2 routers, parental control need & problems accessing subnet devices
Hello,
I have acquired a R7000 for parental control. I have connected it to my IAP modem that is also a router, which can't be be set in bridge or AP mode. R7000 must be kept in router mode to enable parental control. So none of the routers of my home network can be switched to bridge of AP mode.
The only solution I found was to create two subnets. Subnet 1 behind the modem and subnet 2 behind the R7000, R7000 WAN port being connected to the modem.
All works fine for subnet 2 devices (access to internet, to the other devices of the subnet 1...)
The issue is that subnet 1 devices can't connect to subnet 2 devices, even if I create the correct route on network 1 devices. That's logical I guess. As far as I understand this is due to NAT on R7000 and could work if there has been an option to switch NAT off on the R7000.
Is this right ?
If this is the case then I think that I am screwed because my understanding is that it is not possible to switch NAT off on this router.
The other option I see is to put all my devices on subnet 2... but I am afraid that this will not fly because of double NAT that will cause issues at some point when accessing remote SSH servers at my office I need to connect to.
Is there any other option to make this work ? If not then this would mean that these Nighthawk routers can't be used for parental control when the IAP modem is also a router that can't be turned into a bridge.
Of course, not accessing subnet 2 devices from subnet 1 is not a solution for me 🙂 And I can't replace the FAI modem because of TV and phone traffic that would be very, not to say impossible, to handle with other modems
Many thanks for your attention and your help.
PS: I have little knowledge in network things and English is not my native language. My apologises for all the stupid things and mistakes I may write.
Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Re: 2 routers, parental control need & problems accessing subnet devices
> The issue is that subnet 1 devices can't connect to subnet 2 devices, > even if I create the correct route on network 1 devices.
What, exactly, are these subnets, and what, exactly is this "the correct route on network 1 devices"?
As usual, showing actual actions with their actual results (error messages, LED indicators, ...) can be more helpful than vague descriptions or interpretations. In this case, actual IP addresses. (They're all private addresses, so disclosure should be harmless. Your public IP address (WAN of IAP router) may be hidden, if you want.)
What you need is not a "route on network 1 devices". You need a route on the IAP _router_. Otherwise, it will see subnet-2 addresses as foreign, and send messages for them out its WAN port, not to the R7000.
> [...] That's logical I guess. As far as I understand this is due to > NAT on R7000 and could work if there has been an option to switch NAT > off on the R7000. > > Is this right ?
Nope.
On the IAP router, you need a (static) route for subnet-2, with a gateway address which is the WAN address of the R7000 (a subnet-1 LAN address). That means that the R7000 WAN address must be fixed. It can be a static address (configured on the R7000), or a reserved dynamic address (or whatever the IAP router calls it, configured on the IAP router), but it must match the gateway address in that (static) route.
It would be easier to explain the details if we knew what the "IAP router" was, and what the actual IP addresses are.
Cascading two routers this way can still cause problems if you try to run a server on subnet-2, but the basic problem is that the IAP router doesn't know that the R7000 is where it should send things which are addressed to subnet-2. Defining an appropriate (static) route on the IAP router should tell it what it needs to know.
> [...] English is not my native language.
You use it better than many people whose native language it is.
Re: 2 routers, parental control need & problems accessing subnet devices
IF the modem can't be bridged and you need the R7000 to be in router mode as well, check to see if there is a DMZ on the modem. If so, use this for the IP address that the R7000 router gets on its Internet port. Input this IP address in the modems DMZ. This will help with some double NAT issues that are seen with two routers on the same network.
It would be best to disable any wifi on the modem if enabled and let the R7000 be the main wireless AP.
I have acquired a R7000 for parental control. I have connected it to my IAP modem that is also a router, which can't be be set in bridge or AP mode. R7000 must be kept in router mode to enable parental control. So none of the routers of my home network can be switched to bridge of AP mode.
The only solution I found was to create two subnets. Subnet 1 behind the modem and subnet 2 behind the R7000, R7000 WAN port being connected to the modem.
All works fine for subnet 2 devices (access to internet, to the other devices of the subnet 1...)
