Hi all, I asked a similar question before so apologies for the overlap Based on recommendations...

[G+_Volkan Paksoy]

Hi all,

I asked a similar question before so apologies for the overlap. Based on recommendations I purchased an EdgeRouter X and Synology RT2600AC. My goal is to connect modem into EdgeRouter X eth0 and create 2 LANs in ER-X. Then connect Synology to one of the LAN ports and make it act as the router of the secure network and connect another old router to the second LAN port to make it the router of the untrusted network. Has anyone used a similar setup and make it work? Because it doesn't work for me at the moment.

 

I can connect Synology directly to modem and it works fine but when ER-X gets involved I cannot connect to Internet. It's hard to answer without more details probably but I'd appreciate if you have any tips to share if you had similar issues.

 

Thanks.

 

 

[G+_Jeff Gros]

I have an ER-X which I used to create the "3 dumb router" setup, but I did not use vlans. I would rather create the separation using hardware versus software. Perhaps I'm a bit paranoid, but I think the recent AT&T exploits that completely bypass the firewall are a good justification against relying on software.

 

You should be able to easily configure the vlan setup using the wizard. If you need some guided tutorials, check out willie howe on YouTube. He is very comfortable with the Ubiquity products.

 

If you cannot get internet, I would be more suspicious of not having DNS setup. You can try doing some pings to see if packets get through. If they do, but you cannot go to msn.com, then you have a DNS issue.

 

BTW, make sure that you update the bootloader for the Edge router X, as there is a vulnerability!

 

community.ubnt.com - EdgeMAX EdgeRouter X/X-SFP bootloader update

[G+_Volkan Paksoy]

Excellent. Thank you. I'll look into it and will post to this thread.

[G+_Jeff Gros]

Sorry, I misread your question. I thought you were using vlans.

 

I think I'm using WAN+2LAN, and I think this would be what you want as well. I cannot tell because it won't let me into the wizard without resetting to factory defaults!

 

There's a arrow at the bottom of the dashboard with tabs "alert" and "system". If you select the system tab and click the arrow, you can see the system settings. Name Server is listed here, which is probably what you are missing.

[G+_John Sullivan]

I'm using this computer connected to an Edge router, which in turn is connected to the modem/router combo provided by ATT Uverse. As you can see, it is working well.

 

The ATT router provides my "untrusted network", including wifi to an Amazon Fire tablet. The Edge router provides the Trusted network for this computer.

 

If your modem is truly just a modem (has only one output jack with which to connect a computer), I would use the old router that you mentioned as just a switch, giving you multiple places to plug the other routers into. Just go into the setup menus for the old router and disable DHCP and NAT.

 

Now you can plug your Edge or Synology (or both) into the switch and created separate Trusted networks. Question: will you be using wifi in your network, and if so, where?

[G+_Volkan Paksoy]

Thanks John Sullivan. My modem used to be a modem/router given by the ISP but it has a modem mode. Currently it's running in modem mode and I connected Synology WAN port to modem and it's working fine. It also has WiFi enabled. I need it because my laptops are in the other room and I don't have ethernet there. Also I don't have ethernet in the Macbook so regardless of its location I'm going to need WiFi.

 

My problem so far seems to be I cannot get Synology connect to the Internet when it's behind ER-X. If I enable DHCP in ER-X then in the internet connection I see a local IP in Synology dashboard. If I disable it I get nothing.

 

Anyway, thanks for the suggestions. Due to its disruptive nature of the problem I cannot work on it constantly as I need Internet connection for work but hopefully I will get it working and will post here after I've done it.

[G+_John Sullivan]

It's not enough just to enable DHCP in the ER-X router, you also have to tell whatever you connect to it where to get DNS resolution.

 

When the Synology is connected to your modem, it probably gets DNS from your ISP (through a setting in the modem). Once you put it behind the ER-X it is still looking to the modem for DNS, but can't see it. You need to tell the ER-X to get DNS from the modem, and the Synology to get DNS from the ER-X

 

As example, in my setup I went into the ERX setup menus and clicked "Services" then "DNS". I changed "interface" to switch0 and it worked.

[G+_Jason Marsh]

Here's an idea for you...

If the ERX and Synology router are both issuing addresses using the same net you'll have such a problem. The downstream device won't be able to reach out to the internet through the upstream device.

 

Scrap the VLANs, perhaps do a factory reset on both, then configure each for different nets. You'll need DHCP running on all three routers, or statically assign IP addresses to all your devices. On my setup, I use 10.10.10.x for the core, 10.12.12.x for the trusted net, and 10.11.13.x for the untrusted net. I'm using a powercolor centurylink combo as core, a TP-link archer c7 for trusted, and an old netgear router for my untrusted net. Works a treat, although latency can stack up and slow certain things down. Good thing I'm not a gamer or running 4k streams.

[G+_John Sullivan]

When you say "it also has Wifi enabled", I'm not sure if you're referring to the modem or the Synology.

 

If you are using the Synology to provide wifi, that should be good enough. I know the talk is about "3 dumb routers", but with your Synology hooked to the modem, and all your computers being fed from it (either wired or wirelessly) that should be enough protection. You might take the additional step of renaming your Synology as it appears on your modem's network. Name it something innocent sounding, like fitbit or Zune, and most hackers will probably ignore it.

[G+_Volkan Paksoy]

Hey guys, thanks again for all your help. It's working now. I think my main problem was ER-X wasn't getting WAN IP from the modem. I found in a forum a suggestion to reset the modem and wait a few minutes which resolved the issue. Synology was throwing me off because it didn't require a reset so I thought the problem was somewhere else. Also I was using the same subnet for LAN and WAN segments. I separated them and Internet connection from devices work too. Now ER-X is my core router and behind it Synology is trusted router and an old WRT54G is untrusted. Feels good to get it sorted finally :-)