TP Link TD-W9970 with seperate physical firewall

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

TP Link TD-W9970 with seperate physical firewall

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
TP Link TD-W9970 with seperate physical firewall
TP Link TD-W9970 with seperate physical firewall
2020-09-08 20:49:22 - last edited 2020-09-13 14:12:59
Model: TD-W9970  
Hardware Version: V3
Firmware Version: 1.0.0 0.9.1 v009f.0 Build 190419 Rel.34272n

Hello All,

I have a Mikrotik firewall in my network now and have all traffic routing through it just fine.

 

Unfortunately the NAT rules do not seem to be reaching it.

 

Network Topology

ISP>TD-W9970>Mikrotik

 

From what I can see even though I have the DMZ set to the IP of the firewall (10.x.x.2) and DHCP is also relayed to this IP the NAT rules still appear to be controlled by the TP-Link.

 

I thought about trying to forward let say port 80 to the firewalls ip to then get redirected from there however did not work.

 

Any help would be appreciated

  0      
  0      
#1
Options
1 Accepted Solution
Re:TP Link TD-W9970 with seperate physical firewall-Solution
2020-09-13 14:12:23 - last edited 2020-09-13 14:12:59

I have gotten this to work now.

 

Anyone interested I needed to wipe the TP-Link W9970 to factory settings and when setting up the bridge I specified the VLAN for my DSL connection.

After doing this the PPPoE connected straight away on my Mikrotik and allowed my NAT rules to work externally.

 

I then created a Hairpin NAT rule for inside my network to be able to access my port forward rules internally i.e. mailserver and webserver etc...

Recommended Solution
  0  
  0  
#6
Options
5 Reply
Re:TP Link TD-W9970 with seperate physical firewall
2020-09-09 10:08:23 - last edited 2020-09-10 06:17:54

@parracite 

Good day.

May I know the hardware and firmware version about Archer VR400

Before the reset, did both wired connections and wireless connections work fine?

On the front of the router, did the internet light it up and at the back of the VR400, which port is connected to the ISP, DSL port or LAN/WAN port?

Have you tried to  change the wireless settings, like channel and channel width on the router, such as:

https://www.tp-link.com/en/support/faq/2794/

 

Could you please also send me a picture of the advanced>status>internet page on the modem?

Thank you very much!

  0  
  0  
#2
Options
Re:TP Link TD-W9970 with seperate physical firewall
2020-09-09 18:08:36

Sunshine wrote

@parracite 

Good day.

May I know the hardware and firmware version about Archer VR400

Before the reset, did both wired connections and wireless connections work fine?

On the front of the router, did the internet light it up and at the back of the VR400, which port is connected to the ISP, DSL port or LAN/WAN port?

Have you tried to  change the wireless settings, like channel and channel width on the router, such as:

https://www.tp-link.com/en/support/faq/2794/

 

Could you please also send me a picture of the advanced>status>internet page on the modem?

Thank you very much!

@Sunshine Thank you for coming back to me, the TP Link is a TD-W9970 not Archer VR400.

 

LAN 4 on the TP-Link is connected into ether1 on my firewall.

 

Wireless is disabled as this is a wired environment only

 

I am getting internet just fine and I am getting the connection through my firewall to my endpoints and it is working. Unfortunately even when the DMZ is set on the TP link to the Mikrotik router it is keeping all NAT requests for itself rather than forwarding them.

 

 

  0  
  0  
#3
Options
Re:TP Link TD-W9970 with seperate physical firewall
2020-09-10 06:29:20

@parracite 

Sorry for the inconvenience.

I must reply to the wrong placesurprise.

When I tested on my side, once I enable the DHCP reply, there would be a pop-out notice:

Note: You must disable the NAT of the WAN connection or the DHCP Relay configurations may not take effect!

 But It seems like the NAT was enabled by default and could not be disabled on 9970 V3;

 In this way, I guess the  Mikrotik Firewall is also a NAT router and is there any possibility that using the  Mikrotik as the main router and put 9970 behind it as the access point?

(Or, if ISP required DSL connection, we could set up the 9970 as the bridge DSL modem and set up the  Mikrotik as the wireless router.)

Thank you very much!

  0  
  0  
#4
Options
Re:TP Link TD-W9970 with seperate physical firewall
2020-09-11 18:54:53

@Sunshine 

Hi There, thanks for coming back to me.

My hope is for the W9970 v3 to work as a bridge and use the Mikrotik RB3011 UiAS-RM as the main router to handle all NAT requests.

 

I set the W9970 in bridge mode however when trying to connect the DSL connection through the Mikrotik on the PPPoE login it just stays disconnected.

 

When I connect the WAN on the TP link and it acts like a modem I get a connection fine but no NAT on the Mikrotik. When in Bridge mode I cannot connect the service.

 

Im not sure if I would be better off posting this in the Mikrotik forums unless there are more settings to change over or maybe a firmware update of the W9970?

  0  
  0  
#5
Options
Re:TP Link TD-W9970 with seperate physical firewall-Solution
2020-09-13 14:12:23 - last edited 2020-09-13 14:12:59

I have gotten this to work now.

 

Anyone interested I needed to wipe the TP-Link W9970 to factory settings and when setting up the bridge I specified the VLAN for my DSL connection.

After doing this the PPPoE connected straight away on my Mikrotik and allowed my NAT rules to work externally.

 

I then created a Hairpin NAT rule for inside my network to be able to access my port forward rules internally i.e. mailserver and webserver etc...

Recommended Solution
  0  
  0  
#6
Options

Information

Helpful: 0

Views: 713

Replies: 5