Need help. Connecting Linksys 1200ac to Verizon Fios router

This is gonna be a real PITA. For years I've used 192.168.x.x/16 for my LAN, so that different 'reasons' (people or grouped devices) can have their own 'y.z' address pairings (like game consoles have 192.168.4.x addresses).

I cannot change the FIOS's IP away from 192.168.1.1, though I can change the subnet mask from /24 to /16. If I were to change my LAN to 10.x.x.x/16 (or /8 since 10.x.x.x is all private network territory anyways), with the WAN port using a 192.168.1.x address, should that work?

One of the things I absolutely love about using third party router firmware is the additional functionality provided. OpenWRT has been an amazing piece of firmware and I'd hate to have to reduce it down to being nothing more than a switch. If the 10.x change will sort it out, then while it might take a few adjustments, it would certainly be worth it considering my rather complicated (not complex) setup.

Thank you for the info you have provided so far. The FIOS's IP and intermixing of subnets definitely makes sense for the problem I'm having.

10.x.x.x would be fine for your LAN network. The only requirement in a traditional classful system is that your network not be reachable by the FIOS router's on-link route and the FIOS router not be reachable by your OpenWRT router's on-link route. So, if the FIOS router is 192.168.1.1/24 then just make sure your OpenWRT network is not part of that.

Alternatively, you can implement the classful routing and keep the 192.168.y.x LAN addressing with a 192.168.1.1 FIOS IP under 2 scenarios...the latter being better than the former.

1. If say the FIOS router is 192.168.1.1/24, this address only really needs to be reachable by the OpenWRT router since it needs to be able to communicate with its 'next hop' in the route to the internet. So, a LAN w/ 192.168.x.y/16 can work if you add a static routing entry on the OpenWRT router for 192.168.1.1/24 via eth0.1 or whatever your vLAN interface is connected to the FIOS router with a lower metric than the on-link 192.168.x.y/16 route.
2. [better than 1 would be] If say the FIOS router is 192.168.1.1/24, you can configure the OpenWRT router with 2 things.

• OpenWRT needs a static route to 192.168.1.1/24 via eth0.1 or whatever your vLAN interface connected to the FIOS router is.
• Configure OpenWRT with a 'DHCP options string' to give out static routes for 192.168.1.1/24 to LAN clients so they, too, can communicate w/ the FIOS router (helpful for traceroutes by clients to avoid timeouts at that hop)

All this talk of a classful setup hinges on one uncontrollable factor: how does the FIOS router determine what packets to do NAT on? Most implementations use the iptables -i eth0 -o wan0 target, so anything coming into its LAN ports and exiting its WAN port is NATed. But, if instead it uses the iptables -s 192.168.1.1/24 -d 0.0.0.0/0 target to identify what to NAT, then you'd be screwed in a classful setup because the packets from the OpenWRT LAN will have a from address of 192.168.x.y/16 not the expected 192.168.1.1/24 -- but you don't know how they set it up until you try. In my case, it worked fine (I have a similar setup, though not FIOS)

You cannot flip the Verizon router with another at the ONT for two hours. Verizon rarely clears this. A PC/laptop works.

You can at least stop the OpenWrt from doing so by not sending a DHCP Client ID in the request - which is what the Verizon device is doing.

(I'm not sure if you intend to place the OpenWrt upstream or downstream of the ISP's router - in my case the OpenWrt is first, directly connected to the ONT.)

Hope this helps.

EDIT: Also, I see something about a bridge with the OpenWrt...if you have television, there's some Layer 2 connection to WAN for it over coax...you'll need a newer Moca Ethernet bridge (this is proprietary equipment).

image1585×87 5.83 KB

Original setup was that eth1 and WAN were untagged together (on line 2), and line 1 had everything else untagged. Those not 'untagged' were off.

If so, in "Static Routes," I see interface options (lan/wan/wan6/etc) but nothing with a ".1" or anything like that. Only place that I know of that I see that is when viewing an interface, "Physical" tab, "interface" line, where I can check one or more options (same tab with the "bridge" option).

I noticed that client computers having issues start working after adding a "192.168.1.1" gateway entry. Would this be what fixes that?

