In short. I have a main router with IP 10.0.0.1 and the DHCP server disabled. I've set up port forwarding on it for a few ports to a local NAS at IP 10.0.0.99. Alongside this, I have a Brume 3 (10.0.0.105) set up in Drop-in Gateway mode, where AdGuard Home handles DHCP and DNS. The DHCP server in AdGuard is configured like this (gateway: 10.0.0.105, subnet mask: 255.255.255.0, IP range: 110-254). Everything seems to work fine, but when I set the gateway on the NAS to 10.0.0.105, port forwarding to it stops working. And I feel like it should work, because the Brume 3 in Drop-in Gateway mode shouldn't be doing NAT. Right?
That's logical.
If your device uses a different gateway than the one that offers the NAT - it won't work.
The route must be the same in both ways (like from the internet to your device and vice versa)
Asymmetric routing will destroy your port forwarding.
1 Like
Sounds logical, but in every GLI documentation I saw, they say to set Brume 5 IP as a main gateway IP in every device ( Drop-in Gateway - GL.iNet Router Docs 4 for example) and on the same time use main router to port forwarding. So im quite confused.
Problem with this function is, basically it is just a hack it goes against everything.
If you know how the engine runs under it, it basically just spoofs arp and spams the awnser that the router is the gateway more frequently than the normal gateway, something hackers actually could do in the wild but then this is presented as a function.
Imo never was fan of this function because it mostly tries to fix a symptom than the actual issue.
If it is a form for capisulation, like a bunch of clients behind a different nat you want to be part of this router.
You can look into vlans to pull it off, or just configure the router as dumb switch it really depends which direction and use case.
In my own network I use vlans and that is how I can use a single router with all clients combined, even if there was a firewall.
Okay. I played with it a bit and I'm posting this here for posterity. Maybe it'll come in handy for someone in the future.
Drop-in Gateway mode has two operating options: "All devices are networked through Drop-in Gateway" and "Specific devices are networked through Drop-in Gateway."
In practice, they differ only in this way: in the first option, Brume 3 provides the gateway IP address via DHCP as the IP address that Brume 3 itself has, whereas in the second case, it provides via DHCP the gateway address of the first, main router. In the second scenario, Brume 3 acts only as a DHCP server.
Considering things like port forwarding, the second mode is the preferred one. Honestly, I don't know what the purpose of the first one is.