Replacing Firewall w/ DD-WRT Router

[EXCellR8]

We recently upgraded our internet service but discovered our existing firewall/router was seriously choking our connection. It's an older netgear fvs something something and it's time to replace it.

As a temporary solution I suggested transplanting a WRT54GL router with DD-WRT firmware in its place. Pretty straightforward, except for the fact that I am configuring it just like the netgear but I can't get internet.

I don't really need the wireless functionality or the DHCP server on the router, and I am putting in our static IP for WAN and our ISP DNS servers. The router local IP is the default 192.168.1.1 and our server (responsible for handing out IP addresses) is 192.168.1.5 with other clients ranging from 192.168.1.100 to 192.168.1.250 or so. Pretty basic but I'm obviously overlooking something.

I spent around an hour switching routers back and fourth, comparing settings, and trying to access the web. Only the netgear connects, no dice on the Linksys.

So I'm kinda stuck. Clearly not my month as far as networking goes, as I've already been waist deep in pf(non)Sense at home and now I can't get this working at the office. I think I need a refresher course...

Any assistance would be greatly appreciated.

 

[AnonymouseUser]

Reset and install the Linksys as if it were the only router in the setup. If that gets you internet, then dumb it down to what you want. If it still doesn't work, flash an older firmware and try again. Don't try a complicated setup until you know it works in a simple one.

 

[boomerang]

I spent around an hour switching routers back and fourth, comparing settings, and trying to access the web. Only the netgear connects, no dice on the Linksys.

How long did you power down the modem during this process?

I ask because I went around and around for a long time once trying to get a different router to work until in desperation I finally called Comcast. They wanted the modem powered down for about two minutes before powering it up with a different router connected. Following that policy I was able to swap numerous routers into the mix with no issues.

Although on some level it makes no sense, it evidently ensures that the retained MAC address of the previously connected device is cleared so that a new one can take its place.

I had an SB 6121 at that time which had only one field for retained MAC addresses visible when I logged into it. I now have a SB 6190 and that has two fields. And guess what, I can swap two routers that were previously connected without waiting two minutes and I will have an Internet connection.

 

[PliotronX]

How long did you power down the modem during this process?

I ask because I went around and around for a long time once trying to get a different router to work until in desperation I finally called Comcast. They wanted the modem powered down for about two minutes before powering it up with a different router connected. Following that policy I was able to swap numerous routers into the mix with no issues.

Although on some level it makes no sense, it evidently ensures that the retained MAC address of the previously connected device is cleared so that a new one can take its place.

I had an SB 6121 at that time which had only one field for retained MAC addresses visible when I logged into it. I now have a SB 6190 and that has two fields. And guess what, I can swap two routers that were previously connected without waiting two minutes and I will have an Internet connection.

Same here with a Charter modem/connection. I had to take it a step further and pop out the internal battery while power cycling the modem just to get it to forget the router's MAC.

Let me guess on the Netgear: FVS336Gv1 or 2? When Charter locally went from 30Mbps to 70Mbps (100Mbps for business connections), the Netgears of yesteryear couldn't supply above 50Mbps so had to provide them something different or, and beyond my comprehension because my boss has a thing for Netgear, the one and only Netgear Prosafe that will perform above 50Mbps but costs $400.

I am curious if the WRT will do the job. You may have to disable SPI.

 

[EXCellR8]

The router we have is a FVS318v3 I believe, and we can't even get 10Mbps when it's connected. I connect to the modem directly and we get 60Mbps. The FW/router is pretty cheap, so it's been a long time coming that we would need a replacement. Not sure what my boss is considering yet.

I haven't tried powering down the modem so that's something I can do. I'm pretty sure everything is configured correctly, and the DD-WRT router seems pretty stable. I was hoping we could get 50Mbps with it but I haven't been able to find out.

We have one internet connection at work and we don't do any heavy downloading or uploading. We were looking into doing offsite backup but our current equipment just isn't on par with what we'd need.

 

[AnonymouseUser]

With DD-WRT you should be able to set a custom MAC, so you can use the MAC from the old router if that's necessary.

Setup > MAC Address Clone

 

[EXCellR8]

Got fed up and switched over to Tomato firmware. Powered down everything, configured the router, and everything works fine. Got our full service speed, nice!

Thanks for the help.

 

[AnonymouseUser]

Got fed up and switched over to Tomato firmware. Powered down everything, configured the router, and everything works fine. Got our full service speed, nice!

Thanks for the help.

Some DD-WRT firmwares are buggy, and the only way to fix them is to flash a different version. I actually prefer Tomato myself, but DD-WRT supports more routers. Glad you got it working!

 

[EXCellR8]

I have Tomato on a router at home as well, same model. I am using it to bridge a connection from a couple computers and a PS4 to an access point and it has been rock solid since day 1. Granted the devices are all relatively close to one another but still...

Now if I could just get pfSense up and running I'd feel as though I got something done. That's for another day though...

 

[wisegeek]

Can i suggest you look into a Juniper networks SSG-5 they go on ebay for 40 bucks - 60 sometimes even lower than 40$ and are solid in terms of firewall features and much better than doing a dd-wrt with firewall (iptables)

 

[EXCellR8]

Yes the tomato router is just a temporary solution until we get something more secure. I've been doing a lot of digging and haven't come up with much to be honest.

We got quoted almost $1200 for a new firewall but my thoughts are that we don't need anything super robust. We only have one server and around 20 workstations, so something that's easy to manage and configure and can stand alone behind the modem without restricting throughput would be perfect.

Of course I'm still tinkering with pfSense at home and I have some good hardware to build my own firewall, but it hasn't gone very smoothly so far.