Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


227 posts

Master Geek
+1 received by user: 26


Topic # 113169 8-Jan-2013 17:33
Send private message

Hello,
I've been playing around trying to get the Genius router integrated in to my home network.

FYI: before I rabbit on too much further, I can confirm that everything works fine if I plug the client machine directly in to to the Genius router.

This is the topology (or at least the important bits):
Other ISP Equipment (NAT)
    |
Firewall (Routing/Firewall only - no NAT) ---- DMZ
    |
Internal Network

Other ISP Equipment Internal IP: 10.1.1.1
Firewall WAN IP: 10.1.1.20
Firewall Internal IP: 172.17.1.1
Client Machine IP: 172.17.1.123

Currently this setup works great for services to/from my other ISP.

If I substitute the other ISP equipment for the Orcon Genius router and specify a route for the internal network on the Genius router (Advanced Settings, Applications - weird place to put static routes), I am unable to get out on to the internet from the Internal Network.
I can however, administer the Genius Router from my internal network indicating that routing is setup correctly.

Routes:
Index    Protocol    Source IP    Source Port    Pseudo IP    Pseudo Port    Destination IP    Destination Port
1    ICMP    172.17.x.123    0    121.99.25x.x    0    60.234.4.77    0
2    UDP    10.1.1.20    123    121.99.25x.x    123    116.66.162.4    123
3    UDP    121.99.25x.x    5060    121.99.25x.x    5060    60.234.18.111    5060
4    UDP    121.99.25x.x    35096    121.99.25x.x    35096    121.98.0.1    53
5    OTHER    10.1.1.1    0    121.99.25x.x    0    224.0.0.1    0

FYI, I have a default route on the Firewall for the connected WAN equipment (be it the Genius Router/Other ISP Equipment).
No IGP protocols are running or anything exotic like that :)

If I turn NAT on, on the firewall, I can browse the internet fine.

A traceroute from the NAT enabled config on the firewall shows this:
Tracing route to www.orcon.net.nz [60.234.4.77]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  10.1.1.1
  2    18 ms    17 ms    15 ms  121.99.252.1
  3    14 ms    15 ms    15 ms  121.98.9.141
  4    14 ms    15 ms    15 ms  60.234.4.77

Great!!!!  But I don't want double NAT for various reasons.

A traceroute from the NAT disabled config on the firewall shows this:
Tracing route to www.orcon.net.nz [60.234.4.77]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  172.17.1.1
  3    <1 ms    <1 ms    <1 ms  10.1.1.1
  4    *    *    *  Request timed out.
  5    *    *    *  Request timed out.
etc, etc.......

Looking at the NAT table on the Genius Router shows the internal IP address (as expected).  It also confirms that NAT is operational on the Genius Router.
Index  Protocol  Source IP  Source Port  Pseudo IP  Pseudo Port  Destination IP  Destination Port
1  ICMP  172.17.1.123  0  121.99.25x.x 0  60.234.4.77  0
2  UDP  10.1.1.2  0  123  121.99.25x.x  123  116.66.162.4  123
3  UDP  121.99.25x.x  5060  121.99.25x.x  5060  60.234.18.111  5060
4  UDP  121.99.25x.x  35096  121.99.25x.x  35096  121.98.0.153
5  OTHER  10.1.1.1  0  121.99.25x.x  0  224.0.0.1  0

I have tried three different firewalls thus far (I assumed it might the firewall).

Again, everything just works - with the other ISP's DSL modem in place.  BTW: I did have to enter a static route on that as well to get the traffic flowing to the internal network.

I cant see facility to do any trace logging on the Orcon router and Orcon tech support couldn't tell me how to find any trace options on the Genius router.  Admittedly, I've only had a cursory look!
Logging on the firewall shows traffic egress, but nothing coming back.

BTW: yes I have checked my firewall policies (to the point where I just allowed everything)!

I've just been told by Orcon that what I'm doing "is outside the terms of service".  I think that's a bit of a cop-out myself.

Any help would be greatly appreciated.  Hopefully I've provided enough info.


Sorry about the formatting - I tried to use a table - it looks like this forum doesn't like tables :(

Filter this topic showing only the reply marked as answer Create new topic
26595 posts

Uber Geek
+1 received by user: 6091

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 741823 8-Jan-2013 18:28
Send private message

I'm completely lost.

Are yoyu trying to use a Genius router with another ISP?




227 posts

Master Geek
+1 received by user: 26


  Reply # 741904 8-Jan-2013 20:37
Send private message

Good point Embarassed
Helps if I state it I'm migrating from my old ISP to the Orcon UFB service.

