Reading Time: 7 Minutes

If you have read one of my other articles about salt fiber and my problems with the fiber box, you might have read the following one.

Since I, like many other people, have more demanding things to do in my home network and want to make it accessible from outside without paying 10 CHF for salt, I sometimes have to take a few detours.

To put this in a nutshell. So far I am very satisfied with Salt. When I came to Switzerland I was a little bit shocked about the prices of the other providers and decided for this attractive offer. I don’t want to complain at all, because I pay much less for my whole package than with other suppliers. You just have to be a bit inventive ๐Ÿ˜‰ But now back to the topic.

Why your own router behind the Salt Fiber Box?

For me personally there were two main reasons for this:

  • Speed: I have noticed that the Salt Box does not cope very well with many devices in the WLAN (we have 10+). At first I thought that it was simply interfering WLAN signals from the neighbors, devices that were too close to each other or an unfortunate orientation. But after I tested the WLAN reception with all possible tools and also a speed test always had great results, this was the only possibility left for me. Just a bit weak on the chest.
  • More Possibilities:ย Anyone who has used the Salt Box before knows that it looks rather frugal when it comes to further possibilities. Everything that goes beyond the “normal” is in my opinion either not available or works only very limited.
  • More:ย There are many other reasons for this, like better support, better security, faster updates, media server functions, etc…

But I do not want to withhold that there are also a few disadvantages:

  • Power Consumption: Since there are now two devices running, it naturally costs more electricity. But if you switch off the WLAN of the salt box it will be within limits.
  • More Complicated: Since it is not really intended to be used in this way, the Salt Box does not really offer many possibilities, so that you have to do some tricks again.
  • Cost:ย Of course, the second router is not included in the price and must therefore be paid extra. But you can take it with you later on when you move or change to another provider.
  • Not 10 Gigabit/s anymore:ย Since the new router will almost certainly not support 10 Gigabit/s, you can’t use it anymore. But since 99,9% of the Salt users don’t notice this anyway, I think it is bearable.

Pro & Con - eigener Router


  • Significantly faster with many devices
  • Many more functions, depending on the router
  • Better support
  • Increased security
  • More nice goodies and functions


  • Slightly higher electricity costs
  • Greater effort for setup
  • Extra costs for the router
  • No more 10 Gigabit/s

Which router did I choose?

Maybe I should briefly mention which router I have chosen. In my case it was the AVM Fritzbox 7590. This is the flagship model of AVM and surely overkill for many users. But I wanted all the features and I can use this router for a long time, even if I am no longer at Salt. By the way, if you smiled about security above, this article about the security holes in many current routers is recommended. AVM was the best in this article ๐Ÿ˜‰

Therefore all explanations are based on the Fritzbox. But it should also work with other routers.

What do I need for the setup?

Actually you only need a second router. Done. ๐Ÿ™‚

As a bonus I have a RaspberriPi running, which guarantees the accessibility of my home network from outside. But for the basic functionality this is not needed.

Step 1: Setting up a second router

But now to the actual setup. To get started you have to connect your second router (here from now on “the Fritzbox”) to the power and plug an ethernet cable into one of the 4 LAN ports of the salt box and connect it to the LAN 1 port of the Fritzbox.


That was it already at first on the hardware side. When that happens, you can connect the Fritzbox to the power and start it. The best thing to do next is to connect to the Fritzbox with a laptop/computer and a network cable. Turn off your WLAN on the device, so you can be sure that you are only connected to the Fritzbox. Call the URL in your browser now and you should land on the login screen for the Fritzbox.

Here you log in with the access data for the router. You can find them on the bottom of the router. If you got the router from someone else, it is possible that these data have been changed. In this case you have to reset the Fritzbox first.

If we are now logged in, we have to go through the setup of the Fritzbox. This is actually designed to get the router up and running and connect to the internet. But what we want to do now is to run the Fritzbox behind another router and use the existing internet connection. The whole thing is called setup as a cascaded router and allows us to set up our own network behind our router with the Fritzbox, but still get into the internet with all devices behind it.

Since I’m not a big fan of repeating everything where someone else has already taken the trouble to prepare the whole thing, I refer you to the official documentation of this process.

That was it on the part of the Fritzbox. Now to the Salt Box.

Step 2: Setting up the Salt Box

So that the Fritzbox can communicate with the Salt Box we have to set 1-2 things in the Salt Fiber Box.

To do this, we connect the network cable we used before to one of the network ports of the Salt Fiber Box instead of the Fritzbox. Then we call the address in the browser again and should have landed on the surface of the salt box. After we logged in we switch on the “Expert” mode in the upper left corner and go to the tab Network. Via LAN -> Reservation of the IP address we give the Fritzbox a fixed IP address, which it has from now on from the Salt Box network (is that how you say it?). For me it is


DMZ / Complete forwarding

With this address we can now go to the most important step, which is entering the IP address under Firewall -> DMZ. Here we enter the IP address we just assigned to the Fritzbox. This way all traffic will be forwarded to the Fritzbox unfiltered. In my opinion the word DMZ is a bit confusing at this point, because I only know it with a different meaning, but good. You just have to know it. Since the Fritzbox has its own (better) firewall, we don’t need to worry about this. We are already done with that and devices that connect to the Fritzbox should be able to connect to the internet. ๐Ÿ™‚


A few more little things

For all those who want to follow the bonus I would recommend to switch off everything under firewall or to allow something like a ping and the like. Also under the tab IPv6 switch off the firewall. These things can lead to an unexpected behaviour if you want to have something in the salt net, like we did in the bonus section.

Furthermore I would recommend to switch off the WLAN and the guest WLAN at the salt router. On the one hand it won’t get in the way with the WLAN of the Fritzbox and on the other hand it saves power if it doesn’t continue running unnecessarily.

(Bonus for advanced users) Step 3: Make devices behind the Fritzbox accessible from outside

This is a more advanced topic, but surely interesting for all who have already read my article about DS-Lite (german) or your own mapping server (german) . Being reachable from the outside via IPv4 is without any tricky problems because of the DS-Lite problem. But I thought that at least my devices could be reachable via IPv6 since every device gets an IPv6 address and all routers and devices involved speak IPv6.

What does not work: IPv6

But in my understanding this is not possible with this setup, because the salt box only distributes local addresses with a fixed width to its clients. That means the first half of my IPv6 address is the global part and the second half is always the local part of my devices in the salt box network.

Now a ping from outside to the salt box with its global IPv6 address is possible and also a ping to the Fritzbox with its global part and its own local part is possible. But now the whole address is exhausted (gggg:gggg:gggg:llll:llll:llll) and I have no more possibility to set up another “net” with local addresses for my devices below the Fritzbox. But this would be necessary, so that the Fritzbox can forward them to the salt box and outside again. If someone can tell me how to solve this, I would be very interested.

What works: IPv4

On the other hand, IPv6 was not as important for me as accessibility via IPv4. To achieve this I proceeded like in my Mapping Server Tutorial (please read so that the rest is understandable) with two small changes:

  • On the one hand the RaspberriPi has to be connected parallel to the Fritzbox this time, so that it can be reached from outside via IPv6. At this point it accepts the IPv6 packets from our external server and converts them into IPv4 packets.
  • On the other hand, this time we do not forward the packets directly to the device for which they are intended, but we forward them to the Fritzbox. The Fritzbox can then use the normal NAT procedure to determine where (IP address) and to which port the IPv4 packets should be forwarded. If you have never done this before, you can find instructions here.

And so everything works again like before, at least in my household. ๐Ÿ˜›

I tried to make the whole thing a bit more graphical. Hopefully it will be easier to understand.



All in all it works quite easy, the advantages definitely outweigh the disadvantages from my point of view and I’m glad that everything works. If you still have higher requirements you have to expect a little bit more effort than with the “normal” version.

How useful was this post?

Click on a star to rate it!

Average rating 4.8 / 5. Vote count: 25

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?


  1. Luis Puerto 11. November 2020 at 12:24 - Reply


    Thanks a lot for this. The point that no more 10gb/s it’s a little bit wrong. You can always buy a router with 10gb/s lan wan and that’s it. They are starting to appear in the market with reasonable price.

    For me the issue here is to be able to get a router with enough wifi power to really take advantage of the connection specially if you have several wifi clients or more than one computer with high demand at home.

    All come down to budget in the end. You can buy a really good router and several AP and spread them over your home connected using high quality ethernet wire.

    However the crux of the issue here is the salt box is still really basic and there are not bridge mode possible, which would be the best solution.

    • Nils 14. November 2020 at 16:23 - Reply

      Hi Luis,

      Yes you are absolutely right of course. For me this was just not an option, since they are still quite expensive as you also pointed out. For (semi-)professionals it is still an option of course.

      Regarding the wifi, you are also right. For me the wifi of my FritzBox 7590 is more than enough. My apartment is quite tiny though, so for you a more powerful solution might be necessary.

      And yes a bridge mode in the salt box would make everyones life a lot easier.

      Thanks for your input

  2. Ivan Perroud 28. November 2020 at 2:11 - Reply

    Hi! Thanks, what internet transfer
    Speed do you get with an AC wifi near the Fritzbox?

    • Nils 2. December 2020 at 21:35 - Reply

      Hi Ivan, don’t know about AC wifi, but with all my notebooks (they are from 2015 onwards) I get mostly 300-400 MBit to my NAS over WiFi with my Fritzbox. Hope that helps

  3. Micki 24. December 2020 at 1:27 - Reply

    Hello – Very interesting post.
    Can I ask you if I could switch the WIFI off in my Salt router – and use internet via Ethernet?
    Is this difficult?

    Best regards,

    • Nils 13. February 2021 at 21:56 - Reply

      Hi Micky,

      Yes, everything that is explained has pretty much nothing to do with WiFi itself, so you can turn it off an just use the ethernet connection ๐Ÿ™‚

      Best regards,

  4. Remsta 27. January 2021 at 18:41 - Reply


    I have a USG connected to a Salt Box and I have noticed that the Salt Box will not pass a IPv6 address onto the USG. I see here that you were also not able to get this working in order to access your devices from the outside. Did you end up getting this working?

    I would like to access my NAS from outside and have set up the following:

    An AAAA record with Cloudflare with the domain -> pointing to my public static IPv6 address from Salt. -> This works and resolves my IPv6 address.

    I would now like to forward that from the Salt Box -> the UniFi USG and in the UniFi USG Port Forward to my NAS port 32400.

    Is this possible?

    The Salt Box is not giving my UniFI USG an IPv6 address, nor are any of the devices behind the USG getting any IPv6 addresses – how can I fix this?

    • Nils 14. February 2021 at 15:20 - Reply

      Hi there,
      So I do not have any experiecen with an UniFi USG, but in general I understand you are ok with everything being IPv6 traffic.
      So you wouldn’t really need the “classical” port forwarding anymore. You should proabaly enable something like IPv6 passthrough and let your public domain directly point to your NASs’ IPv6 address.
      My devices definitely get an IPv6 address, since I am using the Raspberry Pi with this address. If you don’t see it on the Salt UI you might want to check your device directly and check for the address there.
      You are right though that I have problems with my FritzBox, since it does not fully support IPv6 yet, which is one reason why I need the Raspberry intermediary.
      If your UniFi USG fully supports IPv6 it should have an IPv6 address though.
      Hope that helped somehow.


Leave A Comment