Also, would that go in "Static Routes?"

image1505×75 4.86 KB

This is near territory for me in regards to networking, so try to resist the urge to bang your head against a wall with trying to help me understand this.

About the eth0.1, my OpenWRT device only has one ethernet port, so I can't say for sure here. I went with the eth0.1 naming scheme because typically virtual interfaces (like this one) are named this way in Linux. But, for adding another VLAN from your LAN ports, I'd follow this OpenWRT link.

Remember tagged vs untagged refers to whether the frames are 'marked' with the VLAN ID. This is only really needed if multiple VLANs are piped over a single port/wire which you won't be doing, so untagged is fine and should be interpreted as 'assigned to this VLAN' as opposed to 'off' meaning 'not assigned to this VLAN'

With the VLAN switch created, you can go to the 'interfaces' tab and add a new interface, assigning the new VLAN physical interface to it, this you can then configure with IP settings. Then you'll have 4 interfaces, LAN, WAN, WAN 6, and this new one LAN 2 or whatever you call it. At this point, adding a static routing entry would be possible on LAN 2 or whatever you call it, but more on that later...

This is what I'm imagining (sorry for the bad paint skills)

image1830×802 184 KB

Like this, you see that the OpenWRT router may want to reach 192.168.1.1 via the 192.168.0.1/16 on-link route, so this is why a static route is needed to tell the OpenWRT router that 192.168.1.1/24 is reachable via 192.168.1.100 with a lower metric than the on-link 192.168.0.1/16 route. Come to think of it, now that I write this down, we can probably forgo the static route on the OpenWRT box and do that part better by making the entire interface metric on 192.168.0.1 (LAN) higher than the interface metric on 192.168.1.100 (LAN 2 or whatever you call it).

So, to answer your question:

Yes, but let's not do the static route on the OpenWRT box. Let's instead change the interface metrics to make sure the 192.168.1.100 interface has a lower metric than the 192.168.0.1 interface (hence it'll be preferred when contacting an IP in both subnets). This also means your LAN will be 192.168.x.x/16 but you won't be able to use 192.168.1.x/24 locally as its rerouted. If it were me, keeping with your class C blocks idea, I'd reserve 192.168.0.x/16 for static devices (routers, APs, etc), and set my LAN DHCP to assign 192.168.2.x-192.168.254.254 addresses dynamically to avoid an accidental 192.168.1.x assignment. The reason you couldn't do this before was that the interface with the new VLAN physical interface assigned to it wasn't created yet.

That said, clients will still need to know that 192.168.1.1/24 is not on-link as their netmask (192.168.x.x/16) would suggest, so clients need a static routing entry for 192.168.1.1/24 via 192.168.0.1.

Doing this client static route assignment is where DHCP options comes in. The DHCP option we want here is 'option 121' ... Also, this link says this option can be added via dhcp_option in the /etc/config/dhcp file. The tough part here is constructing the dhcp option 121 string because it needs a particular format. Googling "DHCP option 121 calculator' may be helpful here... I'll see what I can dig up. As I recall when I did it on my Mikrotik, I ended up having to calculate it myself, but it wasn't too bad.

I edited my reply from earlier quite a bit -- worth re-reading if you've read it before.

On the dhcp-option 121 static routes... here discusses doing it w/ the uci application giving us the added bonus of not having to mess with the decimal to hex conversion:

uci add_list dhcp.lan.dhcp_option="121,192.168.1.1/24,192.168.0.1"
uci commit dhcp
service dnsmasq restart

Running this from the router's ssh terminal should configure the DHCP to give out the static route 192.168.1.1/24 via 192.168.0.1 to all clients.

So, I think that'll do it.... to recap the steps.

