Disabling NAT on ASUS RT-AC87U

[hayedid]

Hi. I am having some trouble disabling NAT on my ASUS RT-AC87U. My configuration is:

Modem (*.*.0.1) --> Sophos Home Firewall (*.*..3.1) (running on an 3.4Ghz i5 dual core) --> ASUS RT-AC87U (*.*..2.1) --> Home Network (*.*..2.*).

The reason I want to disable NAT on the ASUS is because right now the Firewall rules cannot be setup correctly on the Sophos due to it thinking that all the traffic coming from the ASUS router.

However, I want to keep as much other functionality up and running on the ASUS router as possible. I tried disabling NAT on the router and everything quit communicating. I suspect this had to do with my subnet mask. Do I need to use a subnet mask of 255.255.252.0 (to include *.*.0.1 through *.*.3.254) throughout my network or am I doing something else wrong?

Thank you.

 

[L&LD]

Found this in 0.0001 second search:

1. Set the Firewall to be your default gateway (192.168.1.1)

2. setup DHCP with a limit of 45 - 50 IP's depending on if you will have devices not using DHCP.

3. Disable DHCP on your wireless router

4. Connect the LAN port of the firewall to one of the LAN ports of your router.

5. Change the router's IP so that is no longer the default gateway (192.168.1.2)

6. Connect your internet to the WAN port on your firewall pc.

... profit (or setup a rule that turns off your kids devices internet at 11pm).

From http://community.spiceworks.com/topic/444812-sophos-utm-home-edition

By the poster 'ryancarter3'.

 

[hayedid]

Thank you (except for the sarcasm about good searching). In all honesty, I did plenty of searching myself. I just likely wasn't searching for the right thing as I was trying to keep the ASUS router up as a transparent (non NAT) gateway so that I would not lose the virus scanning capability of the RT-87U. I do appreciate the response though!

 

[L&LD]

What sarcasm? Your response is the reason most would have simply told you to search yourself.


Talk about ungrateful...

 

[hayedid]

LOL. I said thank you and appreciated the info. I just didn't appreciate the comment '.... I found it in xxx seconds.'. If you don't consider that sarcasm, then you should read your comment again.

I had been looking up the wrong info because I had been trying to do something a bit different so I was getting bad search results.

So again, thanks for the input.

 

[hayedid]

For anyone else needing to do this, I felt like I stripped my ASUS router of it's features. One thing, in particular, that I liked about the ASUS router (and especially Merlin) is the ability to load a custom HOSTS file.

In this mode, you can still use the router as a DNS server. I just used the ASUS router as my primary DNS and the Sophos firewall as my secondary DNS and I had my custom hosts file back on all devices. Additionally, attached USB devices are still available.

Unfortunately, via this method, you lose the ability for the TrendNet virus / malware scanning that is built into the RT-AC87U. If anyone knows how to keep this working, please post. The Sophos does have virus scanning, but since my network speed is generally sufficient, I wouldn't mind having the second scan done by the ASUS Router.

Good luck!

*EDIT*... my attempt to use the ASUS router as my primary DNS didn't work. I'm not sure why yet. I'll do some more research and post the results if I figure it out.

 

[coldwizard]

You are asking for router to router configuration to have separate networks.

I tried disabling NAT on the router and everything quit communicating.

Did you tell the Sophos Home Firewall that the network (*.*.2.*) was behind the ASUS RT-AC87U? It would be something like defining a route in the configuration of Sophos pointing at the Asus on its (*.*.3.*) address .

Also Sophos may need to be told to NAT the network (*.*.2.*). Asus by default NATs everything so you may not need a change.

 

[jerry6]

Found this in 0.0001 second search:






From http://community.spiceworks.com/topic/444812-sophos-utm-home-edition

By the poster 'ryancarter3'.

Your right , just use search 95% of the time you'll find an answer . Guess this forum should be reserved for the 5% of questions that have not been answered or asked yet .
I thought this forum was open to all questions from all , if you feel he should have used search just ignore the post and let someone not bothered by the question and or lack of search skills to answer , cause there sure was sarcasm in your post .

 

[ChikkSpot]

Found this in 0.0001 second search:

0.0001 second is 0.1ms.

now, even pinging my own ISP is like more more than 10ms.

so i'm not too sure how you managed to do the whole thing (load up google, type in the search phrase, get the results) in 0.1ms.

 

[hayedid]

Thanks ColdWizard. I will give that a try. I had not done that as I wasn't sure the proper fix was do setup some kind of a route or to specify via my network mask that my network included *.*.0.* through *.*.3.*

 

[DaveMishSr]

Your right , just use search 95% of the time you'll find an answer . Guess this forum should be reserved for the 5% of questions that have not been answered or asked yet .
I thought this forum was open to all questions from all , if you feel he should have used search just ignore the post and let someone not bothered by the question and or lack of search skills to answer , cause there sure was sarcasm in your post .

See that's funny because I didn't think he was being sarcastic at all. Just goes to show how posts can be construed in completely different manners by separate individuals.

 

[jgarrigan]

Hi. I am having some trouble disabling NAT on my ASUS RT-AC87U. My configuration is:

Modem (*.*.0.1) --> Sophos Home Firewall (*.*..3.1) (running on an 3.4Ghz i5 dual core) --> ASUS RT-AC87U (*.*..2.1) --> Home Network (*.*..2.*).

The reason I want to disable NAT on the ASUS is because right now the Firewall rules cannot be setup correctly on the Sophos due to it thinking that all the traffic coming from the ASUS router.

However, I want to keep as much other functionality up and running on the ASUS router as possible. I tried disabling NAT on the router and everything quit communicating. I suspect this had to do with my subnet mask. Do I need to use a subnet mask of 255.255.252.0 (to include *.*.0.1 through *.*.3.254) throughout my network or am I doing something else wrong?

Thank you.

Feedback -- RT-AC87U, /tmp/nat_rules_vlan2_vlan2, Goal: Convert to a pure router for an IT Lab | SmallNetBuilder Forums (snbforums.com)
I resolved my problem. I set LAN - Switch Control - "NAT Acceleration" to "Disabled".