Hello,
I have Netgear R7800 and AVM FRITZ!Box 7360 SL. FRITZ!Box is functioning only as a modem with ADSL connection which works and I want R7800 to function only as a router. I've connected cable from FRITZ!Box LAN port to R7800 WAN port. Unfortunately I cannot access router, modem and internet as well. What settings should I apply?
Thanks.
R7800 works only as a router by default. It its WAN is connected to a LAN port on the modem, it likely already is working normally as a router.
If Fritzbox modem is also having routing functionality, you may now have double-NAT. That is some additional performance hit, but nothing serious.
However, that may cause you a routing problem, if both R7800 and Fritzbox think that their IP address is 192.168.1.1 so their subnets are overlapping, the same 192.168.1.x in both of them. That will confuse routing...
You need to ensure that they use different subnets, e.g. 192.168.2.1 in Fritzbox and 192.168.1.1 in R7800. Or e.g. 10.10.1.1 in R7800. (any valid private IP range in R7800 except the one used in Fritzbox)
In the long run it might be better to put the Fritzbox to bridge mode, relay mode, whatever is supported, so that you get rid on double NAT.
Thanks for the reply.
Well, I played with both devices for a little bit, so my setup is as follows. R7800 to FRITZ!Box via LAN to LAN port. Disabled DHCP on LAN interface on FRITZ!Box and on R7800 set up gateway and DNS to FRITZ!Box's IP address. Currently everything seems to work.
So I have a few questions. First of all, is that setup which I just described above somewhat correct?
For the next questions I'm going to paste network configs for both devices. If I want to do like you just described what parameters should I change in configs in order to make it work?
AVM FRITZ!Box 7360 SL network config:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'XXXX:XXXX:XXXX::/48'
config atm-bridge 'atm'
option vpi '1'
option vci '32'
option encaps 'llc'
option payload 'bridged'
option nameprefix 'dsl'
config dsl 'dsl'
option annex 'b'
option ds_snr_offset '0'
option firmware '/lib/firmware/vr9-B-dsl.bin'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option ifname 'dsl0'
option proto 'pppoe'
option ipv6 '1'
option username 'XXXXXXXXXXX@XXXX.XXX'
option password 'XXXXXXXXXX'
option mtu '1492'
config device 'wan_dsl0_dev'
option name 'dsl0'
option macaddr 'XX:XX:XX:XX:XX:XX'
config interface 'wan6'
option ifname '@wan'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 4 6t'
Netgear R7800 network config;
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'XXXX:XXXX:XXXX::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth1.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.2'
option gateway '192.168.1.1'
list dns '192.168.1.1'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '5 0t'
Also what about firewall? Should I just leave that on both devices or just on the router itself?
Thanks.
No, if you want R7800 to acts as a router.
Now you have set R7800 as a "dumb AP"+DHCP server.
As you connect via R7800 LAN port to Fritzbox, the firewall in R7800 is pretty much completely bypassed, as all traffic happens inside LAN from the R7800 perspective.
Firewall needs to be active in the device that is connected to ISP, and provides NAT functionality.
Is there a real reason why you want to move functionality from Fritzbox ?
No, I just want to have Fritzbox functioning only as a modem with all settings which supposed to be used and R7800 as a router, nothing more.
So, to be correct, should I set static IP on LAN interface on R7800 for example to 10.10.1.1, remove DNS, gateway and connect Fritz with R7800 via LAN (Fritz) to WAN (R7800) port? And disable firewall on router and leave it turned on on the modem?
You might need some Fritzbox help there, as this is not only about tweaking R7800, but also Fritzbox. What happens to the firewall there? is there NAT? etc...
You might edit the thread topic title , so that you attract persons who have done similar config. (I already changed it to be more descriptive about the situation. If you feel that it is not suitable, please edit it further)
Please take a look at the BT Home Hub 5 type A documentation and the curated manual on ebilan (sorry, I can't provide a link right now - mobile device). While the bthub5 is a different device, the setup is very similar (bridged modem) and the LEDE/ OpenWrt manual for it very detailed and good.
