First, the main bug is port forwarding doesn't work. I'm trying to get my Google Home devices (also from Costco, and also a good price!) to connect to my stereo system. It took a couple of days, but now it's working flawlessly. I had to remove the Google Wifi as the main router since port forwarding simply doesn't work. I wanted 4 ports forwarded:
- one for my speaker controller, which turns on or off various speakers around the house.
- another for my ddns client, running on an ethernet connected box.
- one for a simple python server to intercept IFTTT requests to my amplifier to adjust volume, switch inputs, etc.
- and one for a nodejs server also intercepting IFTTT requests to pass to my Kodi box.
The port forwarding rules on the Google Wifi puck work, then they don't, then they work, then they don't. Totally unreliable. I've read lots and lots of complaints about this.
So I removed the Google Wifi as the main router after my DSL modem (Century Link C1000A, I've mentioned it elsewhere) and replaced it with a TP-Link Archer C7 running DD-WRT. Port forwarding is straightforward, always works, no problems.
Next, the crazy shit.
Google Wifi insists on being on a separate network. It insists on being the gateway for all wifi devices that connect, there is no way to set this stuff on the same network as the rest of the ethernet network in my house. What this means is none of my wifi connected devices can see any of the ethernet connected devices unless I plug them all into the Google Wifi devices. I can't do that, because then the port forwarding fails.
It's pretty straightforward to setup a static route on my C7 so traffic my ethernet network (192.168.2.0) can see the wifi devices (192.168.86.x). It is impossible to set a route the other way, so I can't control my Kodi box from my phone anymore, nor my speaker controller, nor my amplifier. My Firesticks can't find my network attached storage, so they can't play my music or movies. This is basic networking stuff, but Google chose to skip it to make it easy for... well, I don't know who. If your entire network is on wifi, then you're good. If you want to print from your wifi connected laptop to your ethernet connected printer, you're screwed.
Here's Googles best answer: https://support.google.com/wifi/answer/7215624#3rd-party-router. The problem here is I'd have to run separate wires to each Google Wifi puck, it can't just use my existing ethernet, because, well, fuck it, it's just that way.
Setting this up was pretty straightforward, but not all of it is obvious. I followed instructions that I found here:
http://www.patrikdufresne.com/en/multiple-subnets-routing-with-dd-wrt/
(Many thanks to Patrik Dufresne for these instructions!) Since links sometimes disappear from the internet, I'm putting the details here.
Here's a picture of what I'm going for:
internet <-----> Archer C7 <----------> WRT-54G <---------> Google Wifi
WAN: PPPoE WAN: 192.168.2.2 WAN: 192.168.4.2
LAN: 192.168.2.1 LAN: 192.168.4.1 LAN: 192.168.86.1
Rest of ethernet network
Archer C7 is main gateway router. It's in gateway mode (Setup - Advanced Routing - Operating Mode = Gateway). The LAN network is 192.168.2.0, LAN IP is 192.168.2.1.
Linksys WRT-45G is in router mode (Setup - Advanced Routing - Operating Mode = Router). The WAN IP is 192.168.2.2, the LAN network is 192.168.4.0, so I set the LAN IP to 192.168.4.1
The Google Wifi pucks are on the 192.168.86.0 network, the WAN IP is 192.168.4.2.
Configure the Archer C7:
It's already properly configured for both the WAN and LAN sides, but it needs a route to the Linksys. Go to Setup - Advanced Routing and add a static route with this info:
Destination LAN NET: 192.168.4.0
Subnet Mask: 255.255.255.0
Gateway: 192.168.2.2
Interface: ANY
I don't know what "Metric" does, I left it at 0.
Add a firewall rule so the 192.168.4.0 subnet can access the internet. Go to Administration - Commands, paste in this command
Click "Run Commands", wait for it to finish, then click "Save Firewall" so this setting persists after reboot.
I turned off the wifi also, there is a button on the back of the Archer C7, plus I disabled the wifi in Wireless - Basic Settings, Wireless Network Mode = Disabled.
