Please help me with Router Configuration

Technical Support for Routers
61

Question: If I connect the PC.1 under Opal (have done that just for personal testing, did it even during the last test) then PC.1 pings PC.2 normally. I did that to test if firewall blocked me and it didn’t.
So do I still have to dissable the firewall?

Editing this post to let you know that I took a 6 hour penalty to make a new post…

image
image682×596 20.8 KB

Opal router is indeed always 192.168.1.51

C:\WINDOWS\system32>ping 192.168.5.198

Pinging 192.168.5.198 with 32 bytes of data:
Reply from 192.168.1.1: Destination host unreachable.
Reply from 192.168.1.1: Destination host unreachable.
Reply from 192.168.1.1: Destination host unreachable.
Reply from 192.168.1.1: Destination host unreachable.

Ping statistics for 192.168.5.198:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Made the test with both firewalls (kaspersky and windows) off
Tried (for test) with firewalls on, but same results

The test was done with the static route applied. I just took the snapshot just before i hit “apply”

I verify the Opal’s ip both from inside opal and from the device list of the ISP.

Just for reference here is my Slate AX:

And from inside the ISP

Oh my God…What else have I to think to bypass the penalties I get here…

62

YES! because the firewall does not block ICMP originating (outbound) from the device’s interface… but if it is coming from outside world (inbound) then it is blocked by default.

You can enable the firewall once the testing is finished and you verify the connectivity in both directions PC1 ↔ PC2.

63

Did you do the test with or without static route ? Your screenshot shows static route table empty !

64

How did you find out ? Try to ping 192.168.1.51 from your isp router …. Also ping from pc 1

65

Sorry I was in jail. LOL

66

I said ping the Opal ip from your isp router and pc 1 ! Saying verified it does not mean anything you have messed up your settings on both routers and I need to make sure ICMP (eg ping ) is not being blocked

67

eh… how can I do that?

68

In Opal: ping 192.168.1.1

IMG_1347
IMG_13471125×1753 107 KB

Honestly this is taking very long post I am not gonna feed you everything you have to learn how to navigate your routers menus - familiarize yourself with the menu and routing and firewall options !

I am quiet sure that the configurations I have given you so far should work UNLESS you have done some weird configurations.

1 Like
69

If you suspect that one or both of your routers blocking ping , then try from pc1 to access Synology web interface or ssh or ftp etc…

70

Please note in your last test there was no loss as compared to previous tests! That means the settings I gave were correct but ICMP was dropped by the Opal router! Again from PC1 try to access different services on Synology/pc2 like FTP/WEB/SSH…

71

image
image1453×732 49.5 KB

I really cannot think of any weird configurations I may have done…

web interface as well as ftp are not working… If I connect Synology under my ISP router, everything works fine…

All this may be over my capabilities and sure is over my knowledge…

72

This is what I can find in my ISP router, concerning Opal Router

image
image1086×833 34 KB

73

Eh… I just found something important guys…

Of course my fault… Do you remember Route table No 6 rule?

22
221522×1317 195 KB

74

image
image1112×1769 64.6 KB

192.168.5.x was also the conditional Address Pool of the ISP Router!

Aaaaaand who had done that? Myself of course!

Now that I disabled it… I am running test’s with the last testing setting that SpitzAX3000 gave me!

Stand by for results

75

IT WORKS!!!

SpitzAX3000 you are the one!

Ok a couple of questions if you are kind enough

  1. I have applied the static route in my ISP

IP Address: 192.168.5.0
Gateway: 192.168.1.51
Subnet Mask: 24 (or 255.255.255.0)

  1. In Opal Router:
    -Wan zone => Lan (Accept, Accept, Accept) Masquerade ON (because OFF I tried first but could not access the ISP router from PC.2 (nor any other device under my ISP router))

  2. Wireguard works perfectly via Opal (for every device under Opal (PC.2, Synology, mobile phone, etc.)

So shall I leave these setting as they are, or shall I change something?

Thanks Again SpitzAX3000!

76

That’s great you have found the issue ! Glad to help.

As for masquerade, if your devices under opal can access the internet as well as the devices under the ISP, then keep it ON.

77

That’s was a mistake ! Because the Opal router is responsible for this network NOT the ISP! And you can spot the issue from the last screenshots you provided : for example rule no 6 shows that the isp can route traffic to this network through interface br0 whereas the interface is LAN4!!!

78

With masquerade on, I think you don’t even need the static route. Try to remove it and test the connections between your devices.

79

Tried it, but the connection is lost if I delete the static route.

Now that I can access synology from PC.1 (via inputing it’s ip), I notice that I cannot access it with SMB (SMB was the way that I used to work). Minor loss now that I cannot, but was nice to have it. (i.e. I could see the synology via my network in win10.

80

The next goal is to make the two Gl.inet routers (Opal and Slate AX) connect via “site to site”

Had tried in the past, tried it again now I get the following:

image
image701×582 14.4 KB

-Both router’s have a public IP: I believe they both have. Opal through ISP router and Slate AX through a Huawei 4G mobile router (E5788).

-Port 51830: I guess I have to open this port to both ISP and E5788 router?

-Router behind NAT: I guess both Opal and Slate are behind NAT’s right? so I have to setup port (51830) forwarding?