I have Netgear R7800 and AVM FRITZ!Box 7360 SL. FRITZ!Box is functioning only as a modem with ADSL connection which works and I want R7800 to function only as a router. I've connected cable from FRITZ!Box LAN port to R7800 WAN port. Unfortunately I cannot access router, modem and internet as well. What settings should I apply?
R7800 works only as a router by default. It its WAN is connected to a LAN port on the modem, it likely already is working normally as a router.
If Fritzbox modem is also having routing functionality, you may now have double-NAT. That is some additional performance hit, but nothing serious.
However, that may cause you a routing problem, if both R7800 and Fritzbox think that their IP address is 192.168.1.1 so their subnets are overlapping, the same 192.168.1.x in both of them. That will confuse routing...
You need to ensure that they use different subnets, e.g. 192.168.2.1 in Fritzbox and 192.168.1.1 in R7800. Or e.g. 10.10.1.1 in R7800. (any valid private IP range in R7800 except the one used in Fritzbox)
In the long run it might be better to put the Fritzbox to bridge mode, relay mode, whatever is supported, so that you get rid on double NAT.
Well, I played with both devices for a little bit, so my setup is as follows. R7800 to FRITZ!Box via LAN to LAN port. Disabled DHCP on LAN interface on FRITZ!Box and on R7800 set up gateway and DNS to FRITZ!Box's IP address. Currently everything seems to work.
So I have a few questions. First of all, is that setup which I just described above somewhat correct?
For the next questions I'm going to paste network configs for both devices. If I want to do like you just described what parameters should I change in configs in order to make it work?
Now you have set R7800 as a "dumb AP"+DHCP server.
As you connect via R7800 LAN port to Fritzbox, the firewall in R7800 is pretty much completely bypassed, as all traffic happens inside LAN from the R7800 perspective.
Firewall needs to be active in the device that is connected to ISP, and provides NAT functionality.
Is there a real reason why you want to move functionality from Fritzbox ?
So, to be correct, should I set static IP on LAN interface on R7800 for example to 10.10.1.1, remove DNS, gateway and connect Fritz with R7800 via LAN (Fritz) to WAN (R7800) port? And disable firewall on router and leave it turned on on the modem?
You might need some Fritzbox help there, as this is not only about tweaking R7800, but also Fritzbox. What happens to the firewall there? is there NAT? etc...
You might edit the thread topic title , so that you attract persons who have done similar config. (I already changed it to be more descriptive about the situation. If you feel that it is not suitable, please edit it further)
Please take a look at the BT Home Hub 5 type A documentation and the curated manual on ebilan (sorry, I can't provide a link right now - mobile device). While the bthub5 is a different device, the setup is very similar (bridged modem) and the LEDE/ OpenWrt manual for it very detailed and good.
Thanks for suggestion. I've found the guide you were mentioning, tried to follow it, unfortunately I got error message on R7800's WAN interface saying it can't connect via PPPoE but modem's DSL link is up. I have modem connected from LAN 1 to router WAN port and another cable from modem's LAN to router's LAN port as described in the guide.
Well, what I did is factory reset both of the devices. Followed the guide for bridge modem again and finally everything seems to be working. LAN connection and also internet connection as well.
Posting configs for future references and also link to the mentioned guide.
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
option enabled '0'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
option enabled '0'
config include
option path '/etc/firewall.user'
Edit: There's however one small problem which I would like to solve. There's info that guide:
(If the external router supports VLANs, an alternative is to create a VLAN trunk, such that both wan traffic and LuCI/ssh can both share the ‘single’ cable which connects the HH5a Bridge modem to the external router –this is not described in this document at this time)
So if somebody knows how to create VLAN trunk so that I don't have to use two LAN cables between router and modem, please share.