NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
2 routers, parental control need & problems accessing subnet devices
Hello,
I have acquired a R7000 for parental control. I have connected it to my IAP modem that is also a router, which can't be be set in bridge or AP mode. R7000 must be kept in router mode to enable parental control. So none of the routers of my home network can be switched to bridge of AP mode.
The only solution I found was to create two subnets. Subnet 1 behind the modem and subnet 2 behind the R7000, R7000 WAN port being connected to the modem.
All works fine for subnet 2 devices (access to internet, to the other devices of the subnet 1...)
The issue is that subnet 1 devices can't connect to subnet 2 devices, even if I create the correct route on network 1 devices. That's logical I guess. As far as I understand this is due to NAT on R7000 and could work if there has been an option to switch NAT off on the R7000.
Is this right ?
If this is the case then I think that I am screwed because my understanding is that it is not possible to switch NAT off on this router.
The other option I see is to put all my devices on subnet 2... but I am afraid that this will not fly because of double NAT that will cause issues at some point when accessing remote SSH servers at my office I need to connect to.
Is there any other option to make this work ? If not then this would mean that these Nighthawk routers can't be used for parental control when the IAP modem is also a router that can't be turned into a bridge.
Of course, not accessing subnet 2 devices from subnet 1 is not a solution for me :-) And I can't replace the FAI modem because of TV and phone traffic that would be very, not to say impossible, to handle with other modems
Many thanks for your attention and your help.
PS: I have little knowledge in network things and English is not my native language. My apologises for all the stupid things and mistakes I may write.
17 Replies
> The issue is that subnet 1 devices can't connect to subnet 2 devices,
> even if I create the correct route on network 1 devices.
What, exactly, are these subnets, and what, exactly is this "the
correct route on network 1 devices"?
As usual, showing actual actions with their actual results (error
messages, LED indicators, ...) can be more helpful than vague
descriptions or interpretations. In this case, actual IP addresses.
(They're all private addresses, so disclosure should be harmless. Your
public IP address (WAN of IAP router) may be hidden, if you want.)
What you need is not a "route on network 1 devices". You need a
route on the IAP _router_. Otherwise, it will see subnet-2 addresses as
foreign, and send messages for them out its WAN port, not to the R7000.
> [...] That's logical I guess. As far as I understand this is due to
> NAT on R7000 and could work if there has been an option to switch NAT
> off on the R7000.
>
> Is this right ?
Nope.
On the IAP router, you need a (static) route for subnet-2, with a
gateway address which is the WAN address of the R7000 (a subnet-1 LAN
address). That means that the R7000 WAN address must be fixed. It can
be a static address (configured on the R7000), or a reserved dynamic
address (or whatever the IAP router calls it, configured on the IAP
router), but it must match the gateway address in that (static) route.
It would be easier to explain the details if we knew what the "IAP
router" was, and what the actual IP addresses are.
Cascading two routers this way can still cause problems if you try to
run a server on subnet-2, but the basic problem is that the IAP router
doesn't know that the R7000 is where it should send things which are
addressed to subnet-2. Defining an appropriate (static) route on the
IAP router should tell it what it needs to know.
> [...] English is not my native language.
You use it better than many people whose native language it is.IF the modem can't be bridged and you need the R7000 to be in router mode as well, check to see if there is a DMZ on the modem. If so, use this for the IP address that the R7000 router gets on its Internet port. Input this IP address in the modems DMZ. This will help with some double NAT issues that are seen with two routers on the same network.
It would be best to disable any wifi on the modem if enabled and let the R7000 be the main wireless AP.
Olive1931wrote:Hello,
I have acquired a R7000 for parental control. I have connected it to my IAP modem that is also a router, which can't be be set in bridge or AP mode. R7000 must be kept in router mode to enable parental control. So none of the routers of my home network can be switched to bridge of AP mode.
The only solution I found was to create two subnets. Subnet 1 behind the modem and subnet 2 behind the R7000, R7000 WAN port being connected to the modem.
All works fine for subnet 2 devices (access to internet, to the other devices of the subnet 1...)
The issue is that subnet 1 devices can't connect to subnet 2 devices, even if I create the correct route on network 1 devices. That's logical I guess. As far as I understand this is due to NAT on R7000 and could work if there has been an option to switch NAT off on the R7000.
Is this right ?
If this is the case then I think that I am screwed because my understanding is that it is not possible to switch NAT off on this router.
The other option I see is to put all my devices on subnet 2... but I am afraid that this will not fly because of double NAT that will cause issues at some point when accessing remote SSH servers at my office I need to connect to.
Is there any other option to make this work ? If not then this would mean that these Nighthawk routers can't be used for parental control when the IAP modem is also a router that can't be turned into a bridge.
Of course, not accessing subnet 2 devices from subnet 1 is not a solution for me :-) And I can't replace the FAI modem because of TV and phone traffic that would be very, not to say impossible, to handle with other modems
Many thanks for your attention and your help.
PS: I have little knowledge in network things and English is not my native language. My apologises for all the stupid things and mistakes I may write.
Might be easier to take the R7000 back and get a modem/router that does what you want. If, that is, you can find one that works with your internet service.
The D7000 is probably much like the R7000 but with a modem built in.
Gosh, I thought my last post was the one containing the requested details but I don't it anymore... will repost
michaelkenward That would be also a nightmare to replace the modem as it also handles TV and phone with unknow protocols. Replacing the modem would probably lead to the loss of these services. There must be a solution to use the parental control of the R7000 behind a router modem with changing this modem ... at least I hope
....
I tried to repost my previous post with all the technical info. It seemed to work, I saw the post in the thread, I saw also that this post was the 7/7 message... and when I refresh the page, the post is no more there and the thread only has 6 messages ... Am I getting totally dumb ?
Try the DMZ option with the Modem back in Router mode with the R7000.
Olive1931wrote:Gosh, I thought my last post was the one containing the requested details but I don't it anymore... will repost
michaelkenward That would be also a nightmare to replace the modem as it also handles TV and phone with unknow protocols. Replacing the modem would probably lead to the loss of these services. There must be a solution to use the parental control of the R7000 behind a router modem with changing this modem ... at least I hope
....
I tried to repost my previous post with all the technical info. It seemed to work, I saw the post in the thread, I saw also that this post was the 7/7 message... and when I refresh the page, the post is no more there and the thread only has 6 messages ... Am I getting totally dumb ?
