help unfubar my home network?

[kardain]

I've been working at this for some time and so far haven't found a solution.

Here's what's going on.... I telecommute so have to use a work supplied router. The instructions they gave me say the following:

Modem --> internet port of work router --> port 1 of work router to work computer, port 3 of work router to personal equipment.

I have a cable from the internet port on personal router to port 3 of work router, internet port of work router to modem.

This works for most everything except for XBox Live. Having this particular set up causes NAT to be strict (since the work router cannot be configured by me in any way). In turn, this causes random disconnects on XBL... sometimes the connection will last 10 minutes, other times 30 seconds. There are other side effects to this setup, but the XBL one is the one I'd like to tackle at the moment.... the rest are gravy.

What I am wanting to do is this:

The home router is already set up for open NAT and whatnot and has all the necessary connections and port forwards intact to run everything on my home network w/out fail....

At my disposal as far as extra equipment I have a WRT54g running dd-wrt that is not being used (was for a time being used as a wireless repeater), an unused Linksys E1000 running dd-wrt, a netgear GS105 switch. The home router is a WRT310N on stock firmware, work router is an aruba something or other.

The home router is on ip range 192.xxx.xxx.xxx and subnet 255.255.255.0, work router is 10.xxx.xxx.xxx with an unknown subnet.... I can get the setup per the work provided instructions to feed through the netgear switch, but if I hook up the WRT54g (IP range 174.xxx.xxx.xxx) as a wireless router to the switch (just to test as to not mess anything up on the ghetto set up), no data passes through the switch, but data will continue to pass through the switch to the discombobulated setup....

I'm supposing I can use the WRT54g as a managed switch instead of the unmanaged netgear, but how is the question.

Any suggestions would be appreciated.

Thanks!

 

[fishsticks]

This is a hack, but run your work router behind your home router. Plug your home router directly into your modem. Set your work router as DMZ in your home router if you need to.

Double NAT is kind of lame, but it'll get what you want done. It sounds like they are doing the same thing with your work router anyway.

 

[djthumper]

This is a hack, but run your work router behind your home router. Plug your home router directly into your modem. Set your work router as DMZ in your home router if you need to.

Double NAT is kind of lame, but it'll get what you want done. It sounds like they are doing the same thing with your work router anyway.

The only way that the setup you show will work is if you are supplied with multiple IP addresses from your ISP.

 

[kardain]

Those sound like a couple good starting points. I'll give the dmz part a try first, if that doesn't work then call up the isp to see if I can get a second ip. If they can add the second ip, is it as simple as modem -> dumb switch -> two routers?

 

[djthumper]

It should but most ISPs don't give home accounts more than 1 IP addresses. I guess they might do it for a price though.

Sounds like they gave you a VPN appliance though. Is this what they gave you? http://www.arubanetworks.com/product/aruba-rap-5-access-point/

 

[kardain]

Yep, that's the exact model.

 

[walterc4553]

The only way that the setup you show will work is if you are supplied with multiple IP addresses from your ISP.

It should but most ISPs don't give home accounts more than 1 IP addresses. I guess they might do it for a price though.

Sounds like they gave you a VPN appliance though. Is this what they gave you? Aruba RAP-5 Access Point | Aruba Networks

The advise is correct.
To use a dumb switch and connect two routers you need two IP's from your ISP. ISP providers do not provide multiple IP's unless you pay for them.

Connect as follows Modem - Personal router - work router.

Setup the DMZ on a single port on the personal router or setup the DMZ for a single internal IP address. Then connect the Work Router to the Port or assign it the DMZ IP address.

Another option is to find out what ports the work Router needs for communication and setup port rules for that device.

 

[kardain]

Thanks for the confirmation. I won't have much time to tinker with it till this evening. IIRC, the 310n's stock firmware won't allow for dmz on one of the numbered ports, just by ip or mac address. I'll dig around on the 54g as it has dd-wrt already and see if it will dmz a numbered port (or at least more than ip/mac) before installing it on the 310n.

Otherwise, cost isn't really an issue for the second ip. It's a price I'd be willing to pay to not have to constantly reconnect to xbl every few minutes

 

[djthumper]

XBL was having connectivity problems and had a lot of lag recently.

 

[fishsticks]

Thanks for the confirmation. I won't have much time to tinker with it till this evening. IIRC, the 310n's stock firmware won't allow for dmz on one of the numbered ports, just by ip or mac address. I'll dig around on the 54g as it has dd-wrt already and see if it will dmz a numbered port (or at least more than ip/mac) before installing it on the 310n.

Otherwise, cost isn't really an issue for the second ip. It's a price I'd be willing to pay to not have to constantly reconnect to xbl every few minutes

Stock Linksys firmware will sequentially number DHCP leases starting at 100, 101, 102 etc... Just set the DMZ to .100 and power cycle the router with just the VPN box plugged in.

 

[kardain]

This is solved. Thanks folks!

I called the ISP first. No go on the second IP address unless either I pay for a full second connection or upgrade to a business account.

So, on to DMZ. Turned off all the internet connected devices that pull a dynamic IP, chained the VPN to the home router, and set up DMZ protocols.

Stock Linksys firmware will sequentially number DHCP leases starting at 100, 101, 102 etc... Just set the DMZ to .100 and power cycle the router with just the VPN box plugged in.

That's it does, however to prevent an IP conflict in the future, got the vpn mac address instead. Set the mac as dmz, and so far, so good.... There are two tests I'm running at the moment. 1) can I stay connected to xbl longer than 10 minutes and 2) can I watch a show via amazon prime on xbmc after being "at work" all day... I tested my work computer and it picks up the proper domain and whatnot via the vpn...

The real test comes Monday...