The issue is that subnet 1 devices can't connect to subnet 2 devices, even if I create the correct route on network 1 devices. That's logical I guess. As far as I understand this is due to NAT on R7000 and could work if there has been an option to switch NAT off on the R7000.
Is this right ?
If this is the case then I think that I am screwed because my understanding is that it is not possible to switch NAT off on this router.
The other option I see is to put all my devices on subnet 2... but I am afraid that this will not fly because of double NAT that will cause issues at some point when accessing remote SSH servers at my office I need to connect to.
Is there any other option to make this work ? If not then this would mean that these Nighthawk routers can't be used for parental control when the IAP modem is also a router that can't be turned into a bridge.
Of course, not accessing subnet 2 devices from subnet 1 is not a solution for me 🙂 And I can't replace the FAI modem because of TV and phone traffic that would be very, not to say impossible, to handle with other modems
Many thanks for your attention and your help.
PS: I have little knowledge in network things and English is not my native language. My apologises for all the stupid things and mistakes I may write.
Re: 2 routers, parental control need & problems accessing subnet devices
Might be easier to take the R7000 back and get a modem/router that does what you want. If, that is, you can find one that works with your internet service.
The D7000 is probably much like the R7000 but with a modem built in.
Re: 2 routers, parental control need & problems accessing subnet devices
Gosh, I thought my last post was the one containing the requested details but I don't it anymore... will repost
@michaelkenward That would be also a nightmare to replace the modem as it also handles TV and phone with unknow protocols. Replacing the modem would probably lead to the loss of these services. There must be a solution to use the parental control of the R7000 behind a router modem with changing this modem ... at least I hope
....
I tried to repost my previous post with all the technical info. It seemed to work, I saw the post in the thread, I saw also that this post was the 7/7 message... and when I refresh the page, the post is no more there and the thread only has 6 messages ... Am I getting totally dumb ?
It is also technically possible to replace you existing Modem-Router, R7000 and simplify your network via one Router.
Unfortunately, I don't think it is feasible with the IAP I have without losing TV and IP phone. Let me see the port forwarding option you suggest (and also find why my post with technical info keeps on disappearing each time I post it 🙂
Gosh, I thought my last post was the one containing the requested details but I don't it anymore... will repost
@michaelkenward That would be also a nightmare to replace the modem as it also handles TV and phone with unknow protocols. Replacing the modem would probably lead to the loss of these services. There must be a solution to use the parental control of the R7000 behind a router modem with changing this modem ... at least I hope
....
I tried to repost my previous post with all the technical info. It seemed to work, I saw the post in the thread, I saw also that this post was the 7/7 message... and when I refresh the page, the post is no more there and the thread only has 6 messages ... Am I getting totally dumb ?
Re: 2 routers, parental control need & problems accessing subnet devices
I got a PM with some details, including this:
[...] Unfortunately, it is not possible to create routes on this modem (orange livebox). [...]
> The R7000 has a Firewall, [...]
The problem is not so much "a Firewall" as it is "NAT". My error (one of them?) was thinking about a generic router, not specifcally about an R7000.
> [...] As far as I understand this is due to NAT on R7000 and could > work if there has been an option to switch NAT off on the R7000.
> [...] my understanding is that it is not possible to switch NAT off on > this router.
Apparently so, and that does seem to be the big problem. Interestingly, my D7000 (V1.0.1.64_1.0.1) has such an option: ADVANCED > Internet Setup > NAT (Network Address Translation) : { Enable | Disable }. ("D7000" _sounds_ like "R7000", but they have some interesting differences.)
My (current, revised) understanding is that, with NAT enabled, port forwarding would be about all you could do to get traffic through the R7000 to subnet-2.
You seem to have gotten a near-perfect combination of missing features on these two boxes.
It is also technically possible to replace you existing Modem-Router, R7000 and simplify your network via one Router.
Unfortunately, I don't think it is feasible with the IAP I have without losing TV and IP phone. Let me see the port forwarding option you suggest (and also find why my post with technical info keeps on disappearing each time I post it 🙂
I can understand that, especially when you have a "gateway" that also connects a phone. TVs are another matter, unless this is some exotic bundled box.
