Hi guys,
I’m double natted, and would like to disable the firewall on my SlateAX.
Reason being, I’d like to route a subnet from my primary router to the SlateAX.
When I disable the Firewall in Luci from the startup page, I can’t seem to get the Internet/DNS to work on the SlateAX any longer.
What’s the best way to disable the WAN firewall and all all traffic inbound.
You want to run it in Extender mode (Wireless) or Access Point mode (Wired).
Firewall will be disabled and the SlateAX will be on the same subnet as your primary router.
(Think that’s what you’re asking 
)
I want to keep both routers on different subnets, I just want to route between the two of them with no firewall on the SlateAX
I did try extender mode, which did exactly what you said, It put my slate on the same network, but my primary router was seeing devices interchange with each other. Like they share the same Mac address.
So I couldn’t route stuff properly on the primary.
You might want to try a derivative of my setup. Not tried it but cannot see why it will not work.
I too am double nat’d. However I route on my local network, and (for reasons) want double NAT to the Internet.
In system->advanced Settings, log into OpenWrt Luci, username root, same password as normal interface.
On network interface, goto firewall and select the NAT tab.
My rule is
You could try changing:
the source address to your Lan subnet, out of the box 192.168.8.0/24
the destination address to 0.0.0.0/0
In principal this should match all packets, and perform the ACCEPT No NAt, before we hit the default rule that nat’s the output.
You’ll need a static route for the router upstream of the Slate/AX. Anything on the same subnet as the Slate will need its own routing entry, otherwise you’l need to NAT it back via the upstream router.
You’ll also have to allow traffic to flow through the slate.
On the Traffic Rules, you’ll need to ad d a rule allowing traffic from the subnets in front of the Slate, to the subnets behind it, my rule for the NAT rule above above:
Again your source should be 0.0.0.0/0, and your destination the lan subnet(s), typically 192.168.8.0/24
You should probably write a rule blocking access to the router itself from the WAN. Place this above your no-nat rule, and below any rules you have that open ports on the router such as ssh, or web.
I think the GL-Inet firewall rules will be above by default for open ports.
Hope this helps, if you need more info let me know. At work tomorrow so might not be able to get back straight away.
Simon
Sorry, I assumed you wanted only single NAT to Internet, which is why I went on about 0.0.0.0/0. I re-read your post, and what you want to do is similar, to my setup. So igore the 0.0.0.0/0 stuff, unless you really do want to avoid double NAT to the internet.
Apologies.
Simon
