Firewall with DHCP off?

[viperzxz]

Hi,

I regularly follow this forum and it has helped me a LOT. For this, thank you. I've ran into a question I can't find an answer to.

If I turn off the DHCP on my router, do I also turn off my router's firewall?

I have an Asus AC56U with the latest firmware and I am considering turning off the DHCP so that my modem handles this job, but by doing so, do I also turn off my AC56U's firewall? I ask because I would like to keep this on while turning off the DHCP.

 

[abailey]

You can turn off DHCP and keep the firewall on. But if your firewall is on, how is your Modem going to hand out the DHCP since it will be blocked by the firewall? Not exactly sure how you are set up but most of the time if you want to use your own router as the firewall as opposed to the Modem/Router often provided, you would put the Modem/router in bridge mode and then let your aftermarket router (Asus) be the firewall and DHCP.

 

[viperzxz]

You can turn off DHCP and keep the firewall on. But if your firewall is on, how is your Modem going to hand out the DHCP since it will be blocked by the firewall? Not exactly sure how you are set up but most of the time if you want to use your own router as the firewall as opposed to the Modem/Router often provided, you would put the Modem/router in bridge mode and then let your aftermarket router (Asus) be the firewall and DHCP.

Thanks for the response. I want to keep both firewalls on. The reason is that I have a hub and my router connected to our internet modem and they're in different locations.

Setup..

Modem connects to HUB and AC56U (the HUB and AC56U are about 30 feet away from each other). HUB provides ethernet connection to 3 computers. AC56U provides connection to 3-4 computers via wifi.

I will be connecting a NAS to my AC56 so that the devices that connect via the hub and the AC56U can backup to this NAS. (This is why I want to turn off the DHCP on the router). The NAS will be a WD My Cloud. The computers are a mixture Macs and PCs.

If you can provide any more guidance, it's greatly appreciated.

 

[htismaqe]

What kind of firewall is protecting the devices connected to the hub?

Your configuration sounds like a typical situation where the modem/NID is the router/DHCP/firewall and the Asus router should be setup in AP mode.

If you connect the NAS to the AC56U, devices connected directly to the hub would have to have firewall rules configured in the AC56U in order to use the NAS (or any other resources connected to the Asus).

 

[chadster766]

If your modem is also a router\firewall than:

I this case you can configure the router in a "LAN to LAN".

Give the router a static lan ip address outside the dhcp range.

Disable dhcp server on the router.

Connect the router's lan port into the modem's lan port.

Nothing is ever connected to the router's wan port in this configuration.

Other devices can be connected to the router's lan ports or wireless.

 

[RogerSC]

The RT-AC56U does have an Access Point (AP) mode, which makes life easier for you to use it as a wireless AP. Most of the settings that you'd need to make to use your RT-AC56U will be taken care of by just putting it in AP mode. This will turn off DHCP, etc. You'll need to set up the wireless as you normally would expect, of course. This assumes that your cable modem includes a router piece that can do the routing and DHCP part of the work, then the RT-AC56U will mainly be a wireless AP.

You can also plug the WAN from your modem into the WAN port of the RT-AC56U, which gives you an extra available wired LAN connection since you'll have the RT-AC56U in AP mode.

 

[sfx2000]

What kind of firewall is protecting the devices connected to the hub?

Your configuration sounds like a typical situation where the modem/NID is the router/DHCP/firewall and the Asus router should be setup in AP mode.

If you connect the NAS to the AC56U, devices connected directly to the hub would have to have firewall rules configured in the AC56U in order to use the NAS (or any other resources connected to the Asus).

I suspect that the OP has something that needs the GW/Router/AP to send traffic to outside of the Asus box... perhaps either telephone or television extension boxes (common with uVerse out here in SD, CA - bridge their box and lose TV access on the wireless extenders)

The Modem/GW has it's own firewall, and you've got NAT to cover your back on that side, so as others suggested, just turn the Asus box into an AP by disabling DHCP on it, give it a static IP outside of the DHCP scope, and plugging the Ethernet cable into a LAN port. Good tutorial on the main web site here.

Otherwise, bridge your Modem box, and let the Asus or other AP/Router handle the heavy lifting...

sfx

 

[htismaqe]

I suspect that the OP has something that needs the GW/Router/AP to send traffic to outside of the Asus box... perhaps either telephone or television extension boxes (common with uVerse out here in SD, CA - bridge their box and lose TV access on the wireless extenders)

The Modem/GW has it's own firewall, and you've got NAT to cover your back on that side, so as others suggested, just turn the Asus box into an AP by disabling DHCP on it, give it a static IP outside of the DHCP scope, and plugging the Ethernet cable into a LAN port. Good tutorial on the main web site here.

Otherwise, bridge your Modem box, and let the Asus or other AP/Router handle the heavy lifting...

sfx

Yeah, I kind of arrived at the same conclusion you did, which is why I asked.

It doesn't really make sense, given the information he's post so far, why he would want to retain any routing or firewall functions in the Asus. Set it to AP mode and make it simple.

 

[viperzxz]

What kind of firewall is protecting the devices connected to the hub?

Your configuration sounds like a typical situation where the modem/NID is the router/DHCP/firewall and the Asus router should be setup in AP mode.

If you connect the NAS to the AC56U, devices connected directly to the hub would have to have firewall rules configured in the AC56U in order to use the NAS (or any other resources connected to the Asus).

The modem's firewall. These computers, 2 are macs and one is a PC. The PC uses avg total security for its firewall.
These computers also have wireless cards in them, they're desktops, and if the wireless cards provide better performance for backups then I will disconnect them from the Ethernet. Ethernet speed is 100 (not 1000)
My modem is a cable modem.

Sent from my SM-T320 using Tapatalk

 

[htismaqe]

If your modem is providing the firewall functionality, leaving the firewall on in the Asus is redundant and not providing you much value.

In addition, while I don't have that specific Asus so I can't say this is 100% true, most SOHO routers like these don't have a firewall separate from their NAT functionality. What this means is that you actually have double NAT, which is going to cause you all kinds of problems and may not even work in the setup you're considering.

You would be much better served I think to just disable all routing functions in the Asus and make it an AP.

 

[stevech]

no firewall in a modem. It's a layer 2 device. has no NAT.
A modem/router combo of course does.

We're mixing terms here.

 

[htismaqe]

Well, if the "modem" is providing FW functionality, it being a combo device is kind of assumed. My apologies, I'll be more clear in the future.