ASUS router bridged setup

This document describes how to set up an ASUS router in bridged mode, without NAT, typically for use with multiple static IP addresses.

This is based on my experiences with an ASUS AAM6000EV router, firmware revision 71146a1, connecting to Eclipse Internet.

Remember that you must have a firewall to protect your hosts if you are not running NAT on your router.

The examples given in this procedure assume that you have been assigned 5 IPs, IP address 123.45.67.137, subnet 255.255.255.248. This means that your router will take 123.45.67.137, and you will have 5 available addresses 123.45.67.138-142.

Step by step

  1. Make sure you have a serial cable handy - if you mess up the router configuration you may need it.
  2. First, follow the instructions to set up the router in NAT mode. The router is very easy to set up in NAT mode, and it confirms that everything is working OK before you switch to bridged mode. Once you've followed all those instructions, noting particularly that you have to change the default user details on the router, and everything is running OK, then continue here.
  3. Go to the router configuration (on 192.168.1.1). Select Statistics then PPP, then look at the STATUS for Channel No 1. In particular, the IPCP : local options should be set to the IP address your ISP has assigned to you (e.g. 123.45.67.137).
  4. Select Quick Setup Wizard then Ethernet. Set the IP Address and Subnet Mask to the values specified by your ISP(e.g. 123.45.67.137 and 255.255.255.248), then Submit and confirm.
  5. Select Quick Setup Wizard then Channel. Set Channel to 1 then click MODIFY. Change only the following values:-
    NAT no
    IP Filter yes
    ... then Submit and confirm to save the configuration.
  6. Select Reset Modem and confirm to load the new configuration.
  7. Change your host(s) IP address(es) and subnet to its desired value(s) within your subnet (e.g. address 123.45.67.138-142, subnet 255.255.255.248). Also change both the gateway and DNS to the router's address (e.g. 123.45.67.137).
  8. Now test whether you can access the Internet, now in bridged mode. If you have problems then perform the steps in Bypassing DNS Relay before continuing this procedure.
  9. At this stage, you should be able to access the Internet through the router. However, anyone on the Internet can still access the router configuration via http or telnet, which is a potential hazard which should be eliminated.Go to the router configuration, now on its allocated address (e.g. 123.45.67.137). Select Network Service, then IP Filter. Click on RULES, then enter the details for each of the following rules and click ADD:-
      Rule 0 Rule 1
    Source IP 0.0.0.0 0.0.0.0
    Source Mask 0.0.0.0 0.0.0.0
    Destination IP <router's IP address (e.g. 123.45.67.137)> <router's IP address (e.g. 123.45.67.137)>
    Destination Mask 255.255.255.255 255.255.255.255
    Protocol TCP TCP
    Port 23 80
  10. Next click on GROUPS. Leave Groups No set to 0. First enter 0, then 1 into Rules, followed each time by clicking ADD. Make sure that the Policy is deny for Group 0.
  11. Finally click on HOME. For Channel No 1, enter 0 into Groups and click ADD.
  12. Click SAVE to save the router configuration. I'm not sure it does any good saving the configuration at the moment, but I don't think it does any harm, and it might do some good in the future.
  13. Do NOT reset the router!
  14. Now your router configuration cannot be accessed from Internet, but you can still access it from your LAN.

Reinstating IP Filter after the router is reset

Due to bugs in the router's IP Filter function, if the router is reset (either deliberately, or because of a power failure, etc.), then the IP Filter rules, which protect the router from being configured from outside of your LAN, are lost. This is why it is so important to change the user name and password for configuring the router.

If the router is reset, then you must follow these steps to restore full protection:-

  1. Go to the router configuration, now on its allocated address (e.g. 123.45.67.137). Select Network Service, then IP Filter.
  2. Check whether Channel No 1 has 0 listed in the Groups column. (It won't do, unless the bug is fixed). If it is not there, then proceed to the next step.
  3. For Channel No 1, enter 0 into Groups and click ADD.

If you get DNS problems ...

If you get DNS problems with the ASUS Router, then please read about Bypassing DNS Relay.

Last modified 02/03/2002.