A little bit help setting up static routes

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
lolcocks
DD-WRT User


Joined: 31 May 2013
Posts: 120

PostPosted: Sat Nov 16, 2019 14:07    Post subject: A little bit help setting up static routes Reply with quote
Hello,

Currently I have two routers, one connected to the other.
My setup is the same as on this wiki page except there is no third router, just two routers.

https://wiki.dd-wrt.com/wiki/index.php/Linking_Subnets_with_Static_Routes

Attached an image of my setup and the router settings.


When I ping any computer on the second router or the router itself (ping 192.168.1.1) I get a message saying "new (nexthop 10.0.0.3)" but the route never goes through, all the packets are dropped over there.


Any suggestions?

The second router is running default Netgear OS, and not DD-WRT so I am not able to run any commands on it but it doesn't have a firewall. So are those commands from the wiki still necessary?



setup.png
 Description:
 Filesize:  47.55 KB
 Viewed:  288 Time(s)

setup.png



routers.png
 Description:
 Filesize:  7.81 KB
 Viewed:  288 Time(s)

routers.png


Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4723
Location: Netherlands

PostPosted: Sun Nov 17, 2019 9:46    Post subject: Reply with quote
To link two routers (connected LAN<>WAN so in gateway mode on a different subnet) , you have to do two things:
1. Set a static route on the main router to the subnet of the secondary router (like you probably did)
2. Disable or punch a hole in the firewall of the secondary router

I can not comment on step 2, long time ago I used Netgears software.
Regarding step 1, you enable dynamic routing while you are attempting to setup a static route, i do not know if that will work.
Disable dynamic routing (which is the default), reboot and try again.

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
lolcocks
DD-WRT User


Joined: 31 May 2013
Posts: 120

PostPosted: Mon Nov 18, 2019 10:38    Post subject: Reply with quote
egc wrote:
To link two routers (connected LAN<>WAN so in gateway mode on a different subnet) , you have to do two things:
1. Set a static route on the main router to the subnet of the secondary router (like you probably did)
2. Disable or punch a hole in the firewall of the secondary router

I can not comment on step 2, long time ago I used Netgears software.
Regarding step 1, you enable dynamic routing while you are attempting to setup a static route, i do not know if that will work.
Disable dynamic routing (which is the default), reboot and try again.



Thank you for your response.
I think I enabled Dynamic routing just as a trial and error to see if things work and that's when I took the screenshot.


Anyways, upon further research, it seems that the NETGEAR R7000 does not support NAT from other subnets. It will simply drop all the packets.
And neither is there any option to disable the in-built firewall. I disabled SIP ALG but that did not do anything.

I think I will have to flash a custom firmware on the R7000. I am hesitant to flash DD-WRT since it does not support hardware acceleration and made my signal strength drop by 30% last time I flashed it on the R7000.

Going to give Xwrt-Vortex (Asuswrt-Merlin) a try as it supports hardware acceleration. I just hope that it also support NAT from other subnets.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4723
Location: Netherlands

PostPosted: Mon Nov 18, 2019 11:17    Post subject: Reply with quote
lolcocks wrote:
egc wrote:
To link two routers (connected LAN<>WAN so in gateway mode on a different subnet) , you have to do two things:
1. Set a static route on the main router to the subnet of the secondary router (like you probably did)
2. Disable or punch a hole in the firewall of the secondary router

I can not comment on step 2, long time ago I used Netgears software.
Regarding step 1, you enable dynamic routing while you are attempting to setup a static route, I do not know if that will work.
Disable dynamic routing (which is the default), reboot and try again.



Thank you for your response.
I think I enabled Dynamic routing just as a trial and error to see if things work and that's when I took the screenshot.


Anyways, upon further research, it seems that the NETGEAR R7000 does not support NAT from other subnets. It will simply drop all the packets.
And neither is there any option to disable the in-built firewall. I disabled SIP ALG but that did not do anything.

I think I will have to flash a custom firmware on the R7000. I am hesitant to flash DD-WRT since it does not support hardware acceleration and made my signal strength drop by 30% last time I flashed it on the R7000.

Going to give Xwrt-Vortex (Asuswrt-Merlin) a try as it supports hardware acceleration. I just hope that it also support NAT from other subnets.


Correct me if I am wrong, but the secondary router (not connected to the internet) is running Netgear OS?
NAT has nothing to do with it, it will work with NAT but it will also work if you can use router mode on the Netgear, but in that case you have to NAT the Netgears traffic out of the main DDWRT router with:
Code:
iptables -t nat -A POSTROUTING -o $(get_wanface)-j MASQUERADE


But you do have to disable the Firewall on the Netgear.

Why not consider the alternative of connecting LAN<>LAN , what I can remember if you reset the Netgear it will ask to setup as a secondary router like this: https://wiki.dd-wrt.com/wiki/index.php/Wireless_access_point

None of the software available has hardware acceleration it is all done in software, as far as I know.
Whether it is called flow-offload, fast classifier, Cut Through Forwarding or Shortcut Forwarding Engine, it all amounts to the same, but some are proprietary (like Netgears) and are somewhat faster.