I was just looking for the easiest option without knowing what the modem was. Talk of IAP and FAI modems doesn't mean much to most of us. We need model numbers before we can make even semi-informed guesses.
It always helps to start with as much information as possible when seeing help. In this case, telling people the modem at the start might have come up with alternative options.
I assume that you have asked your internet service provider for help with this question. It should know what kit works best on the network. Some ISPs even have their own forums where people talk through such matters.
I bet someone on there has faced the same challenge.
Good luck. Hope you get it sorted before the kids are too old to need parental controls. Oh, and be warned that some young persons are smarter than their parents and quickly find ways round parental controls. They turn up here seeking help only to be told what to do with their brats!
You seem to have gotten a near-perfect combination of missing features on these two boxes.
You said it :-). Do you think my setting would work fine with the D7000 ? I would loose the Circle parental control function but would have at least a network that would look more logical to me otherwise I only see two options :
- returning R7000 and leaving my kids in the wild, being a bad father and getting in worse troubles when they will get older 🙂
- putting all my devices but TV box behind R7000 hoping not to have double NAT issues (e.g. when using SSH connection to office servers ) or putting it in the modem DNZ to avoid this.
Is this correct ?
@michaelkenward wrote : I assume that you have asked your internet service provider for help with this question.
... I am afraid that no relevant help can be expected from my ISP. They provide good quality service to the mass and super fast network here, but do not want people to do "alternative" things with their equipement. This is why there are so little settings in their modem. I can understand.
Do you think it is worth contacting netgear support team to see if there is a trick that we had not thought about ?
@michaelkenward wrote : Good luck. Hope you get it sorted before the kids are too old to need parental controls. Oh, and be warned that some young persons are smarter than their parents and quickly find ways round parental controls.
🙂 Thanks ! I am afraid that I need more than luck these days, the older has turned 13 🙂
Re: 2 routers, parental control need & problems accessing subnet devices
> [...] Do you think my setting would work fine with the D7000 ?
I always use NAT, so I've never tried it, so I know nothing, but, in the User Manual, it looks better than the R7000 for NAT control. I'd be using the D7000 in router-only mode (ignoring the DSL modem function), simply to get the no-NAT mode.
I'd expect a D7000 to cost more than an R7000, and there may be some other model (perhaps from another maker) which would cost less, and still have the NAT-control feature.
> [...] I would [lose] the Circle parental control function [...]
The D7000 does have something at BASIC > Parental Controls, which directs you to download a "Genie" app, which, I assume, has some kind of pre/non-Disney-Circle access control. I know nothing about that, too, but perhaps it's (still?) possible to use that (or something like it) on the R7000 (or some other router).
> Is this correct ?
I'm now afraid to answer questions like that, but it sounds right to me. (My DMZ experience is also nil, however.)
> Do you think it is worth contacting netgear support team to see if > there is a trick that we had not thought about ?
There's only one way to find out. (It'd be nice if there were some secret way to disable NAT on the R7000, for example.)
You said it :-). Do you think my setting would work fine with the D7000 ?
The D7000 is a DSL modem/router. Beyond the number of the model, it is not comparable to the R7000.
You have already explained that you are joined at the hip to your existing modem. Buying another modem and using it as an access point mode may well lose important features, including parental controls.
There must be a better way of achieving what want.
Re: 2 routers, parental control need & problems accessing subnet devices
> The D7000 is a DSL modem/router. Beyond the number of the model, it is > not comparable to the R7000.
I can compare them. Watch this: Other than the DSL modem, the two have similar capabilities.
> [...] Buying another modem and using it as an access point mode may > well lose important features, including parental controls.
That would be a poor idea, but who proposed doing that? My suggestion was to use the D7000 (which is a modem+router, not simply a modem) as a _router_, not as a wireless access point. (A D7000, or some other router on which NAT can be disabled, that is.)
Visit http://netgear.com/support , put in "D7000" as the model number, and look for Documentation. Get the User Manual. Look for "Set Up the Modem Router for Cable or Fiber Service". Compare with "Use the Modem Router as a WiFi Access Point".
