Reading Time: 7 Minutes
If you have read one of my other articles about salt fiber and my problems with the fiber box, you might have read the following one.
Since I, like many other people, have more demanding things to do in my home network and want to make it accessible from outside without paying 10 CHF for salt, I sometimes have to take a few detours.
To put this in a nutshell. So far I am very satisfied with Salt. When I came to Switzerland I was a little bit shocked about the prices of the other providers and decided for this attractive offer. I don’t want to complain at all, because I pay much less for my whole package than with other suppliers. You just have to be a bit inventive 😉 But now back to the topic.
Why your own router behind the Salt Fiber Box?
For me personally there were two main reasons for this:
- Speed: I have noticed that the Salt Box does not cope very well with many devices in the WLAN (we have 10+). At first I thought that it was simply interfering WLAN signals from the neighbors, devices that were too close to each other or an unfortunate orientation. But after I tested the WLAN reception with all possible tools and also a speed test always had great results, this was the only possibility left for me. Just a bit weak on the chest.
- More Possibilities: Anyone who has used the Salt Box before knows that it looks rather frugal when it comes to further possibilities. Everything that goes beyond the “normal” is in my opinion either not available or works only very limited.
- More: There are many other reasons for this, like better support, better security, faster updates, media server functions, etc…
But I do not want to withhold that there are also a few disadvantages:
- Power Consumption: Since there are now two devices running, it naturally costs more electricity. But if you switch off the WLAN of the salt box it will be within limits.
- More Complicated: Since it is not really intended to be used in this way, the Salt Box does not really offer many possibilities, so that you have to do some tricks again.
- Cost: Of course, the second router is not included in the price and must therefore be paid extra. But you can take it with you later on when you move or change to another provider.
- Not 10 Gigabit/s anymore: Since the new router will almost certainly not support 10 Gigabit/s, you can’t use it anymore. But since 99,9% of the Salt users don’t notice this anyway, I think it is bearable.
Pro & Con - eigener Router
- Significantly faster with many devices
- Many more functions, depending on the router
- Better support
- Increased security
- More nice goodies and functions
- Slightly higher electricity costs
- Greater effort for setup
- Extra costs for the router
- No more 10 Gigabit/s
Which router did I choose?
Maybe I should briefly mention which router I have chosen. In my case it was the AVM Fritzbox 7590. This is the flagship model of AVM and surely overkill for many users. But I wanted all the features and I can use this router for a long time, even if I am no longer at Salt. By the way, if you smiled about security above, this article about the security holes in many current routers is recommended. AVM was the best in this article 😉
Therefore all explanations are based on the Fritzbox. But it should also work with other routers.
What do I need for the setup?
Actually you only need a second router. Done. 🙂
As a bonus I have a RaspberriPi running, which guarantees the accessibility of my home network from outside. But for the basic functionality this is not needed.
Step 1: Setting up a second router
But now to the actual setup. To get started you have to connect your second router (here from now on “the Fritzbox”) to the power and plug an ethernet cable into one of the 4 LAN ports of the salt box and connect it to the LAN 1 port of the Fritzbox.
That was it already at first on the hardware side. When that happens, you can connect the Fritzbox to the power and start it. The best thing to do next is to connect to the Fritzbox with a laptop/computer and a network cable. Turn off your WLAN on the device, so you can be sure that you are only connected to the Fritzbox. Call the URL 192.168.2.1 in your browser now and you should land on the login screen for the Fritzbox.
Here you log in with the access data for the router. You can find them on the bottom of the router. If you got the router from someone else, it is possible that these data have been changed. In this case you have to reset the Fritzbox first.
If we are now logged in, we have to go through the setup of the Fritzbox. This is actually designed to get the router up and running and connect to the internet. But what we want to do now is to run the Fritzbox behind another router and use the existing internet connection. The whole thing is called setup as a cascaded router and allows us to set up our own network behind our router with the Fritzbox, but still get into the internet with all devices behind it.
