Bridge Mode

[Alkuimista]

Hello,

I´ve been searching for a solution on the web with no success.

I had my internet setup with ASUS RT-AC56U connected to the ONT and the ISP router connected to the lan4 of the Asus, and everything was running fine, but the ISP, changed the hardware and now I have ONT and router in the same hardware.
My main problem is that I can't make use of VPN, change DNS and other stuff on the ISP router, anyway I can set it up in bridge mode, and leaves me with to separate networks, one for the ASUS and the other for the ISP Gateway.
With two separate networks, I can't make my devices such as home automation and media center to communicate, unless I put them in the same wireless network, but there are some devices I want to use a wired connection.
I have the ISP gateway connected to the WAN port in the Asus, if I connect it to a Lan port I will lose the possibility of using the DNS setup and probably VPN (not tested this one).

Both routers receive different public IP's.

Is there any possibility of having both networks connected, so I can hook up an ethernet cable in one device and make it reachable in the other network?

Sorry if this seems pretty basic or even impossible to achieve.

Also just a quick and probably silly question about Merlin firmware, I am running 384.3 version, when I was going to upgrade the firmware last night I saw 3.80.70_0 as the last release, should I upgrade it?

Thanks in advanced.

 

[ColinTaylor]

Also just a quick and probably silly question about Merlin firmware, I am running 384.3 version, when I was going to upgrade the firmware last night I saw 3.80.70_0 as the last release, should I upgrade it?

Sorry, I don't know the answer to your main question, but regarding the firmware version; 380.x is the legacy branch and 384.x is the current branch. So because you're on 384.3 that most recent firmware for you (at this moment in time) is 384.4_2.

 

[Alkuimista]

Sorry, I don't know the answer to your main question, but regarding the firmware version; 380.x is the legacy branch and 384.x is the current branch. So because you're on 384.3 that most recent firmware for you (at this moment in time) is 384.4_2.

Thank you

 

[Pila]

If your ISP provider box can be and is set to the bridge mode, than it can not be a router (any more) but is a modem. Its functions should be off.

This modem goes to the WAN port of the Asus router. Asus router has DHCP and is the boss of the only network. Use WLAN on the Asus and plug all the cables to it (or to the switches and them to the Asus).

As for the fw: everybody will tel you newer is better. I have Asus RT-AC56U (amongs others) running on Asuswrt-Merlin RT-AC56U_380.59 for over 2 years and have no plans to update it. Newer fw means fixed some of the old problems and introducing many new problems. Unless YOU have clear reason to update... Few days ago I bought a new router, uploaded fw 380.70 and now I have serious problems with it. Others (old ones) work excellent with 380.59.

 

[agilani]

Your options are:
1) putting your isp router in bridge mode and using the asus router as router

2) doing a double nat which should work for most of the use cases by pluging your isp into the wan port of your asus router - making sure the rfc1918 networks don't overlap (for example if your isp is using 192.168.1.0/24 you should configure your asus to use the 192.168.2.0/24 network range). Certain things like incoming connections or upnp will not work easily with a double nat solution

3) use your asus router as a wireless access point and use the isp router for everything.

 

[ColinTaylor]

As for the fw: everybody will tel you newer is better. I have Asus RT-AC56U (amongs others) running on Asuswrt-Merlin RT-AC56U_380.59 for over 2 years and have no plans to update it. Newer fw means fixed some of the old problems and introducing many new problems. Unless YOU have clear reason to update... Few days ago I bought a new router, uploaded fw 380.70 and now I have serious problems with it. Others (old ones) work excellent with 380.59.

This is patently not true. Just because you had one particular problem, with one router, running one firmware version, just before it died from a hardware fault, doesn't mean a completely different router running different firmware would have "many new problems". Just look at the change log for all the bug fixes and read the numerous posts from people that have had their routers hacked when running the older firmwares.

 

[Alkuimista]

Thank you all for the replys.
The isport router has an integrated ONT so can't plug the signal directly to the Asus router. That's my main problem now since I no longer have an ONT available to my needs after they updated the hardware.
The bridge mode works on port 4, but the isp router keeps his own wireless network and lan.
My main problem is not being able to devices on both networks tall to each other. The main reason has to do with home automation but also the isp router doesn't allow me to change the dns and I run pihole on a piece and I like setup the dns on the router to cover all the network connected devices.
They have the same ip range but are two completely different networks. I guess there's no way around this.

As for the firmware, I've been always on the latest version, but now I'm running with some issues like for some reason some of my devices can't see the 5Ghz network for a while.

Thanks again for your answers

 

[Pila]

This is patently not true. Just because you had one particular problem, with one router, running one firmware version

Well, I keep this practice for the last 25+ years. And this is my profession. And I started with: "Everybody will tell you the oposite".

