NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Static routes with WNR3500Lv2
I'm having a problem with devices on a non local (192.168.0.x) subnet reaching the Internet via the WNR3500Lv2. The Firmware Version is V1.2.0.34_40.0.75. My configuration is a follows. First, I don't use this device for wifi. This is a wired application only. The local ethernet subnet is 10.120.102.0/24. The default gateway is 10.120.102.1. I have another subnet 192.168.0.0/24 via a cisco router. The local address of the cisco is 10.120.102.9. The default gateway in the 192.168.0.0/24 subnet is 192.168.0.1. I have a static route from the 10.120.102.0/24 network to the 192.168.0.0/24 network via the 10.120.102.9 interface. Devices on the 192.168.0.0/24 subnet can reach devices on the 10.120.102.0/24 subnet just fine. The problem is with devices on the 192.168.0.0/24 can't reach the Internet. I had a previous router WGR614v9 with the same configuration and everything worked just fine. I noticed a setting in the static route dialog called "Private". It is defined as "Select Private if you want to limit access to the LAN only". This is the behaviour I am seeing even though it is not selected. I tried it both ways and it still doesn't allow access from the remote subnet to the Internet.
TheEther I finally have a solution for my issue. I loaded "Tomato v1.28.0000 MIPSR2-132 K26 USB AIO" firmware and everything I need now seems to work fine. Nice piece of software. Lots of features over the stock Netgear firmware. I like that it's linux based and you can ssh to manage it.
I did hear back from engineering. The capability to NAT/route non-local subnet traffic was specifically removed. They were concerned that requests for features (port forwarding, DoS protection, etc.) for stuff that was non-local would complicate things for a configuration that few people had. Maybe it's a Broadcom chip issue. We'll see. I'll do some testing.
Thanks for your help on this issue.
12 Replies
I wouldn't worry about the Private setting. It just controls whether the route is advertised whenever RIP is enabled.
I suspect the problem is that the WNR3500Lv2 is not performing NAT on traffic from the 192.168.0.0/24 subnet. You say that things worked with your WGR614v9. Were you using the same subnets (i.e. 10.120.102.0/24 and 192.168.0.0/24)?
I once tried to help another user with this same problem by suggesting that he subnet his main network into two parts, with the second part being a more-specific subnet of the first. My thinking was that this would enable the router to perform NAT for traffic coming from either subnet.
Let's keep your main subnet, 10.120.102.0/24, the same. Replace the 192.168.0.0/24 subnet behind your cisco with a new subnet, 10.120.102.128/25. Notice how this is a more-specific subnet of 10.120.102.0/24. You can keep 10.120.102.9 as the IP address for the cisco on the main subnet. On the other side of the cisco, configure it with IP address 10.120.102.129. This would be the default gateway for that subnet. On the WNR3500Lv2, configure a static route to 10.120.102.128/255.255.255.128 to point at 10.120.102.9.
Unfortunately, the other user reported that this trick didn't work. If you are willing to give it a shot, I'd be interested in knowing whether it works. I can't think of any reason why it wouldn't.
Thanks for your help.
"I suspect the problem is that the WNR3500Lv2 is not performing NAT on traffic from the 192.168.0.0/24 subnet. You say that things worked with your WGR614v9. Were you using the same subnets (i.e. 10.120.102.0/24 and 192.168.0.0/24)?"
This is my suspicion (not performing NAT correctly on the 192.168.0.0/24 subnet traffic) as well. Just to verify, I re-installed my old WGR614v9 router with the same configuration (i.e. 10.120.102.0/24 and 192.168.0.0/24 subnets) and it does work correctly. I'd try your suggestion of using a more specific subnet of 10.120.102.0/24 but this subnet contains a cluster of openstack servers and reconfiguring would be a challenge. I'll check with tech support tomorrow. This has to be a bug. I don't know why you would support static routes and not NAT the traffic from those networks especially since it was supported in older products. Hopefully they will have a solution.
I would appreciate a follow-up once you hear from Netgear. I'm curious whether they deliberately removed this functionality or if it's a bug.
- You can try sniffing the traffic using Wireshark.