1. Configure OpenWRT router with LAN IP 192.168.0.1/16 (or whatever you want in that /16), possibly changing the DHCP IP range to give out 192.168.2.1-192.168.254.254 to avoid the rerouted reserved 192.168.1.x/24 space.
2. Setup additional VLAN on an unused LAN port.
3. Add interface (LAN 2) in the 'interface' tab, adding the newly created VLAN to the 'physical interfaces' tab.
4. Configure this new LAN 2 with a static IP in the 192.168.1.x/24 range (my example I've been using is 192.168.1.100) w/ gateway 192.168.1.1 and DNS 192.168.1.1.
5. Change network interface metric on LAN and LAN 2 so that LAN 2's metric is lower than LAN's.
6. Verify the OpenWRT router has internet. Simple way to do this is the following from SSH terminal:

ping google.com

7. Run the following from SSH terminal on the OpenWRT box.

uci add_list dhcp.lan.dhcp_option="121,192.168.1.1/24,192.168.0.1"
uci commit dhcp
service dnsmasq restart

8. Connect a client to the OpenWRT LAN and verify that the DHCP static route was dynamically assigned and all behaves as expected.

Hope it goes well.

Not trying to do that. I mentioned that in my OP, but either you didn't see it or I misworded it.

My understanding is that the coax is hooked up to the router to help with providing TV based services. So unless there's a way to continue doing that with my router as the main connection, I'm probably going to try to get the new arrangement to work.

Not only that, but if I'm fiddling with the LAN, I'd rather have certain things leeching off of the FIOS router anyway, such as the wireless TV box and a nearby Alexa device. That way they remain connected even if I'm rebooting the router for whatever reason.

LAN 192.168.0.1/16, DHCP 1792 (192.168.7.0, 32 clients max) is what I've used for a few years. I forget why I picked 7.x for dynamic leases, but oh well.
Tried it as eth1.3 and eth0.3, using 192.168.1.2/30 for the "FIOS" connection (did also try /24, but figure /30 would allow use of other 1.x addresses).
No go on the ping. Set the LAN's metric to 2 and FIOS to 1, unable to resolve the name, and still failed when using 172.217.13.238 (IP returned when I looked up Google myself).

I was hoping this would work, as it would provide some easy instructions for others to follow who want to accomplish the same arrangement.

During the time since your last post, I've had to reset the router (not your fault by any means so please don't think I'm blaming you), which I used as an opportunity to update the firmware to 19.07, and followed your instructions with a "fresh" router, which in turn eliminates added software as being a possible cause of problems.

Question. If the WAN/WAN6 port is matched up in .1 (with all the LAN ports) and the WAN interface is set to unmanaged, does that mean it gets treated as another LAN port?

I might give 172.16.x.x a try as a LAN to see if that helps any. Going to let my brain think on this some more, because I would think it would be super easy to set up, just feels like the FIOS router is somehow designed to be difficult.

I read it, just offering the info, maybe I misworded...or maybe you didn't see the problem I was trying to highlight - as I think that why it's occurring.

I told you:

It's the model that has all the newer Moca channels. Also, you may need to enable the IGMP proxy on both the OpenWrt (by installing/enabling igmpproxy) and on the Verizon router:

EDIT: BTW, what model FiOS router do you have?

A lot of the settings you mention cannot be changed are available in the G1100.

192.168.1.2/30 doesn't make sense.... Remember in a classful setup, the /30 means the first 30 bits are network, the last 2 are the client, so we have 192.168.1.253-192.168.1.254 as the entire network in a 192.168.1.x/30 setup, making the FIOS router's IP 192.168.1.1 off-link. I am glad you tried a /24.

I think the issue here is probably getting the physical interfaces properly assigned.

Typically (and I mean typically), eth0 is the LAN interface, eth1 is the WAN, and any eth0.1 / eth0.2 would be virtual interfaces hanging off eth0. and eth1.1 / eth 1.2 would be virtual interfaces hanging off eth1.

The WAN port can be configured as another LAN port, but you wouldn't do this by assigning changing the physical settings... Remember, WAN/WAN6 as it appears in OpenWRT is just software. The physical WAN port is physically connected to one of the ethx interfaces (usually eth1) ... if that's changed then it may be called "WAN" but it's not associated with the physical WAN port.

The proper way to make the WAN port another LAN port is to add it's physical interface to the br-lan bridge associated with the LAN interface using 'Interfaces'-->'LAN'-->'Physical settings'-->'Interfaces' dropdown-->check the WAN interface's checkbox (usually eth1) to add it to the bridge...

