Posted: Mon May 16, 2022 19:20 Post subject: [SOLVED] Client-Bridge Mode with NAT br1
mac913 wrote:
OffSite #2
Router/Version: E3000
File/Kernel: DD-WRT v3.0-r46979 mega (06/21/21)
Previous/Reset: r46885 / No, Remote GUI Update
Mode/Status: Client-Bridge / Working Well
Issues/Errors: none / none
Services Used: WiFi 5G,NTP,SSH,Syslog,VLANx,BRx,
Services Disabled: WAN,QoS,ttraff,SFE,Telnet
This E3000 is used to connect the Security Camera System via wirelessly in Client-Bridge Mode with 2 Networks (br0 & br1). The cameras are on br1 that nats to br0 to Only update the camera's time clock online. This week I've noticed that the time clock on the cameras was off, don't normally check. Something broke nat to br1. I started back testing a build where nattiing to br1 works. Build r44483 mega K4.4 has working nat to br1. _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
Joined: 08 May 2018 Posts: 14248 Location: Texas, USA
Posted: Mon May 16, 2022 19:27 Post subject:
In other words, you made no resets or configuration adjustments related to changes and it broke. Have a feeling it's related to swconfig utility support added to Broadcom. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
I did erase nvram with reboot and manually configured. With Client-Bridge Mode still br1 would not NAT unit going back to r44483 (didn't test every build). But I believe it broke when the Advance Routing GUI changed and added Route Tables and other new features. _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
Joined: 08 May 2018 Posts: 14248 Location: Texas, USA
Posted: Mon May 16, 2022 23:56 Post subject:
Without flashing and testing current release 48886 and providing screenshots, logs, etc. there is no telling if it's since fixed or if it's a procedural issue or what. Probably best to try current release as nobody else seems to have reported an issue. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Without flashing and testing current release 48886 and providing screenshots, logs, etc. there is no telling if it's since fixed or if it's a procedural issue or what. Probably best to try current release as nobody else seems to have reported an issue.
Is anyone running an E3000 in Client-Bridge Mode with br0 (lan ports 3 & 4) and br1 (lan Ports 1 & 2). br1 needs nat through br0 for br1 to get an internet connection?
It works with build 44483 and below but any build 45000+ does not with the same configuration. When I running builds +45000
no packets counts are show up when using this nat instruction....
Joined: 08 May 2018 Posts: 14248 Location: Texas, USA
Posted: Tue May 17, 2022 18:19 Post subject:
If br1 is a separate vlan/bridge from br0, it shouldn't have to traverse br0, should it? Screenshots / startup scripts, etc. would greatly help us see the larger picture and this should be a separate thread starting with your post quoting your previous post. Dear mods, please rectify this. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
To be precise, in the current configuration, NAT is only needed *if* you're unwilling or unable to configure static routes on the primary router for the IP network of that bridge (br1).
IOW, if the primary network (br0) is 192.168.1.0/24, and you create br1 (192.168.2.0/24) on a client bridge, you could configure a static route on the primary router that points to the LAN ip of that client bridge as the gateway to the 192.168.2.0/24 network. But sometimes that's NOT possible, such as when the primary router is running OEM firmware and doesn't support static routing. At that point, NAT becomes necessary.
In general, given all the problems these various NAT acceleration gimmicks introduce, be it SFE, CTF, FA, etc., I suggest they ALL be disabled. Even though there is no active WAN on the client bridge, I just don't trust what quirks they may introduce, regardless.
The Camera Security System is nowhere near a LAN connection and unable to run a line to it, so the configuration I've been using for +10 years was a router setup in Client-Bridge Mode where the PC System is on br0 no NAT required. The Cameras are a separate subnet on br1 since I don't trust these 4K HikVision from China they only get Port 123 access to update the time clock once a day. PC Sytem has a 2nd NIC for the Camera Access.
In any case same configuration on a E3000 on build 44483 K4.4 works fine. Going to builds 45000+ K4.4 breaks br1 NAT. I disabled all CTF & SFE still br1 NAT is broken.
I just don't have the time to trouble-shoot "Client-Bridge Mode" on current builds. I do know that "Client Mode" will NAT br0 and br1 on all builds plus 45000+ but I don't want to create another subnet at this time but I feel I might have too if I want to run current builds. For now build 44483 works. _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
On the Camera Security PC it has 2 Gb NIC cards. 1st Gb NIC has full Internet access for VNC (remote access), Updates and Viewing Camera's via Live or Recordings. The 2nd Gb NIC is on a different Subnet for hardwired connections to 4K Cameras for uninterrupted streaming/recording 24/7. This basic setup has been working for over 10 years with hardware/software upgrades along the way.
Having no wired connection to the R7000 Gateway Router at OffSite #1 for the Camera Security PC to have Internet Access I'm forced to use a single Wireless connection to push 2 Subnets. From the get go Client-Bridge Mode 1st on a WRT610v1 (bricked on a newer build) then forced to use an E3000 has been working perfectly; only now limited to build 44483 Mega K4.4. Unless I change the configuration which at the Offsite location and don't have the time as life is keeping me busy and the Offsite is working fine.
When I get time to experiment. I will post my findings.
Thanks for your suggestions! _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
Kinda off topic, but instead of opening a port to set your clock once or twice per day, you could do what I do and run an internal ntpd server. Very easy to set up. _________________ Linksys EA8500 (Internet Gateway, AP/VAP) - DD-WRT r53562
Features in use: WDS-AP, Multiple VLANs, Samba, WireGuard, Entware: mqtt, mlocate
Wireless 5ghz only
Netgear R7800 (WDS-AP, WAP, VAP) - DD-WRT r55779
Features in use: multiple VLANs over single trunk port
Linksys EA8500 WDS Station x2 - DD-WRT r55799
Netgear R6400v2 WAP, VAP 2.4ghz only w/VLANs over single trunk port. DD-WRT r55779
OSes: Fedora 38, 9 RPis (2,3,4,5), 20 ESP8266s: Straight from Amiga to Linux in '94, never having owned a Windows PC.
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Tue May 24, 2022 9:58 Post subject:
Well as long as we go offtopic, most of these Chinese cameras have alternative firmware projects that supply more secure solutions and are maintained regularly.