Posted: Tue Oct 04, 2022 17:07 Post subject: WRT3200ACM behind Firewalla Router
I am considering putting a Firewalla Gold device into my network to manage all network functions. What mode would i use to take advantage of AP functions … primary and guest networks. Should i just revery to Linksys firmware in this use case?
Any thoughts or comments welcome. _________________ Linksys WRT3200ACM
VersionDD-WRT v3.0-r50500 std (10/13/22)
Kernel VersionLinux 4.9.330 #3466 SMP Thu Oct 13 02:01:23 +07 2022 armv7l
Linksys RE9000 Extender (WiFi attached)
OpenVPN with PBR: ExpressVPN
Devices: Sonos, Apple, QNAP, Laserjet other
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Tue Oct 04, 2022 17:15 Post subject: Re: WRT3200ACM behind Firewalla Router
FlaParrotHead wrote:
I am considering putting a Firewalla Gold device into my network to manage all network functions. What mode would i use to take advantage of AP functions … primary and guest networks. Should i just revery to Linksys firmware in this use case?
Any thoughts or comments welcome.
Why would you revert to linksys firmware?
Assuming the Firewall device also does the routing consider setting up as Wireless Access Point:
A secondary router connected wired LAN<>LAN on the same subnet as the primary router:
• WAN disabled
• DHCP server Disabled (=off and NOT set as Forwarder!)
• Local IP address in subnet of primary router but outside DHCP scope, make sure the used IP address is unique on your network you cannot have duplicates.
(You can run udhcpc to give the WAP a static lease but because you can doesn't mean you should )
• Gateway and Local DNS pointing to primary router
• DNSMasq enabled
• Router kept in the default Gateway mode (the wiki says Router mode but do not do that, either it does not matter (this case) or break things)
• Connect LAN <> LAN (do not use the WAN port unless you really need that extra port, for most routers traffic still must use the CPU so performance is lacklustre )
• I do not change the Firewall settings although you do not want a firewall, the Firewall is automatically disabled as there is no WAN, but it does not hurt to follow the wiki and Disable the Firewall anyway.
Posted: Tue Oct 11, 2022 2:34 Post subject: Re: WRT3200ACM behind Firewalla Router
egc wrote:
FlaParrotHead wrote:
I am considering putting a Firewalla Gold device into my network to manage all network functions. What mode would i use to take advantage of AP functions … primary and guest networks. Should i just revery to Linksys firmware in this use case?
Any thoughts or comments welcome.
Why would you revert to linksys firmware?
Assuming the Firewall device also does the routing consider setting up as Wireless Access Point:
A secondary router connected wired LAN<>LAN on the same subnet as the primary router:
• WAN disabled
• DHCP server Disabled (=off and NOT set as Forwarder!)
• Local IP address in subnet of primary router but outside DHCP scope, make sure the used IP address is unique on your network you cannot have duplicates.
(You can run udhcpc to give the WAP a static lease but because you can doesn't mean you should )
• Gateway and Local DNS pointing to primary router
• DNSMasq enabled
• Router kept in the default Gateway mode (the wiki says Router mode but do not do that, either it does not matter (this case) or break things)
• Connect LAN <> LAN (do not use the WAN port unless you really need that extra port, for most routers traffic still must use the CPU so performance is lacklustre )
• I do not change the Firewall settings although you do not want a firewall, the Firewall is automatically disabled as there is no WAN, but it does not hurt to follow the wiki and Disable the Firewall anyway.
In the web-interface of the router (the WAP): Administration/Commands save Firewall:
#Always necessary (alternatively set static route on main router and NAT traffic from VAP/Bridge out via WAN):
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to $(nvram get lan_ipaddr)
Thanks EDC.
Will I still be able to maintain the virtual AP guest network when I switch to the AP mode you describe?
Something I have never played with are VLANs. In this mode, would VLANs allow me to separate the private nd guest networks ? Thanks _________________ Linksys WRT3200ACM
VersionDD-WRT v3.0-r50500 std (10/13/22)
Kernel VersionLinux 4.9.330 #3466 SMP Thu Oct 13 02:01:23 +07 2022 armv7l
Linksys RE9000 Extender (WiFi attached)
OpenVPN with PBR: ExpressVPN
Devices: Sonos, Apple, QNAP, Laserjet other
Posted: Wed Oct 19, 2022 3:45 Post subject: Re: WRT3200ACM behind Firewalla Router
egc wrote:
FlaParrotHead wrote:
I am considering putting a Firewalla Gold device into my network to manage all network functions. What mode would i use to take advantage of AP functions … primary and guest networks. Should i just revery to Linksys firmware in this use case?
Any thoughts or comments welcome.
Why would you revert to linksys firmware?
Assuming the Firewall device also does the routing consider setting up as Wireless Access Point:
A secondary router connected wired LAN<>LAN on the same subnet as the primary router:
• WAN disabled
• DHCP server Disabled (=off and NOT set as Forwarder!)
• Local IP address in subnet of primary router but outside DHCP scope, make sure the used IP address is unique on your network you cannot have duplicates.
(You can run udhcpc to give the WAP a static lease but because you can doesn't mean you should )
• Gateway and Local DNS pointing to primary router
• DNSMasq enabled
• Router kept in the default Gateway mode (the wiki says Router mode but do not do that, either it does not matter (this case) or break things)
• Connect LAN <> LAN (do not use the WAN port unless you really need that extra port, for most routers traffic still must use the CPU so performance is lacklustre )
• I do not change the Firewall settings although you do not want a firewall, the Firewall is automatically disabled as there is no WAN, but it does not hurt to follow the wiki and Disable the Firewall anyway.
In the web-interface of the router (the WAP): Administration/Commands save Firewall:
#Always necessary (alternatively set static route on main router and NAT traffic from VAP/Bridge out via WAN):
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to $(nvram get lan_ipaddr)
Is there a setting I missed that would be preventing me from accessing the (now bridge) router web GUI now that it’s up and working in this mode. It “appears” to be functioning properly as a bridge AP but I do not seem to be able to access the GUI. Thanks. _________________ Linksys WRT3200ACM
VersionDD-WRT v3.0-r50500 std (10/13/22)
Kernel VersionLinux 4.9.330 #3466 SMP Thu Oct 13 02:01:23 +07 2022 armv7l
Linksys RE9000 Extender (WiFi attached)
OpenVPN with PBR: ExpressVPN
Devices: Sonos, Apple, QNAP, Laserjet other