WRT3200ACM behind Firewalla Router

Post new topic   Reply to topic    DD-WRT Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.)
Author Message
FlaParrotHead
DD-WRT User


Joined: 04 Nov 2020
Posts: 80

PostPosted: Tue Oct 04, 2022 17:07    Post subject: WRT3200ACM behind Firewalla Router Reply with quote
I am considering putting a Firewalla Gold device into my network to manage all network functions. What mode would i use to take advantage of AP functions … primary and guest networks. Should i just revery to Linksys firmware in this use case?

Any thoughts or comments welcome.

_________________
Linksys WRT3200ACM
VersionDD-WRT v3.0-r50500 std (10/13/22)
Kernel VersionLinux 4.9.330 #3466 SMP Thu Oct 13 02:01:23 +07 2022 armv7l
Linksys RE9000 Extender (WiFi attached)
OpenVPN with PBR: ExpressVPN
Devices: Sonos, Apple, QNAP, Laserjet other
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12836
Location: Netherlands

PostPosted: Tue Oct 04, 2022 17:15    Post subject: Re: WRT3200ACM behind Firewalla Router Reply with quote
FlaParrotHead wrote:
I am considering putting a Firewalla Gold device into my network to manage all network functions. What mode would i use to take advantage of AP functions … primary and guest networks. Should i just revery to Linksys firmware in this use case?

Any thoughts or comments welcome.


Why would you revert to linksys firmware?

Assuming the Firewall device also does the routing consider setting up as Wireless Access Point:

A secondary router connected wired LAN<>LAN on the same subnet as the primary router:
• WAN disabled
• DHCP server Disabled (=off and NOT set as Forwarder!)
• Local IP address in subnet of primary router but outside DHCP scope, make sure the used IP address is unique on your network you cannot have duplicates.
(You can run udhcpc to give the WAP a static lease but because you can doesn't mean you should Wink )
• Gateway and Local DNS pointing to primary router
• DNSMasq enabled
• Router kept in the default Gateway mode (the wiki says Router mode but do not do that, either it does not matter (this case) or break things)
• Connect LAN <> LAN (do not use the WAN port unless you really need that extra port, for most routers traffic still must use the CPU so performance is lacklustre )
• I do not change the Firewall settings although you do not want a firewall, the Firewall is automatically disabled as there is no WAN, but it does not hurt to follow the wiki and Disable the Firewall anyway.


In the web-interface of the router (the WAP): Administration/Commands save Firewall:
#Always necessary (alternatively set static route on main router and NAT traffic from VAP/Bridge out via WAN):
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to $(nvram get lan_ipaddr)

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
FlaParrotHead
DD-WRT User


Joined: 04 Nov 2020
Posts: 80

PostPosted: Tue Oct 11, 2022 2:34    Post subject: Re: WRT3200ACM behind Firewalla Router Reply with quote
egc wrote:
FlaParrotHead wrote:
I am considering putting a Firewalla Gold device into my network to manage all network functions. What mode would i use to take advantage of AP functions … primary and guest networks. Should i just revery to Linksys firmware in this use case?

Any thoughts or comments welcome.


Why would you revert to linksys firmware?

Assuming the Firewall device also does the routing consider setting up as Wireless Access Point:

A secondary router connected wired LAN<>LAN on the same subnet as the primary router:
• WAN disabled
• DHCP server Disabled (=off and NOT set as Forwarder!)
• Local IP address in subnet of primary router but outside DHCP scope, make sure the used IP address is unique on your network you cannot have duplicates.
(You can run udhcpc to give the WAP a static lease but because you can doesn't mean you should Wink )
• Gateway and Local DNS pointing to primary router
• DNSMasq enabled
• Router kept in the default Gateway mode (the wiki says Router mode but do not do that, either it does not matter (this case) or break things)
• Connect LAN <> LAN (do not use the WAN port unless you really need that extra port, for most routers traffic still must use the CPU so performance is lacklustre )
• I do not change the Firewall settings although you do not want a firewall, the Firewall is automatically disabled as there is no WAN, but it does not hurt to follow the wiki and Disable the Firewall anyway.


In the web-interface of the router (the WAP): Administration/Commands save Firewall:
#Always necessary (alternatively set static route on main router and NAT traffic from VAP/Bridge out via WAN):
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to $(nvram get lan_ipaddr)



Thanks EDC.

