User profile for user: Fallen_Angel_USA
Fallen_Angel_USA Author
User level: Level 1
8 points

Can I add a static route to my Time Capsule?

I have Verizon Fios internet connection utilizing the Verizon Actiontec MI424WR router, IP address 192.168.1.1 255.255.255.0 which serves the network (DHCP & NAT), for the multimedia devices, (Set top boxes etc.). In order to access the devices/services externally, the Actiontec router needs to be the primary router.


I also have a TimeCapsule, with a static external IP Address 192.168.1.2 which is configured in the DMZ of the Actiontec router, internal IP address 10.0.1.1 255.255.255.0 configured as DHCP server and double NAT. This router serves a wired/wireless network for all iMacs, iPads, iPhones, with a Mac Mini server for DNS and VPN server, (plus other macOS Server services).


Everything works perfectly,


Now I want to add Plex Server to the Mac mini, and access the the media devices/services across the two networks. I have configured static routes, (and Firewall Advanced Filtering), in the Actiontec router, and I can ping the 192.168.1.* devices from the 10.0.1.* network, but NOT the 10.0.1.* devices from the 192.168.1.* network.


How do I add the corresponding static route to the Time Capsule?

null-OTHER, TC Firmware version 7.7.8

Posted on Sep 27, 2017 10:47 AM

Reply
Question marked as Top-ranking reply
User profile for user: Bob Timmons
Bob Timmons
User level: Level 10
185,582 points

Posted on Sep 28, 2017 2:23 PM

Unfortunately, none that will work.


The very basic AirPort router just does not have the features and capability that you need to do what you want.


If you have to use the AirPort, about the only thing that might work is run the Actiontec without the DMZ and run the AirPort in simple Bridge Mode. The AirPort won't be handling any kind of the DHCP at all in this setup....it will simply function as an access point. The Actiontec will be in charge of everything, and everything will be on the same network.

View in context
9 replies
Question marked as Top-ranking reply
User profile for user: Bob Timmons
Bob Timmons
User level: Level 10
185,582 points

Sep 28, 2017 2:23 PM in response to Fallen_Angel_USA

Unfortunately, none that will work.


The very basic AirPort router just does not have the features and capability that you need to do what you want.


If you have to use the AirPort, about the only thing that might work is run the Actiontec without the DMZ and run the AirPort in simple Bridge Mode. The AirPort won't be handling any kind of the DHCP at all in this setup....it will simply function as an access point. The Actiontec will be in charge of everything, and everything will be on the same network.

Reply
User profile for user: LaPastenague
LaPastenague
User level: Level 9
67,262 points

Sep 27, 2017 1:29 PM in response to Fallen_Angel_USA

I can ping the 192.168.1.* devices from the 10.0.1.* network, but NOT the 10.0.1.* devices from the 192.168.1.* network.

That is because of the NAT router.. it is much harder to go backwards through the NAT.. i.e. WAN to LAN, than LAN to WAN. That is where port forwarding comes in.. you do not directly address an IP behind a NAT router.. that is hidden from you.. you address the WAN IP and use ports to access the server. But this is still messy.


Why are you doing it this way?


If you need to use the TC as a router there is a better method.

Use the TC as standard router not NAT.


I have written up how to do this lots of times.

eg No DNS error, Airport roaming network


This has a huge advantage as compared to double NAT.. you are working on a flat network.. without second range.. and you can simply access devices behind the TC from devices on the main router.. at the same time the TC acts as DHCP server to the network that is connected to it.

Reply
User profile for user: Fallen_Angel_USA
Fallen_Angel_USA Author
User level: Level 1
8 points

Sep 28, 2017 6:58 AM in response to LaPastenague

LaPastenague & Bob,


Thank you for your responses.


Come to think of it, there are no technical reasons for the 2 different subnets, (other than keeping the potentially "high volume" media traffic away from the "personal browsing" traffic), it really just evolved that way over time!


I'd like to make sure I fully understand your proposal:


1. Leave the Actiontec router in place (192.168.1.1), but restrict the DHCP range (e.g. 192.168.1.3-150)

a) Keep the DMZ for 192.168.1.2

b) This would leave all the Verizon devices in the segment up to 192.168.1.150


2. Change the TC to DHCP only, and for IP range 192.168.152-254

a) Leave External IP address 192.168.1.2 (in Actiontec DMZ, as now)

b) Change Internal IP address to 192.168.1.151

c) Leave Router IP address 192.168.1.1

d) Reset the DNS server IP address in the TC subnet devices

e) Reset the VPN IP address range


3. Power everything down, and reboot.


This would effectively create 2 "virtual" subnets, within the same subnet. This keeps the Verizon router as the primary router, and therefore maintains external access to all the Verizon services. It also maintains the external facing TC services, e.g. VPN etc...


hmmm, I like the way you guys think!!


Let me test it and get back to you.

Reply
User profile for user: LaPastenague
LaPastenague
User level: Level 9
67,262 points

Sep 28, 2017 2:20 PM in response to Fallen_Angel_USA

In this case the TC is not a NAT router.. so there is no need to do VPN port settings.


The only router in the network is the Actiontec so any port settings are handled by that.. however your DMZ will override the ports.. so it is now time to setup the system properly.


For the TC it should be fine as is..


For the Actiontec remove the DMZ.. there is no need for it.. and setup the vpn properly to the target IP even if it is behind the TC.. it should work fine because the TC is not routing.. !!


If it all fails then I would go back to bridged TC.. vpn are difficult enough to handle without added issues here.

Reply
User profile for user: Bob Timmons
Bob Timmons
User level: Level 10
185,582 points

Sep 28, 2017 7:28 AM in response to Fallen_Angel_USA

My suggestion would be....If you still want to set up a DMZ on the Actiontec router, have it provide an IP address of 192.168.1.151 to the TC.

Setup the TC to connect using a Static IP address of 192.168.1.151

Use the same DNS info that the Actiontec uses.

Subnet 255.255.255.0

Router Address would be the same as the Actiontec at 192.168.1.1.

Set up the TC using DHCP Only to provide IP addresses in the 192.168.1.152 to 192.168.1.200 range (or higher if you need more IP addresses)


You don't really need to set up a DMZ at all on the Actiontec....IF....it can be configured to provide a Static IP address of 192.168.1.151 to the TC.


LaPastenague is the real expert on the DHCP Only setup, so for his suggestions.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Can I add a static route to my Time Capsule?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up