First off… if this post is in the wrong forum, let me know. I’m not a complete novice on networking, but by no means an expert either.
I currently have an older Comcast modem/4 port router that I’m looking to replace and with all the different devices today that are connected through TCP/IP (wired or wireless), I wanted to segregrate portions of the home lan by adding a router after the Comcast modem. Currently my SmartThings Wifi hub (first version) is working fine in bridge mode, etc.
I recently purchased a TP-Link Safestream Multi WAN VPN Router (TL-R600VPN) and attempted to move the SmartThings Wifi hub connection to the Router LAN and then have Comcast on the Wan connection. All the other devices work fine, except SmartThings. It seems to connect to the router correctly. I’ve tried fixed IPs, port forwarding ( ports 11111, 9443, 443, 39500, and 37), etc. And it can’t seem to connect to the internet.
I’m convinced this is a firewall issue. Looking at the router logs, when the SmartThings hub is connected, there are warnings that the router is detecting “Ping of Death” attacks and blocking packets. As soon as the hub is removed, then the warnings are no longer logged as new events.
Looking at the firewall setup in the router, it looks like the image at the link below. The attack type is listed, but you can’t “uncheck” or turn it off. I’ve also made sure the router is on the latest firmware too.
The second ethernet port for “out” doesn’t seem to do anything on these hubs for connecting either. I’ve put a switch, a computer, etc. on the 2nd port and there’s no connection.
Ideally, I want to go from the Modem to the Router and have SmartThings in bridge mode with the router for the mesh WiFi.
Has anyone gotten the SmartThings hub to work with this router?
Any ideas for how to configure things to get this working?
What is the second “out” ethernet port supposed to allow - I was under the impression is for a LAN connection (documentation doesn’t really cover this well)?
For connections to the “in” port, it starts with blinking green. Eventually it will transition to blinking red. I did do a factory reset. Was able to get to the provisioning process (blinking green/red and as soon as the hub was “connected” in the ST app, it started blinking red again.
If I move the ethernet cable from the TPLinks Router back to the Comcast Modem/Router it connects with 10 seconds or so (solid green).
Do you have a Comcast modem or a modem/router. You refer to it as a modem in one place but a modem/router in another. If you have a combination modem/router, it is in the bridge mode? You can’t have a router connected to a router.
Better way to describe is Internet Gateway without much intelligence. It can handle basic DHCP and WiFi for 2.4 Ghz and 5 Ghz. But that is turned off. Keep in mind every other device that is connected through the new router to the Comcast device can connect with no issue (TVs, computers, Hue Bridge, etc.).
And router to router… that works as long as it’s configured and how you get subnets that are isolated from the main network. So if we have network 1 and network 2. Network 1 is the connection to the internet, has its own DNS, gateway to the WAN, etc. Then network 2 has a router on network 1 with it’s own address (DHCP or fixed), then it would need a separate DNS, gateway to network 1 etc. Devices on network 1 would not be able to see devices on Network 2 unless it’s part of the DMZ, ports are forwarded, etc. In bridge mode, the router has all devices on Network 1 and Network 2 visible to each other.
VLANs virtualize this. In the past it actually took hardware and lots of cables to setup.
I’m more concerned about how to configure the TP-Link Router (TL-R600VPN) to allow the packets to get to the Comcast device. Currently, I believe the router firewall functionality is blocking the packets, so the hub can’t fully connect.
If I’m missing something, let me know. Just stating how I understand things.
I think that you are correct that this is a firewall issue. That is because you are double NATed. Some things will function just fine in this environment and others won’t. I don’t know the specifics of how a ST device communicates, but I do know that devices that rely upon port openings and ssl/tls will have problems with a double NAT.
I’ll bet the packets are getting out of the TP Link just fine and getting dropped by the Comcast Gateway.
That’s my suspicion with the logging of “Ping by Death” with the ST hub connected to the TPLink router. When I looked that up, it was abnormal packet sizes. I’m hoping for insight into how to configure things to let the packets through.
Unfortunately, the TPLink has this as an option you can’t turn off in the GUI and quite frustrating to troubleshoot.
Look for documentation on configuring your Comcast gateway in Bridge mode… It effectively disables the router on the gateway and drops your TP link exposed to the raw internet and gets rid of the double NAT… If you do this, do NOT connect anything but a router to the gateway’s LAN ports or builtin WiFi of it has any.
Yeah - double NATs are the devil. They LOOK like they’re working just fine and then POOF something just doesn’t for no apparent reason and they’re a holy terror to troubleshoot. Unless you’re a network engineer, avoid them like the plague - and if you are a network engineer, you know, to avoid them like the plague without very specific reason.
Personally, in my home I’ve drawn everything down to two perimeter routers (one for guests and one for everything else) behind my ISP’s modem in bridge mode. Everything just works and guests don’t see stuff they shouldn’t.
I have the Comcast Modem officially in bridge mode now. I was still having the same behavior with the ST hub. I’ve copied the entry from the log below.
Firewall-WARNING-Detected Ping of Death attack. Dropped 4 packets.
After the last bit of tinkering with the configurations, I’d factory reset the TP-Link router just before putting the Comcast modem in bridge mode. I went back into the firewall settings and was able to turn off the “Ping of Death” check. Then I started getting “Large Ping” blocks and had to turn that off as well.
I power cycled the SmartThings Hub and it connected.
Does anyone know why it would trigger “Ping of Death” or “Large Ping” attack detection in a router?
I can’t say why you’re getting them, but I think your router is telling you those are coming from the Internet. Both of those are essentially the same warning. The Ping of Death is a denial of service attack, done by sending oversize packets, trying to crash the router. I don’t know if anything you have going on (to include ST) requires your router to respond to a ping, but you might just be able to tell your router not to respond.
