|reply to brookeKrige |
Re: New install and existing router
Hi brookeKrige ,
I'll take a stab at some of these...
quote:You'll find very few, if any, home or SOHO routers that will provide QoS on switched interfaces. Most, if not all, will only apply QoS to traffic traversing the external interface.
Saw option#2 case (config your router as wireless-AP) for a while. Ended once he tried using its QoS to prioritize VOIP devices: rude awakening that [linksys E4200] QoS settings do not work in bridge-mode, nor even in informal bridge config (just disabling DHCP&NAT and avoiding its WAN port).
quote:Placing the router in the DMZ+ does indeed avoid double NAT. It also forwards all external traffic directly to the router (there is a caveat discussed below) so that the router handles firewall/forwarding rules. The advantage to this is that you can manage your router remotely if you wish, as well as the advantages of other advanced features of the router. QoS will also fully work in this scenario.
Option#1 worked with and without placing in DMZ+. Posters HEAVILY favor DMZ+ mode. As a newbie, I don't fully understand why yet (for majority installs not needing port-forwarding). One implied it avoids double-NAT, which was implied to break some VOIP devices (SIP-ALG packet rewriting stuff?).
quote:When the router is placed into the DMZ+ of the RG, all external traffic is forwarded directly to the router EXCEPT packets that have an implicit rule on the RG. So if there is a rule on the RG to forward all requests on port 443 to a STB connected to the RG, that rule will still be in effect, and no 443 requests will make it to the router. This is just an example.
With router in DMZ+ of 3800HG I saw RG's LAN - IP Allocation page say router was Firewall=Disabled (and didn't allow enabling it). Again, posters and obsolete RG manuals HEAVILY claim router in DMZ+ mode is still somehow firewall protected; and I don't understand yet what subset survives despite Firewall=Disabled.
quote:This is correct. As long as the RG and router have their LAN segments configured on different subnets, they should be accessible from one another. The only caveat here is that broadcast traffic is dropped at the router or RG, depending on where the broadcast originates. This is by design in any router. The problem that this introduces is that some applications, such as apps that control a STB, when connected to the router, are not able to send a broadcast to find a STB on the RG's subnet.
For option#1 (with DMZ+) case, saw both the router (192.168.2.x) and RG's (192.168.1.254) config web-GUI's were accessible (from the router's LAN). Not sure why (some posts appeared to imply RG's config IP should become unreachable). The router's WAN broadcasts for a DHCP server, the RG answers (to assign router the RG's self-same WAN IP), therefore router makes routing-table entry for RG's LAN IP (i.e. RG is reachable by side-effect of the RG answering as a DHCP server)?
My hourly rates:
$35 per hour.
$45 per hour if you want to watch.
$55 per hour if you want to help.
$100 per hour if you already tried to fix it.