Hello,
I've been playing around trying to get the Genius router integrated in to my home network.

FYI: before I rabbit on too much further, I can confirm that everything works fine if I plug the client machine directly in to to the Genius router.

This is the topology (or at least the important bits):
Other ISP Equipment (NAT)
    |
Firewall (Routing/Firewall only - no NAT) ---- DMZ
    |
Internal Network

Other ISP Equipment Internal IP: 10.1.1.1
Firewall WAN IP: 10.1.1.20
Firewall Internal IP: 172.17.1.1
Client Machine IP: 172.17.1.123

Currently this setup works great for services to/from my other ISP.

If I substitute the other ISP equipment for the Orcon Genius router and specify a route for the internal network on the Genius router (Advanced Settings, Applications - weird place to put static routes), I am unable to get out on to the internet from the Internal Network.
I can however, administer the Genius Router from my internal network indicating that routing is setup correctly.

Routes:
Index    Protocol    Source IP    Source Port    Pseudo IP    Pseudo Port    Destination IP    Destination Port
1    ICMP    172.17.x.123    0    121.99.25x.x    0    60.234.4.77    0
2    UDP    10.1.1.20    123    121.99.25x.x    123    116.66.162.4    123
3    UDP    121.99.25x.x    5060    121.99.25x.x    5060    60.234.18.111    5060
4    UDP    121.99.25x.x    35096    121.99.25x.x    35096    121.98.0.1    53
5    OTHER    10.1.1.1    0    121.99.25x.x    0    224.0.0.1    0

FYI, I have a default route on the Firewall for the connected WAN equipment (be it the Genius Router/Other ISP Equipment).
No IGP protocols are running or anything exotic like that :)

If I turn NAT on, on the firewall, I can browse the internet fine.

A traceroute from the NAT enabled config on the firewall shows this:
Tracing route to www.orcon.net.nz [60.234.4.77]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  10.1.1.1
  2    18 ms    17 ms    15 ms  121.99.252.1
  3    14 ms    15 ms    15 ms  121.98.9.141
  4    14 ms    15 ms    15 ms  60.234.4.77

Great!!!!  But I don't want double NAT for various reasons.

A traceroute from the NAT disabled config on the firewall shows this:
Tracing route to www.orcon.net.nz [60.234.4.77]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  172.17.1.1
  3    <1 ms    <1 ms    <1 ms  10.1.1.1
  4    *    *    *  Request timed out.
  5    *    *    *  Request timed out.
etc, etc.......

Looking at the NAT table on the Genius Router shows the internal IP address (as expected).  It also confirms that NAT is operational on the Genius Router.
Index  Protocol  Source IP  Source Port  Pseudo IP  Pseudo Port  Destination IP  Destination Port
1  ICMP  172.17.1.123  0  121.99.25x.x 0  60.234.4.77  0
2  UDP  10.1.1.2  0  123  121.99.25x.x  123  116.66.162.4  123
3  UDP  121.99.25x.x  5060  121.99.25x.x  5060  60.234.18.111  5060
4  UDP  121.99.25x.x  35096  121.99.25x.x  35096  121.98.0.153
5  OTHER  10.1.1.1  0  121.99.25x.x  0  224.0.0.1  0

I have tried three different firewalls thus far (I assumed it might the firewall).

Again, everything just works - with the other ISP's DSL modem in place.  BTW: I did have to enter a static route on that as well to get the traffic flowing to the internal network.

I cant see facility to do any trace logging on the Orcon router and Orcon tech support couldn't tell me how to find any trace options on the Genius router.  Admittedly, I've only had a cursory look!
Logging on the firewall shows traffic egress, but nothing coming back.

BTW: yes I have checked my firewall policies (to the point where I just allowed everything)!

I've just been told by Orcon that what I'm doing "is outside the terms of service".  I think that's a bit of a cop-out myself.

Any help would be greatly appreciated.  Hopefully I've provided enough info.


Sorry about the formatting - I tried to use a table - it looks like this forum doesn't like tables :(