Since I’m not a big fan of repeating everything where someone else has already taken the trouble to prepare the whole thing, I refer you to the official documentation of this process.
That was it on the part of the Fritzbox. Now to the Salt Box.
Step 2: Setting up the Salt Box
So that the Fritzbox can communicate with the Salt Box we have to set 1-2 things in the Salt Fiber Box.
To do this, we connect the network cable we used before to one of the network ports of the Salt Fiber Box instead of the Fritzbox. Then we call the address 192.168.2.1 in the browser again and should have landed on the surface of the salt box. After we logged in we switch on the “Expert” mode in the upper left corner and go to the tab Network. Via LAN -> Reservation of the IP address we give the Fritzbox a fixed IP address, which it has from now on from the Salt Box network (is that how you say it?). For me it is 192.168.2.211.
DMZ / Complete forwarding
With this address we can now go to the most important step, which is entering the IP address under Firewall -> DMZ. Here we enter the IP address we just assigned to the Fritzbox. This way all traffic will be forwarded to the Fritzbox unfiltered. In my opinion the word DMZ is a bit confusing at this point, because I only know it with a different meaning, but good. You just have to know it. Since the Fritzbox has its own (better) firewall, we don’t need to worry about this. We are already done with that and devices that connect to the Fritzbox should be able to connect to the internet. 🙂
A few more little things
For all those who want to follow the bonus I would recommend to switch off everything under firewall or to allow something like a ping and the like. Also under the tab IPv6 switch off the firewall. These things can lead to an unexpected behaviour if you want to have something in the salt net, like we did in the bonus section.
Furthermore I would recommend to switch off the WLAN and the guest WLAN at the salt router. On the one hand it won’t get in the way with the WLAN of the Fritzbox and on the other hand it saves power if it doesn’t continue running unnecessarily.
(Bonus for advanced users) Step 3: Make devices behind the Fritzbox accessible from outside
This is a more advanced topic, but surely interesting for all who have already read my article about DS-Lite (german) or your own mapping server (german) . Being reachable from the outside via IPv4 is without any tricky problems because of the DS-Lite problem. But I thought that at least my devices could be reachable via IPv6 since every device gets an IPv6 address and all routers and devices involved speak IPv6.
What does not work: IPv6
But in my understanding this is not possible with this setup, because the salt box only distributes local addresses with a fixed width to its clients. That means the first half of my IPv6 address is the global part and the second half is always the local part of my devices in the salt box network.
Now a ping from outside to the salt box with its global IPv6 address is possible and also a ping to the Fritzbox with its global part and its own local part is possible. But now the whole address is exhausted (gggg:gggg:gggg:llll:llll:llll) and I have no more possibility to set up another “net” with local addresses for my devices below the Fritzbox. But this would be necessary, so that the Fritzbox can forward them to the salt box and outside again. If someone can tell me how to solve this, I would be very interested.
What works: IPv4
On the other hand, IPv6 was not as important for me as accessibility via IPv4. To achieve this I proceeded like in my Mapping Server Tutorial (please read so that the rest is understandable) with two small changes:
- On the one hand the RaspberriPi has to be connected parallel to the Fritzbox this time, so that it can be reached from outside via IPv6. At this point it accepts the IPv6 packets from our external server and converts them into IPv4 packets.
- On the other hand, this time we do not forward the packets directly to the device for which they are intended, but we forward them to the Fritzbox. The Fritzbox can then use the normal NAT procedure to determine where (IP address) and to which port the IPv4 packets should be forwarded. If you have never done this before, you can find instructions here.
And so everything works again like before, at least in my household. 😛
I tried to make the whole thing a bit more graphical. Hopefully it will be easier to understand.
All in all it works quite easy, the advantages definitely outweigh the disadvantages from my point of view and I’m glad that everything works. If you still have higher requirements you have to expect a little bit more effort than with the “normal” version.