But why do you use a double NAT instead of bridging it to your router Double NAT doesn't protect you from that
I feel a little bit going in circles.
If an employee flashes a malicious firmware as they can do, they are stuck between modem and router.
The router functioning as a firewall on the WAN side and dropping anything incoming ...
opposed to setting the modem in bridge mode giving limited access to your LAN.
Everyone, keep it on topic please.
2 Likes
so then it does not matter if you are in bridge mode or not, put the modem in bridge mode leave the router in normal mode. I thought you were against me recommending putting the modem in bridge mode which I think may help in this case
Yeah oc, try everything.
But the OP was very close to having a working setup with the double NAT before the Merlin change.
Ow ps @ikifar2012, your right the router should block incoming as the modem bridge drops your public IP on the WAN side of the router.
Bit tired ... sorry.
I use that DMZ to run public services so thats my main reason to double NAT.
1 Like
Oh ok makes more sense now
1 Like
Now only if we heard some from the OP.
Or maybe he has bricked some for good now 
I‘m confused, please bear with me.
I had to reset the Asus router because I couldn‘t access its settings page after setting it to AP mode.
Now I need your help to understand my next steps.
Should I enable DHCPv4 on the Cable Modem? Because without DHCPv4 the Asus router doesn‘t connect to the Cable Modem, and I‘m not sure if it would at all in some manual setting.
Double NAT is really complicating things here.
Seems dhcp from the cable modem will have to be used If.
1. you cant disable ipv6
and or
2. you cant disable ipv6 dhcp
If you mean the DHCP service on the modem, yes you could (the modem functions as a DHCP client as well on its WAN side).
But I prefer to assign a static IP to the WAN interface on my router in the same subnet as the LAN IP from the modem.
The reason for this is the D for dynamic in DHCP.
IP address for router WAN could change with some effects probably.
EDIT: time for 
I've spent the last evening starting from scratch, according to this manual
… which specifically caters for Asus RT-AC68U routers with Asuswrt-Merlin firmware, exactly my setup. The Raspberry Pi has been setup from scratch too (2019-09-26-raspbian-buster-full), subsequently installing Pi-hole anew.
After fixing one remaining nocturnal lapse in my router setup 
, Pi-hole seems to work as expected 
. Now I'm looking into getting more ads blocked …
Thanks to all for your persistent patience and humour 
3 Likes
Maybe time to flash my Asus box too 
One thing is explained slightly wrong I noticed in that reddit thread:
Find your Raspberry Pi's MAC address from the drop-down list, give it a hostname, press the PLUS button, and hit apply
Your Pi now has a static IP address; please note that address!IP address; please note that address!
Above sets a DHCP reservation in the router and not a static IP on the Pi-hole device itself.
For setting a real static IP, you'd still have to login to Pi-hole to change.
Before the Pi-hole install, Raspbian and most other distro's are set to auto acquire IP details through DHCP.
After the Pi-hole installer has done its job, it has configured below file to assign a static IP instead of acquiring one via DHCP (becoming independent from DHCP from the router):
pi@noads:~ $ tail /etc/dhcpcd.conf
[..]
interface eth0
static ip_address=10.0.0.2/24
static routers=10.0.0.1
static domain_name_servers=127.0.0.1
2 Likes
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.