Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




227 posts

Master Geek
+1 received by user: 26


Topic # 113169 8-Jan-2013 17:33
Send private message

Hello,
I've been playing around trying to get the Genius router integrated in to my home network.

FYI: before I rabbit on too much further, I can confirm that everything works fine if I plug the client machine directly in to to the Genius router.

This is the topology (or at least the important bits):
Other ISP Equipment (NAT)
    |
Firewall (Routing/Firewall only - no NAT) ---- DMZ
    |
Internal Network

Other ISP Equipment Internal IP: 10.1.1.1
Firewall WAN IP: 10.1.1.20
Firewall Internal IP: 172.17.1.1
Client Machine IP: 172.17.1.123

Currently this setup works great for services to/from my other ISP.

If I substitute the other ISP equipment for the Orcon Genius router and specify a route for the internal network on the Genius router (Advanced Settings, Applications - weird place to put static routes), I am unable to get out on to the internet from the Internal Network.
I can however, administer the Genius Router from my internal network indicating that routing is setup correctly.

Routes:
Index    Protocol    Source IP    Source Port    Pseudo IP    Pseudo Port    Destination IP    Destination Port
1    ICMP    172.17.x.123    0    121.99.25x.x    0    60.234.4.77    0
2    UDP    10.1.1.20    123    121.99.25x.x    123    116.66.162.4    123
3    UDP    121.99.25x.x    5060    121.99.25x.x    5060    60.234.18.111    5060
4    UDP    121.99.25x.x    35096    121.99.25x.x    35096    121.98.0.1    53
5    OTHER    10.1.1.1    0    121.99.25x.x    0    224.0.0.1    0

FYI, I have a default route on the Firewall for the connected WAN equipment (be it the Genius Router/Other ISP Equipment).
No IGP protocols are running or anything exotic like that :)

If I turn NAT on, on the firewall, I can browse the internet fine.

A traceroute from the NAT enabled config on the firewall shows this:
Tracing route to www.orcon.net.nz [60.234.4.77]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  10.1.1.1
  2    18 ms    17 ms    15 ms  121.99.252.1
  3    14 ms    15 ms    15 ms  121.98.9.141
  4    14 ms    15 ms    15 ms  60.234.4.77

Great!!!!  But I don't want double NAT for various reasons.

A traceroute from the NAT disabled config on the firewall shows this:
Tracing route to www.orcon.net.nz [60.234.4.77]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  172.17.1.1
  3    <1 ms    <1 ms    <1 ms  10.1.1.1
  4    *    *    *  Request timed out.
  5    *    *    *  Request timed out.
etc, etc.......

Looking at the NAT table on the Genius Router shows the internal IP address (as expected).  It also confirms that NAT is operational on the Genius Router.
Index  Protocol  Source IP  Source Port  Pseudo IP  Pseudo Port  Destination IP  Destination Port
1  ICMP  172.17.1.123  0  121.99.25x.x 0  60.234.4.77  0
2  UDP  10.1.1.2  0  123  121.99.25x.x  123  116.66.162.4  123
3  UDP  121.99.25x.x  5060  121.99.25x.x  5060  60.234.18.111  5060
4  UDP  121.99.25x.x  35096  121.99.25x.x  35096  121.98.0.153
5  OTHER  10.1.1.1  0  121.99.25x.x  0  224.0.0.1  0

I have tried three different firewalls thus far (I assumed it might the firewall).

Again, everything just works - with the other ISP's DSL modem in place.  BTW: I did have to enter a static route on that as well to get the traffic flowing to the internal network.

I cant see facility to do any trace logging on the Orcon router and Orcon tech support couldn't tell me how to find any trace options on the Genius router.  Admittedly, I've only had a cursory look!
Logging on the firewall shows traffic egress, but nothing coming back.

BTW: yes I have checked my firewall policies (to the point where I just allowed everything)!

I've just been told by Orcon that what I'm doing "is outside the terms of service".  I think that's a bit of a cop-out myself.

Any help would be greatly appreciated.  Hopefully I've provided enough info.


Sorry about the formatting - I tried to use a table - it looks like this forum doesn't like tables :(

Filter this topic showing only the reply marked as answer Create new topic
25663 posts

Uber Geek
+1 received by user: 5412

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 741823 8-Jan-2013 18:28
Send private message

I'm completely lost.

Are yoyu trying to use a Genius router with another ISP?




227 posts

Master Geek
+1 received by user: 26


  Reply # 741904 8-Jan-2013 20:37
Send private message

Good point Embarassed
Helps if I state it I'm migrating from my old ISP to the Orcon UFB service.

So no, I'm using the Orcon Genius router with Orcon, and a Thomson ADSL router with my old ISP.

 
 
 
 


25663 posts

Uber Geek
+1 received by user: 5412

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 741920 8-Jan-2013 20:57
Send private message

I've reread the post and can't even understand in the slighest what you're trying to do or what the problem actually is.