Thanks for suggestion. I've found the guide you were mentioning, tried to follow it, unfortunately I got error message on R7800's WAN interface saying it can't connect via PPPoE but modem's DSL link is up. I have modem connected from LAN 1 to router WAN port and another cable from modem's LAN to router's LAN port as described in the guide.
R7800 network config:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'XXXX:XXXX:XXXX::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth1.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.2'
config interface 'wan'
option ifname 'eth0.2'
option proto 'pppoe'
option password 'XXXXXXXXXXX'
option ipv6 'auto'
option username 'XXXXXXXXX@XXXXXX.XXXX'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '5 0t'
AVM FRITZ!Box 7360 SL network config:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'XXXX:XXXX:XXXX::/48'
config atm-bridge 'atm'
option vpi '1'
option vci '32'
option encaps 'llc'
option payload 'bridged'
option nameprefix 'dsl'
config dsl 'dsl'
option annex 'b'
option firmware '/lib/firmware/vr9-B-dsl.bin'
option ds_snr_offset '0'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option delegate '0'
option gateway '192.168.1.2'
list dns '8.8.8.8'
config interface 'wan'
option proto 'none'
option delegate '0'
option type 'bridge'
option ifname 'dsl0.101 eth0.2'
config device 'wan_dsl0_dev'
option name 'dsl0'
option macaddr 'XX:XX:XX:XX:XX:XX'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '0 1 2 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4 6t'
option vid '2'
AVM FRITZ!Box 7360 SL firewall config:
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
option enabled '0'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
option enabled '0'
config include
option path '/etc/firewall.user'
Edit: Added system logs for R7800 and AVM FRITZ!Box 7360 SL.
R7800 system log.
AVM FRITZ!Box 7360 SL system log.
Usually I'd suggest to pass through (bridge) the tagged interface, less trouble with PPPoE vs management traffic (fritzbox webinterface).
Well, what I did is factory reset both of the devices. Followed the guide for bridge modem again and finally everything seems to be working. LAN connection and also internet connection as well.
Posting configs for future references and also link to the mentioned guide.
R7800 network config:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'XXXX:XXXX:XXXX::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth1.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.1'
config interface 'wan'
option ifname 'eth0.2'
option proto 'pppoe'
option password 'XXXXXXXXXXXX'
option ipv6 'auto'
option username 'XXXXXXXXXXX@XXXXXX.XXX'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '5 0t'
AVM FRITZ!Box 7360 SL network config:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'XXXX:XXXX:XXXX::/48'
config atm-bridge 'atm'
option vpi '1'
option vci '32'
option encaps 'llc'
option payload 'bridged'
option nameprefix 'dsl'
config dsl 'dsl'
option annex 'b'
option firmware '/lib/firmware/vr9-B-dsl.bin'
option line_mode 'adsl'
option ds_snr_offset '0'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.2'
option gateway '192.168.1.1'
list dns '8.8.8.8'
config interface 'wan'
option proto 'none'
option delegate '0'
option type 'bridge'
option ifname 'dsl0 eth0.2'
config device 'wan_dsl0_dev'
option name 'dsl0'
option macaddr 'XX:XX:XX:XX:XX:XX'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '0 1 2 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4 6t'
option vid '2'
AVM FRITZ!Box 7360 SL firewall config:
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
option enabled '0'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
option enabled '0'
config include
option path '/etc/firewall.user'
Edit: There's however one small problem which I would like to solve. There's info that guide:
(If the external router supports VLANs, an alternative is to create a VLAN trunk, such that both wan traffic and LuCI/ssh can both share the ‘single’ cable which connects the HH5a Bridge modem to the external router –this is not described in this document at this time)
So if somebody knows how to create VLAN trunk so that I don't have to use two LAN cables between router and modem, please share.
Thanks.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.