DDWRT Shortcut Forwarding Engine (actually in recent builds it is fast-classifier) is not as fast as Netgears I think, for your R7000 DDWRT stops at around 700 Mb/s.
I have heard that Netgears stock is faster but you can test as it is the stock you are using Smile

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
lolcocks
DD-WRT User


Joined: 31 May 2013
Posts: 120

PostPosted: Mon Nov 18, 2019 13:13    Post subject: Reply with quote
egc wrote:
Correct me if I am wrong, but the secondary router (not connected to the internet) is running Netgear OS?


Yes, it's running NETGEAR OS as installing DD-WRT dropped its WiFi signal strength by 30%.
It's not connected to the internet directly, but can access the internet through the first router, R6400 (DD-WRT).

R6400 is connected to the internet through PPPoE.
R7000's WAN port is connected to R6400's LAN port.



egc wrote:
NAT has nothing to do with it, it will work with NAT but it will also work if you can use router mode on the Netgear, but in that case you have to NAT the Netgears traffic out of the main DDWRT router with:
Code:
iptables -t nat -A POSTROUTING -o $(get_wanface)-j MASQUERADE



The R7000 is already running in router mode.
Not sure if you have understood it wrong, but the R7000 is my second router and can access the internet through R6400. R7000 can even access the computers inside R6400's network.
But, the R6400 (first router) cannot access the computers on R7000's network (because it doesn't not know the route to R7000, which is why I added a static route to the R7000 but the R7000 chooses to drop all packet coming to it from another subnet).


egc wrote:
But you do have to disable the Firewall on the Netgear.


NETGEAR's default firmware does not provide any option to make changes to the firewall.


egc wrote:
Why not consider the alternative of connecting LAN<>LAN , what I can remember if you reset the Netgear it will ask to setup as a secondary router like this: https://wiki.dd-wrt.com/wiki/index.php/Wireless_access_point


If I set it up in access point mode, I can access computers on both the networks from any network. But I want to keep these networks seperate, which is why I opted for static route.


egc wrote:
None of the software available has hardware acceleration it is all done in software, as far as I know.
Whether it is called flow-offload, fast classifier, Cut Through Forwarding or Shortcut Forwarding Engine, it all amounts to the same, but some are proprietary (like Netgears) and are somewhat faster.


Xwrt-Vortex (Asuswrt-Merlin) for R7000 supports NAT acceleration.

egc wrote:
DDWRT Shortcut Forwarding Engine (actually in recent builds it is fast-classifier) is not as fast as Netgears I think, for your R7000 DDWRT stops at around 700 Mb/s.
I have heard that Netgears stock is faster but you can test as it is the stock you are using Smile


700 megabit per second is quite fast. But my problem is the WiFi signal strength drop, not the speed cause my internet plan is 200 megabits per second.

NETGEAR's stock firmware gives me full blown 1000 megabits per second when copying files on the LAN.



The whole purpose of this thread is to:
Access computers from the R7000 to R6400's network (which I can already do without any change in settings).
Access computers from the R6400 to the R7000's network (which I currently cannot do).
Running the R7000 in AP mode can solve my problem but I want to keep the two network seperate. And AP mode also disables a lot of features, such as DHCP server which I need.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4723
Location: Netherlands

PostPosted: Mon Nov 18, 2019 14:22    Post subject: Reply with quote
OK everything clear to me.

When I choose DDWRT for my Netgear routers the Wifi signal strength was on par with the stock firmware, but that was some time ago. So I can not vouch for it at the moment, however the signal strength did not diminish the last years.
You do have to use the right Regulatory Domain (US is working) use the right settings N/G mixed or AC/N mixed, WPA2/AES for security and probably set GTK interval at 0.

If you want to try DDWRT the last build 41517 works for my Netgear routers.
Xwrt-Vortex had some problems in the past where it resets the nvram on reboot but that is probably solved.
See: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=314525&sid=51e0755812183a74d366605bd0c5fcaf

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
lolcocks
DD-WRT User


Joined: 31 May 2013
Posts: 120

PostPosted: Mon Nov 18, 2019 17:38    Post subject: Reply with quote
egc wrote:
OK everything clear to me.

When I choose DDWRT for my Netgear routers the Wifi signal strength was on par with the stock firmware, but that was some time ago. So I can not vouch for it at the moment, however the signal strength did not diminish the last years.
You do have to use the right Regulatory Domain (US is working) use the right settings N/G mixed or AC/N mixed, WPA2/AES for security and probably set GTK interval at 0.

If you want to try DDWRT the last build 41517 works for my Netgear routers.
Xwrt-Vortex had some problems in the past where it resets the nvram on reboot but that is probably solved.
See: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=314525&sid=51e0755812183a74d366605bd0c5fcaf



I flashed the Xwrt-Vortex right now and it's working really great!
No drop in WiFi signal strength as well.

And now, static routing works. I didn't even change any settings on the DD-WRT router. All I did was disable firewall in Xwrt-Vortex settings and static routing started working.

So I guess NETGEAR's shitty firmware was dropping all the packets. With no way to turn off the firewall.

They really have gone down the drain since the last few years.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum