tag:blogger.com,1999:blog-6461067935478170803.post3610310126274831993..comments2024-03-05T10:37:06.810-06:00Comments on | Exit | the | Fast | Lane |: Google Wifi Behind a FirewallPeterhttp://www.blogger.com/profile/07331743507096012047noreply@blogger.comBlogger15125tag:blogger.com,1999:blog-6461067935478170803.post-85031661683841840082023-06-21T14:15:35.201-05:002023-06-21T14:15:35.201-05:00niceniceTromox Bikeshttps://www.blogger.com/profile/10247270992932973544noreply@blogger.comtag:blogger.com,1999:blog-6461067935478170803.post-50439395019439356862021-12-20T13:14:45.778-06:002021-12-20T13:14:45.778-06:00I'd like to add another bit of information to ...I'd like to add another bit of information to this otherwise excellent article. Devices behind the gWifi are not pingable even after the static route is correctly set up. gWifi does not respond to ICMP pings on the WAN port and there is no option to enable it.pdxguyhttps://www.blogger.com/profile/06726351875245602565noreply@blogger.comtag:blogger.com,1999:blog-6461067935478170803.post-54437629759113052182021-11-24T11:05:48.912-06:002021-11-24T11:05:48.912-06:00Thanks and great question. To my knowledge, the on...Thanks and great question. To my knowledge, the only way to get around double NAT through 2 firewalls would be to make the gWifi router your primary device facing the internet, no ISP router/ firewall, assuming you have Ethernet egress and can do that with your service. Doing what you're suggesting here putting gWifi in DMZ mode by the ISP router would work, but gWifi is still a NATing firewall and anything you would want to publish publicly would still need to be forwarded out from the private google network. The 2 firewall situation isn't really an advantage per se, more of a situational solution, altho my ISP router has for more advanced logging and configuration options vs the gWifi. It also provides me a way to direct connect devices to bypass the google mesh entirely which I like.Peterhttps://www.blogger.com/profile/07331743507096012047noreply@blogger.comtag:blogger.com,1999:blog-6461067935478170803.post-73566696752326270572021-10-23T09:25:49.015-05:002021-10-23T09:25:49.015-05:00Great article. I do have a question though. Could ...Great article. I do have a question though. Could we not setup 192.168.1.22 as DMZ address in the FIOS router and then avoid having to configure all those port forwarding rules? Would that work or is there any other way to avoid having to deal with all the port forwarding? Since G1 sits on the internal home network I don't see the advantage of the second firewall.navderekhttps://www.blogger.com/profile/01826419036172826482noreply@blogger.comtag:blogger.com,1999:blog-6461067935478170803.post-43465513957479703442021-06-12T13:40:15.937-05:002021-06-12T13:40:15.937-05:00I've been looking for a thorough guide like th...I've been looking for a thorough guide like this for a while. Really appreciate the work. I just got a pfsense firewall and am facing the many reported challenges of the double NAT with gwifi. Your guide squashes all of the complaints I've read. Many thanks!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6461067935478170803.post-68745429608696551102021-05-30T14:58:03.092-05:002021-05-30T14:58:03.092-05:00Hi JB, sorry for the delayed response. I'm cur...Hi JB, sorry for the delayed response. I'm curious if you tried this and if it worked. Assuming there are no WAN protocol limitations or deficiencies on the gRouter, you would just need FIOS approval/ authorization to add it to their network. There are also new laws in place that prevent an ISP from charging forever for a router like this, you might just look into buying it outright if you can. To answer your question on the firewall, absolutely G1 could do that assuming the features provided are good enough for you. The only limitation there would be the number of switched ports coming out of G1 but that could be resolved by adding a small external switch, if required. Peterhttps://www.blogger.com/profile/07331743507096012047noreply@blogger.comtag:blogger.com,1999:blog-6461067935478170803.post-47118926125462727142021-03-03T15:51:51.556-06:002021-03-03T15:51:51.556-06:00This is a really great article even in 2021, so th...This is a really great article even in 2021, so thank you. Here's a question for you: I recently switched from FiOS Triple Play to Internet Only. I am about to upgrade my FiOS speed and want to avoid their new deluxe ($180/yr) super-router. My hope was to connect my first GW Puck (G1) in my basement directly to the ONT ethernet cable, then also connect a switch to the G1 that connects to a few hardwired PCs in the house that don't have WiFi. Then all other WiFi devices would connect to Pucks G2-G4. Can I do that and if so, will G1 be a sufficient firewall for all devices, not just WiFi based ones? Thanks! JBJBnoreply@blogger.comtag:blogger.com,1999:blog-6461067935478170803.post-273956268866491762019-01-26T14:42:35.049-06:002019-01-26T14:42:35.049-06:00Hi Larry (sorry for the delay), yes you can!Hi Larry (sorry for the delay), yes you can!Peterhttps://www.blogger.com/profile/07331743507096012047noreply@blogger.comtag:blogger.com,1999:blog-6461067935478170803.post-51428288883148869042018-12-30T14:59:29.296-06:002018-12-30T14:59:29.296-06:00wow! followed your directions and everything is w...wow! followed your directions and everything is working now! thanks!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6461067935478170803.post-60560258433388719252018-05-27T19:09:59.843-05:002018-05-27T19:09:59.843-05:00Can I connect a lan cable to one of the gwifi poin...Can I connect a lan cable to one of the gwifi points and a gaming device so I can use wired internet on that gaming device?Anonymoushttps://www.blogger.com/profile/13297698095159082877noreply@blogger.comtag:blogger.com,1999:blog-6461067935478170803.post-60869745209940729072018-01-14T22:18:17.554-06:002018-01-14T22:18:17.554-06:00Fantastic description. I’m in the same exact scena...Fantastic description. I’m in the same exact scenario as you describe above. I just set my GWiFi up with Fios. Went Fios LAN to GW WAN, the. Set up the second mesh point. I then set a status IP for the Primary GW Mesh point. I then went into Advance Routing and set up the flow from Fios to the Statis IP if the GW. I do have one issue. I have MacBook Air on my GW network with a 192.168.86.x address. I can’t see an AirPrint printer on my Fios 192.168.1.x network. I thought after doing the steps in your write up devices would be able to see each other without issue. Also, my Google Home is on the Fios network and when firing up Google Home app on my iPhone attached to the GW network the Google Home app can’t find any devices I have set up with Google Home like my Sony receiver or TV. IF I change the iPhone back to the Fios network WiFi, the Google Home app sees everything. I think I’m close, but might be missing something. Thanks. <br /><br />PatrickUnknownhttps://www.blogger.com/profile/09334947386586950923noreply@blogger.comtag:blogger.com,1999:blog-6461067935478170803.post-62663397776977336312017-12-13T13:17:57.355-06:002017-12-13T13:17:57.355-06:00Right, the biggest feature loss will be mesh mode ...Right, the biggest feature loss will be mesh mode since you have to put the primary router in bridge mode. I considered this too but now find the mesh capability far too valuable. Hard to believe now I was willing to accept poor coverage ANYWHERE with my previous single router setup... good luck!Peterhttps://www.blogger.com/profile/07331743507096012047noreply@blogger.comtag:blogger.com,1999:blog-6461067935478170803.post-70478616816313577692017-12-13T11:52:53.654-06:002017-12-13T11:52:53.654-06:00Sounds good, thanks for the response! I have been ...Sounds good, thanks for the response! I have been debating between setting up Google Wifi in this manner or using it in bridged mode. I have read you lose certain features by implementing Google Wifi in bridge mode but I am not sure if that really matters.<br /><br />If I set it up in standard mode and end up passing through sonos related traffic, I will be sure to let you know.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6461067935478170803.post-85944911092041428952017-12-12T14:55:33.161-06:002017-12-12T14:55:33.161-06:00Hi Anon, excellent questions! You highlight import...Hi Anon, excellent questions! You highlight important scenarios here. In controlling Sonos from the PC example, that could work but you will need a ton of port forwarding rules to allow the various ports Sonos requires through the gWifi firewall, outlined here: https://sonos.custhelp.com/app/answers/detail/a_id/692/~/configuring-your-firewall-to-work-with-sonos <br />After trying to get this to work for a bit, I just decided it wasn't worth the trouble and now control Sonos exclusively from mobile devices, which is fine honestly. If you decide to tackle this one, please come back here and let us know if you were successful. <br /><br />For the 2nd scenario you highlight, this works natively without any additional configuration. All traffic from .86 to .1 is outbound already, so any services listening on the .1 network, in this case RDP or SMB on PC or NAS, are readily available. The important point is that these connections have to be initiated from .86. There is currently no advanced filtering to allow active connections sourced in .1 to enter .86. But the gWifi router knows where to send connections to the .1 network so these requests will succeed. <br /><br />Thanks for stopping by!<br /><br />PeterPeterhttps://www.blogger.com/profile/07331743507096012047noreply@blogger.comtag:blogger.com,1999:blog-6461067935478170803.post-18502693514698591652017-12-12T13:22:52.334-06:002017-12-12T13:22:52.334-06:00How does the PC access the sonos in this situation...How does the PC access the sonos in this situation, is there also port forwards you set up for each sonos device? Additionally, how do clients connected to G1-G3 send traffic to the PC or some other device not on G1-G3. For instance, if your NAS device was connected directly to the FIOS device.Anonymousnoreply@blogger.com