So no, I'm using the Orcon Genius router with Orcon, and a Thomson ADSL router with my old ISP.

26595 posts

Uber Geek
+1 received by user: 6091

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 741920 8-Jan-2013 20:57
Send private message

I've reread the post and can't even understand in the slighest what you're trying to do or what the problem actually is.




227 posts

Master Geek
+1 received by user: 26


  Reply # 741941 8-Jan-2013 21:27
Send private message

If it doesnt make any sense to you, I probably wouldn't waste anymore cycles on it, thanks for at least looking at my request for help.

Cheers

2435 posts

Uber Geek
+1 received by user: 144


  Reply # 741942 8-Jan-2013 21:30
Send private message

Are you trying to use both internet connections at once?



227 posts

Master Geek
+1 received by user: 26


  Reply # 741943 8-Jan-2013 21:38
Send private message

No.

As I mentioned in my first post, I swap out the old ISP's DSL modem with the Orcon genius router.

My intention is to migrate fully to the Orcon UFB service.

2435 posts

Uber Geek
+1 received by user: 144


  Reply # 741945 8-Jan-2013 21:41
Send private message

And what happens when you remove the firewall box?

(It looks like you'll have to go with double NAT or remove the firewall box.. why is it there in the first place?)




227 posts

Master Geek
+1 received by user: 26


  Reply # 741956 8-Jan-2013 22:02
Send private message

The firewall is actually a services gateway (UTM, AV, etc).
One is a Juniper SRX 100 and the other I've been testing with is a SonicWall NSA 3500.

My question is why would the Genius router fail to route packets back to the internal network?

It looks like I might have to remove the Orcon router and do some testing.  I think there might be something funny going on with the Orcon Genius "router" - at best guess.

26595 posts

Uber Geek
+1 received by user: 6091

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 741971 8-Jan-2013 22:22
Send private message

If you're wanting a complex setup the best thing to do is just ditch the Genius.



227 posts

Master Geek
+1 received by user: 26


  Reply # 741974 8-Jan-2013 22:26
Send private message

No offence, but it's hardly complex!
The hardest thing is working with a unit I know nothing about (the Genius Router) and don't have full access to.

I really wanted to maintain some level of support by continuing to use the Genius router.  But that's looking all but impossible.

I'll post back with the results once I've tested with a different router in the Genius router's place.



227 posts

Master Geek
+1 received by user: 26


  Reply # 741990 8-Jan-2013 23:32
Send private message

I've just replaced the Orcon Genius router with a Juniper SRX 100 and can confirm that everything is working now with NAT on the SRX100 and NAT turned off on the SonicWall NSA 3500.

I am now double NAT free Smile

I believe that there may be a problem with the Genius router and the way that it handles static route entries (or maybe its just be a lack of knowledge on the Genius router).

Of interesting note, my speeds have increased (slightly) and my ping is lower than before.


I really wanted to use the Genius router darn it!!!

If there is a keen Orcon employee reading this, I'm keen to share my findings as I can replicate the issue easily.



227 posts

Master Geek
+1 received by user: 26


  Reply # 744100 13-Jan-2013 16:36
Send private message

On further investigation, it looks more likely that the Genius router is not able to NAT to networks that are not directly connected (even though the NAT entry for the internal host is in the NAT table as expected). I've also seen this with the Drayteks.

3343 posts

Uber Geek
+1 received by user: 1089

Trusted
Vocus

  Reply # 744384 14-Jan-2013 10:05
Send private message

BigGuy: On further investigation, it looks more likely that the Genius router is not able to NAT to networks that are not directly connected (even though the NAT entry for the internal host is in the NAT table as expected). I've also seen this with the Drayteks.


That is very likely, not something we would test since it falls well outside the scope of a standard home network setup...  Glad you got it sorted, anyway.

Filter this topic showing only the reply marked as answer Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Microsoft Dynamics 365 Business Central launches
Posted 10-Jul-2018 10:40


Spark completes first milestone in voice platform upgrade
Posted 10-Jul-2018 09:36


Microsoft ices heated developers
Posted 6-Jul-2018 20:16


PB Technologies charged for its extended warranties and warned for bait advertising
Posted 3-Jul-2018 15:45


Almost 20,000 people claim credits from Spark
Posted 29-Jun-2018 10:40


Cove sells NZ's first insurance policy via chatbot
Posted 25-Jun-2018 10:04


N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34


Enable doubles fibre broadband speeds for its most popular wholesale service in Christchurch
Posted 2-Jun-2018 20:07



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.