT. You can check this by going back into "My Network", then "Network Connections", then clicking on the "Full Status" button at the bottom of the list. "Broadband Connection (Coax)". Should say it's connected still.

12) Next, disconnect all computers from the MI424-WR. Setup the router of your choice (for me, I'm using a Linksys WRT54G v4 running dd-wrt). Make sure your new router's IP address is something different from 192.168.1.1 or it will conflict! Your new router should now DHCP an IP from verizon without any problems.

The only way to access the MI424-WR after this setup is to directly connect a computer to it (via ethernet) and using a static 192.168.1.* IP address. It will no longer DHCP an IP to you. You will also notice that the "Internet" light (may look like a map globe) on the router will now be lit orange and blink red. This is normal. The MI424-WR control panel will also perpetually say you're not connected to the internet. That too is normal.

You will know everything is working when you see your new router getting an IP from verizon.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.