Please help me with Router Configuration

If however you need specific ports you can configure port forwarding. For example if your TV wants to access Synology on port 443, you can only allow that port to be accessed.

Please do this quick setup to verify connectivity:

  • on your Opal router go to Network-> Firewall → DMZ

  • Enable the DMZ and insert the IP address of your Synology

  • go to your PC that is connected to to your ISP and ping the Synology IP.

Working ?

Unfortunately not…

First of all I said ping not traceroute! Try to configure pc2 in the DMZ and recheck with ping.

Make sure yhere is no enabled firewall on Synology or pc2 ? If pc2 is windows then disable the firewall before pinging

Have you looked at the Drop-in Gateway functionality? Will it do what you want?

Sorry, so I did the DMZ thing, with ither firewall enabled or disabled and this is what I get

If I do this groentjuh wrote, i get this:

In theory (with my little knowledge) it may do what i am trying to do but I believe that is not a wise to do. Opal is a medium capability router and I believe cannot handle all my in house devices. Also my ISP Router has voip telephone in it and also 4G sim card, so that it bonds wired internet speeds with 4G mobile speeds.

I am afraid that if I disable the DHCP of the ISP router something may broke

Can you access your Opal through LuCi?
try to browse to: https://192.168.8.1/cgi-bin/luci/admin/network/firewall

did you get similar to the screenshot below?

Yes I can access it.

Here is the firewall page

Understood. However, I don’t think that you will be able to achieve what you are looking for as long as you have two different firewalls and subnets. I would be very interested if this could be achieved as I have looked to doing the same for a long time to no avail. Finally gave up and changed my setup completely to a single NAT and DHCP server using Asus router with Wireguard functionality. I am missing the Tailscale functionality of my GL.iNet but can possibly live without it for now.

So maybe this is something that cannot be done? But then again with my brain logic (not lan knowlegde) how difficult can that be for the ISP router so that every traffic with x.x.5.x ip to be send to the Opal router and then Opal router looking to it’s last digid, to send the traffic to the correct device?

I mean I thought mankind wouldn’t have stuck to such a simple (with my thinking) problem…

LOL

It can be done in tens of ways! As I mentioned earlier in this post, there are different technical ways to achieve what you are trying to do with the current setup. But because you are not so technical we trying to find the easiest for you in terms of troubleshooting and configurations!

Since you have another ISP router functioning as a NAT, it is safe to allow traffic coming from WAN. Please change the input rule on the WAN interface to accept, save and test ping again.

Update: you may also need to disable “Masquerading” on the same rule: WAN → REJECT. uncheck the Masquerading and save and apply. Try to ping.

Problem (not really a problem as this is how NAT is meant to work) is that your ISP router can only see the x.x.1.x IP range from the LAN side including everything that is lumped up and coming from your Opal (and hence your GL.iNET’s IP also being within that subnet: i.e. 192.168.1.51) and can never deal with the x.x.5.x range as this is assigned by the Opal NAT process and is not possible for it to be exposed to the parent router.

Just a question before doing that and reporting the ping results. I will aply only the last instructions or I shall also have the previous (DMZ enabled) too?

Only last instructions - Disable the DMZ completely.

Tailscale is free for personal use. It runs on Android TV and Fire TV as well. Consider upgrading the Opal to a newer GLinet router that runs Tailscale.

You’re partially right! It is about two things NAT is blocking incoming traffic from the WAN side by default AND the ISP router can only see the network x.x.1.x.

So, if he disables the NAT (because he is still protected by the ISP’s router) then all what is left is to have routing added from from the ISP network to the x.x.5.x.

1 Like