Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




227 posts

Master Geek


#113169 8-Jan-2013 17:33
Send private message

Hello,
I've been playing around trying to get the Genius router integrated in to my home network.

FYI: before I rabbit on too much further, I can confirm that everything works fine if I plug the client machine directly in to to the Genius router.

This is the topology (or at least the important bits):
Other ISP Equipment (NAT)
    |
Firewall (Routing/Firewall only - no NAT) ---- DMZ
    |
Internal Network

Other ISP Equipment Internal IP: 10.1.1.1
Firewall WAN IP: 10.1.1.20
Firewall Internal IP: 172.17.1.1
Client Machine IP: 172.17.1.123

Currently this setup works great for services to/from my other ISP.

If I substitute the other ISP equipment for the Orcon Genius router and specify a route for the internal network on the Genius router (Advanced Settings, Applications - weird place to put static routes), I am unable to get out on to the internet from the Internal Network.
I can however, administer the Genius Router from my internal network indicating that routing is setup correctly.

Routes:
Index    Protocol    Source IP    Source Port    Pseudo IP    Pseudo Port    Destination IP    Destination Port
1    ICMP    172.17.x.123    0    121.99.25x.x    0    60.234.4.77    0
2    UDP    10.1.1.20    123    121.99.25x.x    123    116.66.162.4    123
3    UDP    121.99.25x.x    5060    121.99.25x.x    5060    60.234.18.111    5060
4    UDP    121.99.25x.x    35096    121.99.25x.x    35096    121.98.0.1    53
5    OTHER    10.1.1.1    0    121.99.25x.x    0    224.0.0.1    0

FYI, I have a default route on the Firewall for the connected WAN equipment (be it the Genius Router/Other ISP Equipment).
No IGP protocols are running or anything exotic like that :)

If I turn NAT on, on the firewall, I can browse the internet fine.

A traceroute from the NAT enabled config on the firewall shows this:
Tracing route to www.orcon.net.nz [60.234.4.77]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  10.1.1.1
  2    18 ms    17 ms    15 ms  121.99.252.1
  3    14 ms    15 ms    15 ms  121.98.9.141
  4    14 ms    15 ms    15 ms  60.234.4.77

Great!!!!  But I don't want double NAT for various reasons.

A traceroute from the NAT disabled config on the firewall shows this:
Tracing route to www.orcon.net.nz [60.234.4.77]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  172.17.1.1
  3    <1 ms    <1 ms    <1 ms  10.1.1.1
  4    *    *    *  Request timed out.
  5    *    *    *  Request timed out.
etc, etc.......

Looking at the NAT table on the Genius Router shows the internal IP address (as expected).  It also confirms that NAT is operational on the Genius Router.
Index  Protocol  Source IP  Source Port  Pseudo IP  Pseudo Port  Destination IP  Destination Port
1  ICMP  172.17.1.123  0  121.99.25x.x 0  60.234.4.77  0
2  UDP  10.1.1.2  0  123  121.99.25x.x  123  116.66.162.4  123
3  UDP  121.99.25x.x  5060  121.99.25x.x  5060  60.234.18.111  5060
4  UDP  121.99.25x.x  35096  121.99.25x.x  35096  121.98.0.153
5  OTHER  10.1.1.1  0  121.99.25x.x  0  224.0.0.1  0

I have tried three different firewalls thus far (I assumed it might the firewall).

Again, everything just works - with the other ISP's DSL modem in place.  BTW: I did have to enter a static route on that as well to get the traffic flowing to the internal network.

I cant see facility to do any trace logging on the Orcon router and Orcon tech support couldn't tell me how to find any trace options on the Genius router.  Admittedly, I've only had a cursory look!
Logging on the firewall shows traffic egress, but nothing coming back.

BTW: yes I have checked my firewall policies (to the point where I just allowed everything)!

I've just been told by Orcon that what I'm doing "is outside the terms of service".  I think that's a bit of a cop-out myself.

Any help would be greatly appreciated.  Hopefully I've provided enough info.


Sorry about the formatting - I tried to use a table - it looks like this forum doesn't like tables :(

Create new topic

This is a filtered page: currently showing replies marked as answers. Click here to see full discussion.



227 posts

Master Geek


  #741990 8-Jan-2013 23:32
Send private message

I've just replaced the Orcon Genius router with a Juniper SRX 100 and can confirm that everything is working now with NAT on the SRX100 and NAT turned off on the SonicWall NSA 3500.

I am now double NAT free Smile

I believe that there may be a problem with the Genius router and the way that it handles static route entries (or maybe its just be a lack of knowledge on the Genius router).

Of interesting note, my speeds have increased (slightly) and my ping is lower than before.


I really wanted to use the Genius router darn it!!!

If there is a keen Orcon employee reading this, I'm keen to share my findings as I can replicate the issue easily.

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

OPPO Find X2 Lite brings flagship features to mid-range 5G smartphone
Posted 29-May-2020 12:52


Sony introduces the digital camera ZV-1 for content creators
Posted 27-May-2020 12:47


Samsung Announces 2020 QLED TV Range
Posted 20-May-2020 16:29


D-Link A/NZ launches AI-Powered body temperature measuring system
Posted 20-May-2020 16:22


NortonLifeLock Online Banking Protection now available for New Zealand banks
Posted 20-May-2020 16:14


SD Express delivers new gigabyte speeds for SD memory cards
Posted 20-May-2020 15:00


D-Link A/NZ launches Nuclias cloud managed network solution hosted in Australia
Posted 11-May-2020 17:53


Logitech introduces new video streaming solution for home studios
Posted 11-May-2020 17:48


Next generation Volvo cars to be powered by Luminar LiDAR technology
Posted 7-May-2020 13:56


D-Link A/NZ launches Wi-Fi Certified EasyMesh system
Posted 7-May-2020 13:51


Spark teams up with Microsoft to bring Xbox All Access to New Zealand
Posted 7-May-2020 13:01


Microsoft plans to establish its first datacenter region in New Zealand
Posted 6-May-2020 11:35


Genesis School-gen has joined forces with Mind Lab Kids
Posted 1-May-2020 12:53


Malwarebytes expands into privacy with fast, frictionless VPN
Posted 30-Apr-2020 16:06


Kordia to donate TV airtime on Channel 200 to community groups
Posted 30-Apr-2020 16:00



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.