Will I still be able to maintain the virtual AP guest network when I switch to the AP mode you describe?

Something I have never played with are VLANs. In this mode, would VLANs allow me to separate the private nd guest networks ? Thanks

_________________
Linksys WRT3200ACM
VersionDD-WRT v3.0-r50500 std (10/13/22)
Kernel VersionLinux 4.9.330 #3466 SMP Thu Oct 13 02:01:23 +07 2022 armv7l
Linksys RE9000 Extender (WiFi attached)
OpenVPN with PBR: ExpressVPN
Devices: Sonos, Apple, QNAP, Laserjet other
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12836
Location: Netherlands

PostPosted: Tue Oct 11, 2022 9:16    Post subject: Reply with quote
Yes a VAP on a WAP is certainly possible.

VLAN's are for wired ports but this is also possible on a WAP and can be combined with a vAP if both are placed on a bridge

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
FlaParrotHead
DD-WRT User


Joined: 04 Nov 2020
Posts: 80

PostPosted: Wed Oct 19, 2022 3:45    Post subject: Re: WRT3200ACM behind Firewalla Router Reply with quote
egc wrote:
FlaParrotHead wrote:
I am considering putting a Firewalla Gold device into my network to manage all network functions. What mode would i use to take advantage of AP functions … primary and guest networks. Should i just revery to Linksys firmware in this use case?

Any thoughts or comments welcome.


Why would you revert to linksys firmware?

Assuming the Firewall device also does the routing consider setting up as Wireless Access Point:

A secondary router connected wired LAN<>LAN on the same subnet as the primary router:
• WAN disabled
• DHCP server Disabled (=off and NOT set as Forwarder!)
• Local IP address in subnet of primary router but outside DHCP scope, make sure the used IP address is unique on your network you cannot have duplicates.
(You can run udhcpc to give the WAP a static lease but because you can doesn't mean you should Wink )
• Gateway and Local DNS pointing to primary router
• DNSMasq enabled
• Router kept in the default Gateway mode (the wiki says Router mode but do not do that, either it does not matter (this case) or break things)
• Connect LAN <> LAN (do not use the WAN port unless you really need that extra port, for most routers traffic still must use the CPU so performance is lacklustre )
• I do not change the Firewall settings although you do not want a firewall, the Firewall is automatically disabled as there is no WAN, but it does not hurt to follow the wiki and Disable the Firewall anyway.


In the web-interface of the router (the WAP): Administration/Commands save Firewall:
#Always necessary (alternatively set static route on main router and NAT traffic from VAP/Bridge out via WAN):
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to $(nvram get lan_ipaddr)


Is there a setting I missed that would be preventing me from accessing the (now bridge) router web GUI now that it’s up and working in this mode. It “appears” to be functioning properly as a bridge AP but I do not seem to be able to access the GUI. Thanks.

_________________
Linksys WRT3200ACM
VersionDD-WRT v3.0-r50500 std (10/13/22)
Kernel VersionLinux 4.9.330 #3466 SMP Thu Oct 13 02:01:23 +07 2022 armv7l
Linksys RE9000 Extender (WiFi attached)
OpenVPN with PBR: ExpressVPN
Devices: Sonos, Apple, QNAP, Laserjet other
FlaParrotHead
DD-WRT User


Joined: 04 Nov 2020
Posts: 80

PostPosted: Wed Oct 19, 2022 23:07    Post subject: Lost access to the AP Reply with quote
I made the definitions above and the device appears to be functioning well as a Bridge but maybe I missed something minor.

I am no longer able to access the GUI…. I do not see any errors or alerts on the new router/firewall but not sure where the session is being blocked.

Pings from devices to the address for the AP fail…. But I’m not sure if the AP is rejecting them or if they are not getting there.

Anyone with ideas ….

_________________
Linksys WRT3200ACM
VersionDD-WRT v3.0-r50500 std (10/13/22)
Kernel VersionLinux 4.9.330 #3466 SMP Thu Oct 13 02:01:23 +07 2022 armv7l
Linksys RE9000 Extender (WiFi attached)
OpenVPN with PBR: ExpressVPN
Devices: Sonos, Apple, QNAP, Laserjet other
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.) All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum