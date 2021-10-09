Thanks everyone for your responses. I'll try to cover off all the questions at once.

I'm not doing NAT on the Linux box. I'm hoping to avoid double NAT as I understand this can have some disadvantages.

There is a static route for 10.10.10.0/24 via 192.168.1.10 on the ISP router. This appears to be working as I can ping the ISP router (192.168.1.1) from inside the LAN (i.e. from devices beyond the Linux box).

Traceroutes from inside the LAN stop at the ISP router (192.168.1.1), so lack of NAT for the 10.10.10.0/24 subnet is looking likely. I haven't found anything on the ISP router that provides control over NAT at this level.

The Linux box is my home server running Ubuntu server and providing various services for the LAN (DHCP, DNS, file server, media server, etc). It also acts as a wireless access point for the LAN (using hostapd). It has been convenient to funnel traffic though the Linux server in the past (was running netflow for example), although I'm open to other suggestions.

My thinking was that I would provide a DMZ using the ISP router's LAN (the 192.168.1.0/24 subnet), and then have a separate network (10.10.10.0/24) with the Linux box able to manage access in and out of this network. The DMZ would contain guest WIFI (via the ISP router) and any other devices I want to keep off the LAN. I'm also doing this to an extent just to tinker and learn.

@yitz - there is a "Configure the second IP Address and Subnet Mask for LAN interface" option on the NF18MESH. This allows an IP address and subnet mask to be entered. I'm unsure whether that offers anything in my current setup (with the Linux gateway/router at least)?

In terms of options, I also have a managed switch (Netgear GS724T) which is currently only used for basic switching. I believe this might allow for some VLAN based approaches to providing isolated networks?

I have attached a diagram (not updated for UFB). Is there a way to make this existing structure work with the NF18MESH? Are there better ways to structure this?

Thanks,

Dave