Now that I am thinking about all this, we've not discussed IPv6. You might want to use the WAN port to connect to the FIOS router as this would allow you to also get a IPv6 configuration (at least a /64) from the FIOS router.

So if its not too much trouble, I am thinking we do this step by step, beginning with getting the OpenWRT box connected.

1. Reset the OpenWRT box (if you don't mind)
2. Set its LAN to something temporary ... say 192.168.2.1/24 just for now.
3. Plug WAN port into FIOS router's LAN port.
4. It should get a 192.168.1.x/24 and be connected.
5. From here, we'll disable NAT -- I think this'll be easier AND allow us to do IPv6 as well as IPv4.

G3100

192.168.1.2/30 would have 192.168.1.0 as network/subnet ID, 192.168.1.[1 and 2] as clients and 192.168.1.3 as broadcast. Was trying that to minimize the number of IP's reserved. Tried /24 so that the /30 would be removed as a possible reason for it failing.

Already had to reset it, so not much to lose doing it again.

Will respond back after trying the steps.

Ah, yes, you are right... My apologies.

No go on the steps you provided. I tend to set my router at 192.168.0.1 so I tried that (and also tried 192.168.2.1), both with /24. Even tried setting a static IP on the WAN interface (192.168.1.2 and even tried .64, both with /24). All this after a reset of the router. (No love lost, so not like it was at a cost.)

The computer I'm using has a Z97_WS mobo, which has two Gigabit ports, one of which (I recently discovered) only functions as a 100Mbit port. No biggie, I only use one port anyways, so switched to the other port, easy enough. That said, the 'bad' port I've got connected to my router, good one to FIOS. That way I can just do software enable/disable on my devices to do the testing. Not that important, but thought you might enjoy knowing that I'm not having to swap cables around a lot just to test.

Also, when you provide instructions, IF it's something I feel I understand and know what can be changed but still accomplish the goal (and the change is what I would end up doing in the end anyways), I'll try that. If it fails, I try exactly as you said, so that if it works that way but not mine, then I know I have to ask how to make that change and still have it work. Also helps with learning, since if something does work but I did it a little differently, then odds are, I do indeed understand what I'm doing at that one step. Like I said, dealing with this particular issue is new territory for me. I've been handling the personal network here for years, tinkering with settings and such. But when I feel I need help, trust that I have NO problem with admitting I don't know. That is to say, and I hope it's been apparent, that I'm no idiot, but not an expert by any means. (You haven't said nor implied I'm an idiot, just giving some info so you don't have to worry that you're dealing with a complete noob here. )

No apologies needed. I actually went back and doubled checked to see if maybe I was being a dummy on it. We all make mistakes, and I've made a fool of myself enough times to not assume that I'm right. Don't want to make that mistake here and discourage the help I'm receiving.

Well that's interesting....

Straight up WAN on OpenWRT to LAN on FIOS failed w/ WAN on OpenWRT set to a DHCP protocol? Did it at least get an IP from the FIOS box? It would show up here (red box), but for you it'd be listed under WAN not LAN like my single ethernet travel router:

image1234×319 19.4 KB

If the G3100 with its MoCA connection is still in the path, you're looking at a bog-simple double NAT through the G3100. Make sure your LAN is entirely outside 192.168.1.0/24 (which should be the default configuration of that box), WAN takes a DHCP inside 192.168.1.0/24 from the G3100 and it ought to take off and Just Work.

Do not try to get fancy until after you have seen that work.

The real trick is to retire the G3100 and make a direct connection to the ONT with your third-party router. This (at least used to) require calling Verizon to activate the Ethernet port on the ONT, which necessarily disables the coax MoCA port. Any Verizon provided TV boxes hooked up by MoCA will need to be connected a different way.

This was the issue, simply this, and appears to be working now.

Since I tend to do things that require me to enter an IP address (LAN), I tend to give myself a 192.168.1.x range for stuff I use. Other (people/items) don't usually deal with that, so I tend to provide 192.688.y.z addresses where y=group (person or type) and z for unique devices. Static leases within the DHCP realm.