The D7000v2 is somewhat different, and I know (even) less about it.
But, as I said, I'd expect to be able to find a (cheaper) router on which NAT could be disabled.
But thanks for posting your equipment inventory again (and again). I was in danger of forgetting it. It always adds so much (noise, if not value) to every discussion.
> [...] will get back to this discussion to post the solution, if any
Do you think it is worth contacting netgear support team to see if there is a trick that we had not thought about ?
I doubt if that will throw up much that hasn't already come up here.
What you seek is outside the usual use of these boxes. Despite their multitude if model numbers, they all do essentially the same stuff at the basic level. So turning a router into an access point, for example, will lead to similar effects no matter what router you buy.
That's why Netgear has generic articles ion the KnowledgeBase. For example:
Both of these warn that parental controls don't work in that mode.
And trying to get round this by turning a modem into a router brings you back to the same problems.
I said earlier:
The D7000 is probably much like the R7000 but with a modem built in.
So using the D7000 with the modem disabled just brings you back to the issues that affect the R7000.
But we have been through all that.
I have no idea how they compare, but Netgear has an alternative product line in the Orbi.
Some people dismiss these as toys. I wouldn't know. But Netgear does sell them as "family friendly" boxes. Then again, they may just be standard routers in "designer" cases.
Re: 2 routers, parental control need & problems accessing subnet devices
> Both of these warn that parental controls don't work in that mode.
Who (else) is talking about "AP mode" or "bridge mode"?
> So using the D7000 with the modem disabled just brings you back to the > issues that affect the R7000. > > But we have been through all that.
Some of us have our doubts about that.
> Interestingly, my D7000 (V1.0.1.64_1.0.1) has such an option: > ADVANCED > Internet Setup > NAT (Network Address Translation) : > { Enable | Disable }. ("D7000" _sounds_ like "R7000", but they have > some interesting differences.)
Re: 2 routers, parental control need & problems accessing subnet devices
Hi there
@Case850 Netgear said that the firewall or/and the NAT was blocking incoming traffic ... issue is that none of them can be disabled ... the guy was not too sure thiugh and I may have influenced him a bit while trying to explain the problem
So the last option I had was to put all my main devices behind the R7000, taking the risk of double NAT problems. So far so good. SSH, SSL, UPnP apps seem to work well. No drop in performance... and Circle parental control works... So I guess I could say this is sorted out but I remain frustrated not being able to have devices on subnet 1 connect to those on subnet 2.
Thanks again for your help and if some one has a good new idea, will be happy to test it !
Still have now to find a way to have readyshare IP resolved ... It was working and does not work anymore... I have ot use IP adress instead of host name ... I know that I can put i it host file but this is just really dirty fix and will not work dor mobile devices that connect to subnet2
Re: 2 routers, parental control need & problems accessing subnet devices
If your using the D7000 as a modem router and it's not in transparent bridge mode, use the D7000s DMZ for the R7000 routers WAN IP address. Set up an IP address reservation on the D7000 modem for the R7000 router. Give this same IP address into the DMZ on the D7000. Put the R7000 in to Router mode. Then you should be able to use Parental controls again on the R7000 router. You can disable firewall and uPnP on the D7000 modem.
@Case850 Netgear said that the firewall or/and the NAT was blocking incoming traffic ... issue is that none of them can be disabled ... the guy was not too sure thiugh and I may have influenced him a bit while trying to explain the problem
So the last option I had was to put all my main devices behind the R7000, taking the risk of double NAT problems. So far so good. SSH, SSL, UPnP apps seem to work well. No drop in performance... and Circle parental control works... So I guess I could say this is sorted out but I remain frustrated not being able to have devices on subnet 1 connect to those on subnet 2.
Thanks again for your help and if some one has a good new idea, will be happy to test it !
Still have now to find a way to have readyshare IP resolved ... It was working and does not work anymore... I have ot use IP adress instead of host name ... I know that I can put i it host file but this is just really dirty fix and will not work dor mobile devices that connect to subnet2
