× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
× Introducing the new Orbi 770 Series Mesh System. To learn more click here.
Orbi WiFi 7 RBE973
Reply

Re: Static routes with WNR3500Lv2

synoptics
Guide

Static routes with WNR3500Lv2

I'm having a problem with devices on a non local (192.168.0.x) subnet reaching the Internet via the WNR3500Lv2. The Firmware Version is V1.2.0.34_40.0.75. My configuration is a follows. First, I don't use this device for wifi. This is a wired application only. The local ethernet subnet is 10.120.102.0/24. The default gateway is 10.120.102.1. I have another subnet 192.168.0.0/24 via a cisco router. The local address of the cisco is 10.120.102.9. The default gateway in the 192.168.0.0/24 subnet is 192.168.0.1. I have a static route from the 10.120.102.0/24 network to the 192.168.0.0/24 network via the 10.120.102.9 interface. Devices on the 192.168.0.0/24 subnet can reach devices on the 10.120.102.0/24 subnet just fine. The problem is with devices on the 192.168.0.0/24 can't reach the Internet. I had a previous router WGR614v9 with the same configuration and everything worked just fine. I noticed a setting in the static route dialog called "Private". It is defined as "Select Private if you want to limit access to the LAN only". This is the behaviour I am seeing even though it is not selected. I tried it both ways and it still doesn't allow access from the remote subnet to the Internet. 

Message 1 of 13

Accepted Solutions
synoptics
Guide

Re: Static routes with WNR3500Lv2

@TheEther I finally have a solution for my issue. I loaded "Tomato v1.28.0000 MIPSR2-132 K26 USB AIO" firmware and everything I need now seems to work fine. Nice piece of software. Lots of features over the stock Netgear firmware. I like that it's linux based and you can ssh to manage it.

 

I did hear back from engineering. The capability to NAT/route non-local subnet traffic was specifically removed. They were concerned that requests for features (port forwarding, DoS protection, etc.) for stuff that was non-local would complicate things for a configuration that few people had. Maybe it's a Broadcom chip issue. We'll see. I'll do some testing.

 

Thanks for your help on this issue.

View solution in original post

Message 13 of 13

All Replies
TheEther
Guru

Re: Static routes with WNR3500Lv2

I wouldn't worry about the Private setting.  It just controls whether the route is advertised whenever RIP is enabled.

 

I suspect the problem is that the WNR3500Lv2 is not performing NAT on traffic from the 192.168.0.0/24 subnet.  You say that things worked with your WGR614v9.  Were you using the same subnets (i.e. 10.120.102.0/24 and 192.168.0.0/24)?

 

I once tried to help another user with this same problem by suggesting that he subnet his main network into two parts, with the second part being a more-specific subnet of the first.  My thinking was that this would enable the router to perform NAT for traffic coming from either subnet.

 

Let's keep your main subnet, 10.120.102.0/24, the same.  Replace the 192.168.0.0/24 subnet behind your cisco with a new subnet, 10.120.102.128/25.  Notice how this is a more-specific subnet of 10.120.102.0/24.  You can keep 10.120.102.9 as the IP address for the cisco on the main subnet.  On the other side of the cisco, configure it with IP address 10.120.102.129.  This would be the default gateway for that subnet.  On the WNR3500Lv2, configure a static route to 10.120.102.128/255.255.255.128 to point at 10.120.102.9.

 

Unfortunately, the other user reported that this trick didn't work.  If you are willing to give it a shot, I'd be interested in knowing whether it works.  I can't think of any reason why it wouldn't.

Message 2 of 13
synoptics
Guide

Re: Static routes with WNR3500Lv2

Thanks for your help.

 

"I suspect the problem is that the WNR3500Lv2 is not performing NAT on traffic from the 192.168.0.0/24 subnet.  You say that things worked with your WGR614v9.  Were you using the same subnets (i.e. 10.120.102.0/24 and 192.168.0.0/24)?"

 

This is my suspicion (not performing NAT correctly on the 192.168.0.0/24 subnet traffic) as well. Just to verify, I re-installed my old WGR614v9 router with the same configuration (i.e. 10.120.102.0/24 and 192.168.0.0/24 subnets) and it does work correctly. I'd try your suggestion of using a more specific subnet of 10.120.102.0/24 but this subnet contains a cluster of openstack servers and reconfiguring would be a challenge. I'll check with tech support tomorrow. This has to be a bug. I don't know why you would support static routes and not NAT the traffic from those networks especially since it was supported in older products. Hopefully they will have a solution.