I have had terrible disasters on devices due to new fw. Things turned particulary nasty last 10 years since almost no devices are made to high professional stadanrds of programming but China took over entire IT industry. Chinese are only interested in selling the box, how it works does not concern them. On the other end, OpenSource software creators think they must just keep adding, adding. Nobody cares on improving and fixing. Just making things new. I am speaking globaly, since e.g. Merlin and John keep excellent work with this fw. But, are very limited with what they have to base their work on.
I know how I write my own programs, how I test and fix and how I add new items. I do not tolearate my programs to have bugs. Having buffer overruns, being hacked by too long string, camon, that is a tragedy for anyboy claiming they are a programmer. But, I have no desire to loose time discussing this topic.

would have "many new problems". Just look at the change log for all the bug fixes and read the numerous posts from people that have had their routers hacked when running the older firmwares.

Preciselly: You just look at any new fw release and look at all the fixes it fixed following whater came before I will update all my device as soon as fw goes out saying: no bugs existed in previous version. I will use this previous version, of course. But, having quite a few devices, I would have to update firmwares and solve new problems likely every day and would spend most of my time doing that frutile work.

It took me months to catch and weed out all (hoipefully) problems in Asus routers alone, using the same fw I use on all of them (at this moment).

Some fixes need applying, but most - no. Anything which says prerequisites for vulenrability is: they are connected to your network and know your pwds - ridicuoulos.

People mostly have their devices hacked because they did not change default admin... And because they did something they should not have done. If so wrong, how come we have several 10+ years old Window XP computers running perfectly, never had any anti-virus anywhere and neverr applied any patches which I did not want. And never had anyything hacked. I have 3 networks, some 30-40 devices. The only ocassional problems were caused from the inside by users doing what they should not do And was rectified in a minute or two.

 

[Pila]

The bridge mode works on port 4, but the isp router keeps his own wireless network and lan.

agilani listed your options well. The simplest solution is as I said before: plug the cable from your modem (ONT) into WAN port of the Asus and use it as a router. Do not use ONT's WLAN or switch. ONT's DHCP will assign an address to the Router and that is it. You will be in a DoubleNAT but all your devices will be on the same network governed by the Asus router. You will not have to work with additional routing to connect them.

 

[martinr]

Well, I keep this practice for the last 25+ years. And this is my profession. And I started with: "Everybody will tell you the oposite".

I have had terrible disasters on devices due to new fw. Things turned particulary nasty last 10 years since almost no devices are made to high professional stadanrds of programming but China took over entire IT industry. Chinese are only interested in selling the box, how it works does not concern them. On the other end, OpenSource software creators think they must just keep adding, adding. Nobody cares on improving and fixing. Just making things new. I am speaking globaly, since e.g. Merlin and John keep excellent work with this fw. But, are very limited with what they have to base their work on.
I know how I write my own programs, how I test and fix and how I add new items. I do not tolearate my programs to have bugs. Having buffer overruns, being hacked by too long string, camon, that is a tragedy for anyboy claiming they are a programmer. But, I have no desire to loose time discussing this topic.


Preciselly: You just look at any new fw release and look at all the fixes it fixed following whater came before I will update all my device as soon as fw goes out saying: no bugs existed in previous version. I will use this previous version, of course. But, having quite a few devices, I would have to update firmwares and solve new problems likely every day and would spend most of my time doing that frutile work.

It took me months to catch and weed out all (hoipefully) problems in Asus routers alone, using the same fw I use on all of them (at this moment).

Some fixes need applying, but most - no. Anything which says prerequisites for vulenrability is: they are connected to your network and know your pwds - ridicuoulos.

People mostly have their devices hacked because they did not change default admin... And because they did something they should not have done. If so wrong, how come we have several 10+ years old Window XP computers running perfectly, never had any anti-virus anywhere and neverr applied any patches which I did not want. And never had anyything hacked. I have 3 networks, some 30-40 devices. The only ocassional problems were caused from the inside by users doing what they should not do And was rectified in a minute or two.

I’m sure you meant to say: with no indications of ever having been hacked, rather than “And never had anything hacked.” You’re probably right, but “probably” isn’t good enough.

 

[Pila]

I’m sure you meant to say: with no indications of ever having been hacked, rather than “And never had anything hacked.” You’re probably right, but “probably” isn’t good enough.

No. I ment what I said. I check and verifry everyhing. Every device I manage must have a firewall (inbound and outbount!) working in the whitelist mode. Even our phones have it So no, nothing can get by.

My ddns-start script has 2039 lines and is run every 5 minutes. Different computer overseas my router. Not only my cameras or tablets used as monitors are not allowed to the Interet, my servers can not go to the Internet, too My e-mail server has never had any IP address auto-banned. And each day there are hunderds of tries to breach it. My hobby is lock picking. I am in paranoid mode.

But that being said, anything is possible. There is no absolute security in computers. I am just saying I am online from 1990, never had a problem on any location and keep re-checking everything. And if I want to breach someone in particular, there are much better ways to do so.

 

[martinr]

“My hobby is lock picking”. That sounds even more interesting than all this network stuff!