I have 2 home hubs , one I want to sit connected to my broadband with no Wi-Fi enabled, that’s all good. I want to put a dedicated firewall then inline between the front hub and the other one which I want to do Wi-Fi only, so I can inspect all the Wi-Fi traffic in more detail, but I can’t work out a way to route all the traffic from the Wi-Fi network up to my dedicated firewall them to the internet, can’t see any traffic on my interface on the firewall connected to the Wi-Fi router.
is it possible to add any static routing on these home hubs and or do I need a non bt home hub to do the Wi-Fi so I can setup up its own routing ?
any feedback appreciated please by members and bt staff
Solved! Go to Solution.
No idea what you are trying to do and why.
How are you connecting the hubs together, how are you implementing the firewall?
You can't configure static routes on a home hub
Which version of home hubs are you using? Most HH only route between the Wan port and the Ethernet/WiFi side - this might mean that the one you are suggesting for the WiFi will do no routing. Given that you also want to put a Firewall between the 2 hubs, it would make sense that the WiFi hub only acts as a AP and avoids doing any routing anyway. Most Firewalls I have dealt with whereby all the traffic for the Internet passes through acted as routers also which would again suggest that the WiFi Hub should not do any routing. I would expect that the WiFi hub acts as the DHCP server, but in a different ip range to that normally used, so that the hub attached to the Internet can be left to the default ip addresses (this should make problem solving easier if you ever have to). The Firewall would need to have fixed ip addresses one in the range for the Hub connected to the Internet and one in the range connected to the Wifi Hub.
Static routes should not be needed (this may be dependant on your firewall), but the WiFI router would need to issue the Firewall ip address as the Gateway.
It would probably be helpful if you could tell us the Firewall that you have in mind as that may change some details.
hi, I’m using smart hub 2 for both the one acting as the broadband connection and other doing Wi-Fi with dhcp using different ip range, I’m using a checkpoint firewall in between and very comfortable setting these up , but as I mentioned the Wi-Fi ap hub is connected to the fw using same layer3 interface/port and can see some tcp traffic for the router but only control connections, no traffic from the router outbound if that’s makes sense, I sort of guessed could not do this, as it would point all traffic outbound towards the broadband wan port , have tried connecting up the wan port and also one of the gig ports with no luck
appreciate the feedback
You need to connect a LAN port from the primary hub to your firewall and then from your firewall to the WAN port of the second router.
LAN port 4 is configurable as a WAN port by setting FTTP mode to On in advanced settings.
Unless you configure port 4 as a WAN, the second device will expect the DSL port to be the WAN
Thinking about this further, I'm not sure you will be able to connect the second hub LAN to WAN as the WAN port isn't configurable and will be expecting to connect via PPPoE rather than DHCP or a static address.
There should be no need to have the WiFi Access Point hub setup as a router - all you need is it as a switch and AP, and probably a DHCP server. Whatever you use as a DHCP server should give the IP address of the firewall as the gateway .
Any ip packets destined for the Internet will then be directed to the client to the gateway (Firewall) which after checking them forwards them to the router/hub for onward forwarding to the internet ip address. Any packets returned should then be forwarded by the Hub/Router to the Firewall for checking and then passed onto your Ethernet switch/Wifi AP Hub for forwarding to the original client.
The ip addresses used for the Hub/router and "external" ip addresss of the Firewall will have to be in a seperate range to the main internal network which will include the "Internal" ip address for the Firewall.
I am assuming the Firewall has 2 Ethernet ports (possibly more eg. for DMZ) and is not a WAN device.
Thanks all, changing that had sorted my issues
now have as dedicated firewall in front off my dhcp scope for Wi-Fi and or lan/lab which lets me put higher levels of inspection or control over my home network, thanks for help
was thinking needed ap,s to sort but tbh the bt smart Wi-Fi does a good job so now I can manage what’s happening bit better