Configure the Linksys WRT-45G:
Go to Setup - Basic Setup
In the WAN Setup area:
Connection Type: Static IP
WAN IP Address: 192.168.2.2
Subnet Mask: 255.255.255.0
Gateway: 192.168.2.1
Static DNS 1: 8.8.8.8
Static DNS 2: 4.2.2.1
In the Network Setup area:
Local IP Address: 192.168.4.1
Subnet Mask: 255.255.255.0
Gateway: 192.168.4.1
Disable DHCP
Go to Setup - Advanced Routing
Set Operating Mode = Router
Add 2 static routes, one to route wifi traffic to the ethernet network and one to go the other way:
Route Name: wifi to ethernet
Destination LAN NET: 192.168.2.0
Subnet Mask: 255.255.255.0
Gateway: 192.168.2.1
Interface: LAN & WAN
Route Name: ethernet to wifi
Destination LAN NET: 192.168.86.0
Subnet Mask: 255.255.255.0
Gateway: 192.168.4.2
Interface: LAN & WAN
Go to Administration - Commands, paste in this command:
iptables -I FORWARD -j ACCEPT
Click "Run Commands", wait for it to finish, then click "Save Firewall" so this setting persists after reboot.
I also disabled wireless since the Google pucks will handle that.
Configure the Google Wifi:
On the main wifi puck, disconnect the ethernet cable.
Open the Google Wifi app on your phone.
Go to the third tab, then Network & General, Advanced Networking, then WAN.
Under WAN Settings, select Static, then fill in:
IP address: 192.168.4.2
Subnet mask: 255.255.255.0
Default gateway: 192.168.4.1 (this is the IP address of the Linksys)
Save.
If you get the "You cannot edit these settings" message, follow the "Show me how" instructions to do the above.
Wiring:
Connect an ethernet cable from the WAN port on the Linksys to any open LAN port on the Archer C7.
Connect the ethernet cable from the main Google Wifi puck to any open LAN port on the Linksys.
Hopefully, everything works.
Subnet Mask: 255.255.255.0
Gateway: 192.168.2.2
Interface: ANY
I don't know what "Metric" does, I left it at 0.
Add a firewall rule so the 192.168.4.0 subnet can access the internet. Go to Administration - Commands, paste in this command
:iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr`Click "Run Commands", wait for it to finish, then click "Save Firewall" so this setting persists after reboot.
I turned off the wifi also, there is a button on the back of the Archer C7, plus I disabled the wifi in Wireless - Basic Settings, Wireless Network Mode = Disabled.
Configure the Linksys WRT-45G:
Go to Setup - Basic Setup
In the WAN Setup area:
Connection Type: Static IP
WAN IP Address: 192.168.2.2
Subnet Mask: 255.255.255.0
Gateway: 192.168.2.1
Static DNS 1: 8.8.8.8
Static DNS 2: 4.2.2.1
In the Network Setup area:
Local IP Address: 192.168.4.1
Subnet Mask: 255.255.255.0
Gateway: 192.168.4.1
Disable DHCP
Go to Setup - Advanced Routing
Set Operating Mode = Router
Add 2 static routes, one to route wifi traffic to the ethernet network and one to go the other way:
Route Name: wifi to ethernet
Destination LAN NET: 192.168.2.0
Subnet Mask: 255.255.255.0
Gateway: 192.168.2.1
Interface: LAN & WAN
Route Name: ethernet to wifi
Destination LAN NET: 192.168.86.0
Subnet Mask: 255.255.255.0
Gateway: 192.168.4.2
Interface: LAN & WAN
iptables -I FORWARD -j ACCEPT
Click "Run Commands", wait for it to finish, then click "Save Firewall" so this setting persists after reboot.
I also disabled wireless since the Google pucks will handle that.
Configure the Google Wifi:
On the main wifi puck, disconnect the ethernet cable.
Open the Google Wifi app on your phone.
Go to the third tab, then Network & General, Advanced Networking, then WAN.
Under WAN Settings, select Static, then fill in:
IP address: 192.168.4.2
Subnet mask: 255.255.255.0
Default gateway: 192.168.4.1 (this is the IP address of the Linksys)
Save.
If you get the "You cannot edit these settings" message, follow the "Show me how" instructions to do the above.
Wiring:
Connect an ethernet cable from the WAN port on the Linksys to any open LAN port on the Archer C7.
Connect the ethernet cable from the main Google Wifi puck to any open LAN port on the Linksys.
Hopefully, everything works.
No comments:
Post a Comment