[SOLVED] Trouble with linking subnets

I have one primary router, Netgear R8000 running r40559 (latest version available in the router database) and two Linksys E4200 also running r40559.

Prior to this I ran the R8000 with r36070M and two E1200 with r21061 in client-bridge mode and everything on the subnet. When I upgraded the primary router to r40559, it became much less stable. I did perform the 30-30-30 reset before and after the firmware upgrade and rebuild the configuration file by hand from a spreadsheet of recorded settings and nothing improved, so file corruption is out.

Understanding that client-bridge mode is regarded as a less stable hack anyway, I decided to try and reconfigure my two secondary routers in client mode on different subnets following these two wiki

https://forum.dd-wrt.com/wiki/index.php/Linking_Subnets_with_Static_Routes and

My network matches the Linking Subnets wiki exactly. For the most part everything works. Routers 2 & 3 have routes to Router 1 and the internet through Router 1 gateway, but ONLY if I enable Masquerade Route in the Static Routing of Router 1.

The problem is, in this mode computers on the subnet cannot see anything on the or subnets. Nor can the two outlying subnets see each other.

If I disable Masquerade Route in Router 1, that breaks pretty much everything. Routers 2 & 3 have no route to the subnet or the internet. I've tried all sorts of crazy settings to get it to work with Masquerade Route disabled including regressing the primary router to r36070M but absolutely no joy whatsoever. Other details are

Routers 2 & 3 both have bridging disabled in wireless settings
Routers 2 & 3 are both in router mode, not gateway.
Routers 2 & 3 both have "iptables -I FORWARD -s -j ACCEPT" commands loaded at startup.

The routing table in Router 1 looks like this:

default                  UG   0   WAN      *                     U     0   WAN      *                     U     0   LAN & WLAN     UG   0   LAN & WLAN

One thing I will say is a detailed description of the client router configurations in the wikis leave something to be desired compared to the host router. And yes, I know the Forum Guidelines state to not use the router database which opens up a whole different can of worms. Why even have the router database in one place if somewhere else it's recommended not to use it??? Having tried two different firmware, I don't think this is a firmware version specific issue anyway.

SO! What one checkbox am I missing I will kick myself for not seeing that's causing me so much grief?

P.S. I really only have Router 2 in client mode at the moment. Router 3 is still in client-bridge mode and happy as a clam, but I still can't reach it from the subnet.

https://wikidevi.wi-cat.ru/Netgear_R8000 | BCM4709A0 is ARM based, so do not 30/30/30 this router.

http://www.downloads.netgear.com/files/GDC/R8000/R8000_UM_EN.pdf | Manual states only 7 seconds.

Saw a few netgear support threads saying 10 or 15. This is while powered on after a full boot.

Ignore the router database and instead research the new build threads in the Broadcom subforum.

Examples: r44700, r44715, r44849, r44863

I have read not to do the 30-30-30 on ARM processors. But this is ARM? Really? Router stats say "Broadcom BCM4709"

Hmmm. I guess it is ARM. Won't do THAT again!

So are you of the opinion that this is in fact a firmware revision issue? I've downloaded 44863, ready to pull the trigger when my wife finally goes to bed. Just not looking forward to reloading the config file by hand for the fourth time in two days.

40559 is a junk build. You may wish to use the experimental driver image:


Since the other image may have wi-fi issues due to the driver.

Ha! That's great. I sure know how to pick'em! I'll give that a try. Thanks.

As long as we're recommending builds, what's your pick for my E4200 v1? Would the latest compatible build be this?


Look in the build threads

I have just upgrade my E2000 with 44863 which seems fine but is not thoroughly tested yet.

Connecting multiple subnets see my attached notes how I do it but there are several ways to do it (also using router mode an extra NAT rule on main router).

@egc That is a GREAT document! Wish I had found it ahead of time. Definitely fills in a couple of blanks regarding Router 2 configuration not covered in the wikis. I now realize I was confusing router access across subnets with forwarded traffic to those subnets.

So right now I can ping addresses on the 2.0 subnet from 1.0. The only missing piece is I still cannot access router 2 web interface while connected through Router 1. I thought
iptables -I INPUT -s -j ACCEPT

might do it for me but still no joy. Upgrading the firmware to 44863 is next.

Disregard. Web access is working too. Just had to enable Web GUI in Administration > Management > Remote Access which is not necessary when on the same subnet. I am marking this thread solved. Still upgrading the firmware anyway later today, though. In the end I may return to client-bridge mode if it will run stable with the newer version. It's just so much simpler.
Aaaaand 44863 bricked my E4200. I can reload older known working firmware using tftp but all it does is reboot over and over. (sigh) Sometimes it just doesn't pay to change things.

Off to look for an answer.............

Dd-wrt by default only Masquerade from the LAN. To Masquerade from all sub-nets including those behind your other routers, enter this on the router with the Internet line.:

iptables -t nat -A POSTROUTING -o `get_wanface` -j MASQUERADE
