Ap Mode Missing Features

[PeteUKinUSA]

Hey folks

I just purchased an RT-N66U to do some fairly specific things and I've come up short.

The router has to be in AP mode... I'm on AT&T Uverse and they require DHCP to be given out from their gateway in order for the IPTV boxes to resolve certain addresses. Essentially if their gateway isn't the DNS server (and default gateway, for that matter) then no TV. This leaves me with a headache. I've already got a well established home network and I don't want to have to run a second network behind it on a different subnet. For a start the IPTV boxes would no longer be able to be discovered by various apps, nor would I be able to use the iPhone app as a remote control.

So, my solution... get a separate wireless router, put it in AP mode. DHCP addresses will continue to be given out by the AT&T gateway, however they'll be static reservations for the IPTV boxes. DHCP for everything else will be given out by the wireless router (in AP mode, let's not forget). Alternatively DHCP will be given out by the wireless router to my Chromecast as a static reservation - the DHCP scope will only include one IP address so the only device assigned a DHCP by the ASUS would be the one for the Chromecast. Why only the Chromecast ?...

I need DNS outbound traffic that goes across what I assume is br0 to 8.8.8.8 and 8.8.4.4 to be redirected to a DNS server of my choice. Lastly I want to be able to use the AICloud features which I would accomplish by telling my AT&T gateway to forward all incoming traffic (or at least certain ports) to the IP of my wireless router.

No when I turn on AP mode pretty much everything I need disappears.

DDWRT can do most of this (except for AICloud obviously). Shibby Tomato can do all of this. However in other respects they're a pain. I'd really like to accomplish all of this with Merlin. Am I out of luck ?

Thanks

Pete

 

[SnakeByte]

Pete,

I've got ATT U-Verse too, but have configured their router (home2wireless) to pass all traffic to my ASUS router. In order to make this happen, the router must be the ONLY device plugged into the ATT gateway, and you've got to configure the firewall settings for the detected router for "DMZ Plus." Note that this is a two step process... you'll hook up the ASUS and initially get the 172.x.x.x wan address, make the configuration changes, and then ask ASUS to re-acquire the wan ip address.

Thus, eventually the ASUS router gets your external ip adress. It the uses igmproxy to pass the IPTV stuff to the televisions. No need to go into AP mode.

The only trouble I've ran into with this solution is that the router can't handle more than a few simultaneous iptv streams before dropping packets. This seems to be a limitation of the igmpproxy process (I had the same trouble with dd-wrt).

 

[Ford Prefect]

...don't know what will happen when you run two DHCP servers (one in your ISPs gateway and one on the ASUS) but have you tried to start the DHCP-Server (dnsmasq) on the ASUS manually via a shell?

You need to configure it manually in any case in order to just hand out the IP for your cromecast.

 

[PeteUKinUSA]

Pete,

I've got ATT U-Verse too, but have configured their router (home2wireless) to pass all traffic to my ASUS router. In order to make this happen, the router must be the ONLY device plugged into the ATT gateway, and you've got to configure the firewall settings for the detected router for "DMZ Plus." Note that this is a two step process... you'll hook up the ASUS and initially get the 172.x.x.x wan address, make the configuration changes, and then ask ASUS to re-acquire the wan ip address.

Thus, eventually the ASUS router gets your external ip adress. It the uses igmproxy to pass the IPTV stuff to the televisions. No need to go into AP mode.

The only trouble I've ran into with this solution is that the router can't handle more than a few simultaneous iptv streams before dropping packets. This seems to be a limitation of the igmpproxy process (I had the same trouble with dd-wrt).

I get what you're doing and thanks for the reply, but it's alot of... umm... put it this way, the first time the IPTV streams start dropping packets my wife is going to have a very strong opinion. Do NOT come between a woman and her Downton Abbey.

 

[PeteUKinUSA]

...don't know what will happen when you run two DHCP servers (one in your ISPs gateway and one on the ASUS) but have you tried to start the DHCP-Server (dnsmasq) on the ASUS manually via a shell?

You need to configure it manually in any case in order to just hand out the IP for your cromecast.

You can have as many DHCP servers as you need. The client sends out a discover request, the servers will offer an IP and the client will request the first one it receives.

I think I'm over thinking it though.. I can simplify it to where I only need to redirect the DNS packets, but that's a headache in itself. IP Tables is new to me. I do firewalls all the time at work but they're all enterprise kit, not *nix boxes.

 

[RMerlin]

You can have as many DHCP servers as you need.

This is a bad idea, unless you specifically plan around it. For instance, each DHCP server will need to serve the same subnet, BUT use a different scope to ensure you don't have two devices obtaining the same IP address.

It will also lead to random weirdness on your network as router services are expecting their respective router to be the only DHCP server running on a network. Local name resolution for instance will be severely affected, as one router will have no knowledge of which hostnames were allocated by the other router.

 

[PeteUKinUSA]

This is a bad idea, unless you specifically plan around it. For instance, each DHCP server will need to serve the same subnet, BUT use a different scope to ensure you don't have two devices obtaining the same IP address.

It will also lead to random weirdness on your network as router services are expecting their respective router to be the only DHCP server running on a network. Local name resolution for instance will be severely affected, as one router will have no knowledge of which hostnames were allocated by the other router.

I'll rephrase that You can have as many DHCP servers as you want as long as you take the appropriate steps.

 

[PeteUKinUSA]

Right so I think I've got most of the way to what I want to achieve. The router is still in router mode with an IP of 172.21.0.2 and a default route of 172.21.0.1 (my "real" router). I have a DHCP scope with a single address which is manually assigned to my Chromecast. So the Chromecast has a default gateway of 172.21.0.2,a DNS server of my preference and 8.8.8.8 and 8.8.4.4 are given a route to an IP which doesn't exist.

If I disable the WAN I get no routing. If I enable the WAN it starts to route and most traffic seems to go fine but anything HTTP is redirected to a page which says "WAN interface not plugged in" (or words to that effect). This would appear to be baked into IP tables, looks like it does a transparent redirect to the internal IP address of the router.

So, after removing all of the entries in the IP tables NAT and Filter tables I think I managed to get everything working as it should. I then made a change and it would appear that after every change the firewall gets restarted which reinstates all the IP tables entries.

If I use a firewall-start script can I put a script which removes all the iptables stuff in there and will it run after each firewall restart ? Would like to know if I'm just wasting my time here and I can't do what I want without going to DDWRT or similar which I still really don't want to do.

Thanks

Pete