Message 3 of 13
TheEther
Guru

Re: Static routes with WNR3500Lv2

I would appreciate a follow-up once you hear from Netgear.  I'm curious whether they deliberately removed this functionality or if it's a bug.

Message 4 of 13
synoptics
Guide

Re: Static routes with WNR3500Lv2

Stay tuned. I am getting the run around from tech support. I'm now told I need a ProSAFE business class router to get the functionality I had in my old WGR614v9. Just finished a chat with ProSAFE pre-sales. They said the FVS318G V2 should NAT non-local IP subnet traffic to the WAN port. I'll buy a FVS318G V2 and see. Will update this thread when I have an answer.

Message 5 of 13
TheEther
Guru

Re: Static routes with WNR3500Lv2

It's too bad they won't give you a straight answer about NAT support on the WNR3500Lv2 or any consumer-grade Netgear router.  Perhaps a moderator can check directly with Engineering.  Specifically, the question is, will the current generation of consumer-grade Netgear routers perform NAT on other local subnets besides the directly attached subnet?  In other words, will traffic from subnet B going to the Internet be NAT'd?

 

Internet-----Netgear router------Subnet A-------Another Router--------Subnet B

Message 6 of 13
synoptics
Guide

Re: Static routes with WNR3500Lv2

I've asked that very question many times in my conversations and can't get a straight answer. So I upgraded to a FVS318Gv2 and still no joy. Interestingly it gets a little further than the WNR3500Lv2 in some traffic reaches the internet. I can:

 

- Do a nslookup and get a reposne fron the internet.

- Ping a device on the Internet if I use an IP address vs. a DNS name

- Sometimes I can ping a device on the Internet using a DNS name

- Traceroute successfully

- I can get half of a FTP connection. I can connect using the control channel, but can't do data transfers

 

But,

 

- can't ssh or scp to devices on the internet

- can't connect using http

- can't apt-get

 

I spoke with tech support at length but they can't figure out why it's not working. I can't even get them to say "it should work" but there appears to be a problem. Basically tech support is useless.

 

I needed to go back to my WGR614v9 router to get any work done.

 

Message 7 of 13
TheEther
Guru

Re: Static routes with WNR3500Lv2

You can try sniffing the traffic using Wireshark.
Message 8 of 13
synoptics
Guide

Re: Static routes with WNR3500Lv2

I thought about that, but the FVS318Gv2 doesn't support port mirroring and I don't have a network TAP.

Message 9 of 13
ElaineM
NETGEAR Employee Retired

Re: Static routes with WNR3500Lv2

@synoptics Did you include a default route on the switch? 

0.0.0.0/24 then the Default gateway will be the IP address given by the FVS318Gv2.

Message 10 of 13
synoptics
Guide

Re: Static routes with WNR3500Lv2

Yes. A default route exists on the layer-3 swtich pointing to the default gateway address on the FVS318Gv2. Even though I'd like to see this functionality on the WNR3500Lv2, I have started a new thread over in the VPN Firewalls section.

Message 11 of 13
ElaineM
NETGEAR Employee Retired

Re: Static routes with WNR3500Lv2

Thank you for that info.

Hope it'll be resolved soon.

Message 12 of 13
synoptics
Guide

Re: Static routes with WNR3500Lv2

@TheEther I finally have a solution for my issue. I loaded "Tomato v1.28.0000 MIPSR2-132 K26 USB AIO" firmware and everything I need now seems to work fine. Nice piece of software. Lots of features over the stock Netgear firmware. I like that it's linux based and you can ssh to manage it.

 

I did hear back from engineering. The capability to NAT/route non-local subnet traffic was specifically removed. They were concerned that requests for features (port forwarding, DoS protection, etc.) for stuff that was non-local would complicate things for a configuration that few people had. Maybe it's a Broadcom chip issue. We'll see. I'll do some testing.

 

Thanks for your help on this issue.

Message 13 of 13
Top Contributors
Discussion stats
  • 12 replies
  • 5502 views
  • 2 kudos
  • 3 in conversation
Announcements

Orbi 770 Series