Stupid me didn't realize that I should subnet like a maniac when plugging FIOS into my router, so there was some clashing going on and thus the issues. Changed the FIOS to be /27 so that it's 192.168.1.(0=network,1-30=hosts,31=broadcast), did a static IP on the WAN port to make sure it's .2, and... MAJOR reason for the facepalm (Joshua, I hope you get a good laugh out of this because honestly it is funny in a facepalm sort of way)... I noticed that the FIOS was plugged into one of the LAN ports... and has been for at least a few hours...

So far, have FIOS -> my router -> PC & Server, both working just fine.

Well, time to flip my finger against my lips and make weird noises. Will post back one I've verified that things are indeed working, or if I'm being an idiot again.

Another thing I'm noticing, and either it's a coincidence or there's something else going on. Port 1 on my router seems to be going back. On my main computer, I have one port (i210at) that works with it, but the other one (l218lm) and my server, when plugged up to it, don't see it and the "Switch" page on the router shows that nothing is plugged into it. I think it may have also been causing issues when I would plug FIOS into it (would try different LAN ports, not only that one port). Either way, gonna have to avoid it now.

Thank you both for your help on trying to solve this.

Mike, my router has both ethernet AND coax connected. So is the internet being provided by the ethernet port, or the coax? If coax, then I'm confused on why the ethernet port is needed.

Good to hear it's working with a basic double-nat configuration.

There is some wisdom here to what @mk24 said. As is, it's working, allbeit with Double-NAT which can cause issues, namely I'd say:

• Online games w/ UDP voice are sometimes P2P and can break w/ double NAT
• Processing power could throttle internet:
  Having Verizon FIOS, your internet is probably BLAZING fast, so some thought should be put into processing power of routing devices to make sure they don't throttle you. NAT (Network Address Translation) is a process by which every IP packet's 'from' address is changed... And I do mean every...single...packet, which is CPU intensive. Having double-NAT means more opportunity for a CPU bottle neck to throttle potential speeds.

etc...

But, I think its a good time to decide: do we go forward with a classful single-NAT setup (I'm in for helping if you want) or do we keep the more basic, but working double-NAT setup. Your call, obviously.

Yeah, I had tried the simplest of things and at that point wasn't working... only to wind up being me being a dummy.

On the NAT, which would be better for handling it... FIOS or my router? I ask that in the sense of, which would be better to put the load onto? I'm guessing FIOS, since I'll have the router doing most of the other work (DHCP, etc). Or would it only work on the router, thus disable it on FIOS? If disabling on FIOS, would that require not using another other devices through it? My hope is to be able to let some wireless devices connect to it directly so that those devices don't have issues if I'm tinkering with the LAN.

1. I can definitely see the value to replacing the FIOS router outright ... but this would probably require some involvement on the part of Verizon. Ultimately, I think letting the FIOS router do the NAT is a perfectly acceptable configuration since it'll have a powerful enough processor to not bottleneck things (they [Verizon) have a vested interest in making sure this is so)

2. As for other services, they're not terribly CPU intensive ... but they can sometimes be the sort of things you might wanna tinker with, so offloading them to your own router would seem a good idea.

To me, a classful single-NAT setup hits the sweet spot for both 1 and 2 because its tinker-able but avoids the involvement of Verizon.

Disabling NAT on the FIOS is usually never the answer because there's 2 choices, leave the no-NAT FIOS router in place, or remove it.

• To leave it in place with no NAT requires 2 public IPs from Verizon, one for the FIOS router, another for the next downstream device (this next downstream device would presumably NAT).
• But, to remove the FIOS router completely means it's up to us to supply our own device, and I believe @mk24 spoke on this earlier:

So, this is why I think the ideal thing is a single-NAT classful setup here... and if we can keep your 192.168.x.x/16 addressing scheme, then that'll be icing on the cake. And I think we can keep the 192.168.x.x/16 scheme.

I'll have to give it a try later in the night, but I'll see if I can move the FIOS router to be part of the LAN vs the source of the internet. Considering that we have the TV service as well, we can't just get rid of it completely, as it will negatively affect the service.

Sounds good... remember to add the 192.168.0.0/16 via 192.168.1.2 in the FIOS router if you do what we talked about ... without that, it won't know how to talk to the 192.168.x.x/16 clients w/o NAT on the OpenWRT router.