227 posts

Master Geek
+1 received by user: 26


  Reply # 741941 8-Jan-2013 21:27
Send private message

If it doesnt make any sense to you, I probably wouldn't waste anymore cycles on it, thanks for at least looking at my request for help.

Cheers

2377 posts

Uber Geek
+1 received by user: 107


  Reply # 741942 8-Jan-2013 21:30
Send private message

Are you trying to use both internet connections at once?



227 posts

Master Geek
+1 received by user: 26


  Reply # 741943 8-Jan-2013 21:38
Send private message

No.

As I mentioned in my first post, I swap out the old ISP's DSL modem with the Orcon genius router.

My intention is to migrate fully to the Orcon UFB service.

2377 posts

Uber Geek
+1 received by user: 107


  Reply # 741945 8-Jan-2013 21:41
Send private message

And what happens when you remove the firewall box?

(It looks like you'll have to go with double NAT or remove the firewall box.. why is it there in the first place?)




227 posts

Master Geek
+1 received by user: 26


  Reply # 741956 8-Jan-2013 22:02
Send private message

The firewall is actually a services gateway (UTM, AV, etc).
One is a Juniper SRX 100 and the other I've been testing with is a SonicWall NSA 3500.

My question is why would the Genius router fail to route packets back to the internal network?

It looks like I might have to remove the Orcon router and do some testing.  I think there might be something funny going on with the Orcon Genius "router" - at best guess.

25663 posts

Uber Geek
+1 received by user: 5412

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 741971 8-Jan-2013 22:22
Send private message

If you're wanting a complex setup the best thing to do is just ditch the Genius.



227 posts

Master Geek
+1 received by user: 26


  Reply # 741974 8-Jan-2013 22:26
Send private message

No offence, but it's hardly complex!
The hardest thing is working with a unit I know nothing about (the Genius Router) and don't have full access to.

I really wanted to maintain some level of support by continuing to use the Genius router.  But that's looking all but impossible.

I'll post back with the results once I've tested with a different router in the Genius router's place.



227 posts

Master Geek
+1 received by user: 26


  Reply # 741990 8-Jan-2013 23:32
Send private message

I've just replaced the Orcon Genius router with a Juniper SRX 100 and can confirm that everything is working now with NAT on the SRX100 and NAT turned off on the SonicWall NSA 3500.

I am now double NAT free Smile

I believe that there may be a problem with the Genius router and the way that it handles static route entries (or maybe its just be a lack of knowledge on the Genius router).

Of interesting note, my speeds have increased (slightly) and my ping is lower than before.


I really wanted to use the Genius router darn it!!!

If there is a keen Orcon employee reading this, I'm keen to share my findings as I can replicate the issue easily.



227 posts

Master Geek
+1 received by user: 26


  Reply # 744100 13-Jan-2013 16:36
Send private message

On further investigation, it looks more likely that the Genius router is not able to NAT to networks that are not directly connected (even though the NAT entry for the internal host is in the NAT table as expected). I've also seen this with the Drayteks.

Fully Operational
3343 posts

Uber Geek
+1 received by user: 1088

Trusted
Vocus
Subscriber

  Reply # 744384 14-Jan-2013 10:05
Send private message

BigGuy: On further investigation, it looks more likely that the Genius router is not able to NAT to networks that are not directly connected (even though the NAT entry for the internal host is in the NAT table as expected). I've also seen this with the Drayteks.


That is very likely, not something we would test since it falls well outside the scope of a standard home network setup...  Glad you got it sorted, anyway.

Filter this topic showing only the reply marked as answer Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

UFB connections pass 460,000
Posted 11-Dec-2017 11:26


The Warehouse Group to adopt IBM Cloud to support digital transformation
Posted 11-Dec-2017 11:22


Dimension Data peeks into digital business 2018
Posted 11-Dec-2017 10:55


2018 Cyber Security Predictions
Posted 7-Dec-2017 14:55


Global Govtech Accelerator to drive public sector innovation in Wellington
Posted 7-Dec-2017 11:21


Stuff Pix media strategy a new direction
Posted 7-Dec-2017 09:37


Digital transformation is dead
Posted 7-Dec-2017 09:31


Fake news and cyber security
Posted 7-Dec-2017 09:27


Dimension Data New Zealand strengthens cybersecurity practice
Posted 5-Dec-2017 20:27


Epson NZ launches new Expression Premium Photo range
Posted 5-Dec-2017 20:26


Eventbrite and Twickets launch integration partnership in Australia and New Zealand
Posted 5-Dec-2017 20:23


New Fujifilm macro lens lands in New Zealand
Posted 5-Dec-2017 20:16


Cyber security not being taken seriously enough
Posted 5-Dec-2017 20:13


Sony commences Android 8.0 Oreo rollout in New Zealand
Posted 5-Dec-2017 20:08


Revera partners with Nyriad to deliver blockchain pilot to NZ Government
Posted 5-Dec-2017 20:01



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.