Netgear config. - confusion reigns
Can anyone help me understand the specifics of configuring DNS on my FVS336G firewall? I know what DNS is and what it does but I'm not a network expert (obviously).
I've got a LAN connected through a gigabit port on the FVS336G. This bit works fine. The 336G is connected from the WAN1 port on the 336G to an ethernet port on the cable modem/router. The WAN port on the cable modem/router has a static IP address.
My problem is slow browsing on the Web and intermittently I get a message saying that something(?) can't resolve DNS addresses (usually Google).
The cable modem/router has the static IP address defined and a primary and secondary DNS server (presumably located at my cable ISP). The modem/router has DHCP set to on. The 336G is presumably acting more as a switch but has DHCP on to provide IP addresses to my LAN devices. I've been playing around with DNS addresses on the WAN page of the 336G browser but it's really not clear if I need to specify them here, or if they will be applied by the modem/router when packets pass from 336G through WAN port to ethernet port on modem/router. Clearly DNS is being translated sometimes but not at other times. This confuses the hell out of me! The 336G config pages provide a number of options to define DNS servers: on the WAN1 ISP config page and on the LAN settings page. It didn't work when I entered the DNS servers on the WAN page, even though that is the most intuitive location. I've got Internet access with them defined on the LAN settings page (under DHCP setting), but with intermittent DNS failures.
The Cable modem/router is (I think) on a different IP subnet to my 336G firewall (modem address is 192.168.0.1 - 336G is 192.168.1.1) but I'm not sure if that matters as I can access the Internet through the firewall and the cable modem.
There are so many permutations on the 336G that it might take me years to try them all and find out what works. Hopefully someone on here will have discovered how to do it and be kind enough to put me out of my misery.
Fairfax Station, VA
DHCP clients on your LAN will use the DNS servers defined in the FVS336G's LAN DHCP config. Try changing them to 18.104.22.168 and 22.214.171.124; release and renew your PC's DHCP lease to start using the new DNS servers.
You might want to take the FVS336G out of the equation to see if your double-NAT setup is causing problems. Connect your PC directly to a LAN port on your modem/router to see if that might be the case.
Thanks for your reply, Tropic. You've said something really interesting here but I need to learn more to understand its implications. When I connect my laptop directly to one of the router ports on the cable modem everything works with the ISP's DNS servers. That suggests to me I have a problem with the 336G talking to the cable modem. Both have NAT on, both have DHCP on. I don't understand (yet) the intricacies of how these work in practice. I read somewhere about setting the cable modem/router as a bridge but to be honest I have no idea what that means or how to do, or if it would provide a solution.
If the cable modem has a static IP, does it need NAT on to talk to the ISP? I can almost understand why the 336G needs NAT on as it has multiple device IPs (dynamic ones from DHCP) that presumably pass through the 336G WAN port as just one IP address, but when the 336G WAN port presents a packet to the cable modem, what does the LAN port on the cable modem's router see? The same IP address that was presented by the 336G or is it translated to some other IP address and if so, what and how? I'm assuming it gets translated into the static IP of the cable modem at some stage, perhaps between the LAN side and the WAN side of the cable modem/router.
All of this points to ignorance on my part but all I really want to do is get rid of the latency when presenting a URL through my browser, which I'm assuming is my network config trying to translate DNS. Sometimes, after about 20secs, it works and takes me to the website, but sometimes it fails with a DNS error.
Do you think switching NAT off on the cable modem/router might work and could it create other problems? I have no idea how to do it but I'll check with my ISP.
Thanks for your time. I really appreciate your help. It's better to appear stupid for a minute than be ignorant for the rest of your life.
Fairfax Station, VA
I think your internet browsing issues can be fixed by putting the FVS336G on a shelf. If you need some of the extra features provided by the Netgear (VPN, SSL-VPN, etc.), you might want to contact your ISP to see if they're willing/able to disable their modem/router's NAPT functions and put it in bridge mode.
BTW, packets received by the modem/router from the FVS336G appear to originate from the FVS336G's WAN IP address (whatever IP address in the 192.168.1.0/24 subnet the Netgear has been assigned by the modem/router's DHCP server). As the packets traverse the modem/router onto the internet, they are rewritten again so that they appear to originate from your public IP address (the modem/router's WAN IP address).