I need help with the following problem:
I have an Actiontec MI424WR rev I router and a FIOS connection. The router shows the following: Firmware is 40.20.7; Model Name is MI424WR-GEN3I; Hardware Version I; Serial Number is SSXI3114904186; Router has been active for 335+ hours.
The LAN behind the Actiontec router is used as a backbone subnet in my residence. Attached to the backbone net are two routers (A and B) each of which has two interior subnets behind them (call them A1, A2, B1, and B2).
The Actiontec has 4 static routes configured for A1, A2, B1, and B2. Routers A and B do not perform NAT (i.e. they are router/firewalls only). The Routers A and B do not have any static routes set up, but both have default routes set to the Actiontec (in fact they are DHCP clients of the Actiontec).
A system on the backbone is able to run a web browser and connect to a web site on the Internet. So, it appears that I have connectivity, operational DNS (Actiontec as a DNS server) and that NAT is functioning on the Actiontec.
A system on subnet A1 is able to connect to a server on on subnet B1 – traceroute shows A1, then Actiontec, then B1 in the path between the client on A1 and the server on B1. A system on A1 and another system on B1 are each able to use a web browser to connect to the Actiontec admin function. So, it looks like routing is working behind the Actiontec.
Now comes my problem. When I try to connect from a client on an interior subnet –say A1 – to a web server on the internet (yes I used the same one that the client from the backbone was able to connect to) I am unable to do so. A packet sniffer on the LAN of the Actiontec shows outbound traffic to the Internet web server with what appears to be proper/expected headers. However the sniffer never shows any return traffic.
As a follow on test, I connected to a system at another site and set up to watch its incoming packets. I then connected via ssh from a system on the backbone (Actiontec LAN) to the other site. I saw the packets arrive at the other site and the replies go back out. The connection was successful. I logged in to router A via ssh and used its ssh client to log in to a system at the same remote site. It works also. Further confirmation that traffic between the internal routers and the internet is routed correctly.
I then connected via ssh from the system on subnet A1 to the other site and saw the packets come in and the replies go out. I also saw the packets leave router A, but never saw them come back from by way of the Actiontec.
Is this a known problem with Actiontec (NAT from the WAN to static routes on its LAN)? I also tried an internal subnet behind a router on the backbone with NAT applied to the traffic from the internal subnet – this allows functional connections to servers on the internet. Unfortunately, NAT on my internal routers causes me lots of problems, so I don’t want to go there.
Solved! Go to Solution.
I found a solution to my issue - not necessarily an elegant one, but it works never the less. Search the forums for an article titled "Advanced In Home Routing Issue" and read the whole thread - the last reply as of today has a workable solution.
The problem is in the Actiontec handling of NAPT routing mode and static routes to internal subnets.
This was a weird one!