I've been playing around trying to get the Genius router integrated in to my home network.
FYI: before I rabbit on too much further, I can confirm that everything works fine if I plug the client machine directly in to to the Genius router.
This is the topology (or at least the important bits):
Other ISP Equipment (NAT)
|
Firewall (Routing/Firewall only - no NAT) ---- DMZ
|
Internal Network
Other ISP Equipment Internal IP: 10.1.1.1
Firewall WAN IP: 10.1.1.20
Firewall Internal IP: 172.17.1.1
Client Machine IP: 172.17.1.123
Currently this setup works great for services to/from my other ISP.
If I substitute the other ISP equipment for the Orcon Genius router and specify a route for the internal network on the Genius router (Advanced Settings, Applications - weird place to put static routes), I am unable to get out on to the internet from the Internal Network.
I can however, administer the Genius Router from my internal network indicating that routing is setup correctly.
Routes:
Index Protocol Source IP Source Port Pseudo IP Pseudo Port Destination IP Destination Port
1 ICMP 172.17.x.123 0 121.99.25x.x 0 60.234.4.77 0
2 UDP 10.1.1.20 123 121.99.25x.x 123 116.66.162.4 123
3 UDP 121.99.25x.x 5060 121.99.25x.x 5060 60.234.18.111 5060
4 UDP 121.99.25x.x 35096 121.99.25x.x 35096 121.98.0.1 53
5 OTHER 10.1.1.1 0 121.99.25x.x 0 224.0.0.1 0
FYI, I have a default route on the Firewall for the connected WAN equipment (be it the Genius Router/Other ISP Equipment).
No IGP protocols are running or anything exotic like that :)
If I turn NAT on, on the firewall, I can browse the internet fine.
A traceroute from the NAT enabled config on the firewall shows this:
Tracing route to www.orcon.net.nz [60.234.4.77]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 10.1.1.1
2 18 ms 17 ms 15 ms 121.99.252.1
3 14 ms 15 ms 15 ms 121.98.9.141
4 14 ms 15 ms 15 ms 60.234.4.77
Great!!!! But I don't want double NAT for various reasons.
A traceroute from the NAT disabled config on the firewall shows this:
Tracing route to www.orcon.net.nz [60.234.4.77]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 172.17.1.1
3 <1 ms <1 ms <1 ms 10.1.1.1
4 * * * Request timed out.
5 * * * Request timed out.
etc, etc.......
Looking at the NAT table on the Genius Router shows the internal IP address (as expected). It also confirms that NAT is operational on the Genius Router.
Index Protocol Source IP Source Port Pseudo IP Pseudo Port Destination IP Destination Port
1 ICMP 172.17.1.123 0 121.99.25x.x 0 60.234.4.77 0
2 UDP 10.1.1.2 0 123 121.99.25x.x 123 116.66.162.4 123
3 UDP 121.99.25x.x 5060 121.99.25x.x 5060 60.234.18.111 5060
4 UDP 121.99.25x.x 35096 121.99.25x.x 35096 121.98.0.153
5 OTHER 10.1.1.1 0 121.99.25x.x 0 224.0.0.1 0
I have tried three different firewalls thus far (I assumed it might the firewall).
Again, everything just works - with the other ISP's DSL modem in place. BTW: I did have to enter a static route on that as well to get the traffic flowing to the internal network.
I cant see facility to do any trace logging on the Orcon router and Orcon tech support couldn't tell me how to find any trace options on the Genius router. Admittedly, I've only had a cursory look!
Logging on the firewall shows traffic egress, but nothing coming back.
BTW: yes I have checked my firewall policies (to the point where I just allowed everything)!
I've just been told by Orcon that what I'm doing "is outside the terms of service". I think that's a bit of a cop-out myself.
Any help would be greatly appreciated. Hopefully I've provided enough info.
Sorry about the formatting - I tried to use a table - it looks like this forum doesn't like tables :(
Trusted
Biddle Corp
