[madtech_steve]

Hi I recently reorganized my home network and would like to update my
infrastructure and improve network safety.

I currently have two routers. A older one with an integrated ADSL modem
(FritzBox 7360) and a newer NetGear R7000 with the Kong build (DD-WRT v3.0-r29300M kongac (04/14/16).
I would like to cascade these two.

The first router(FB) manages the internet connection, plus some host
devices which are connected via lan&wifi (i am living together with a
friend, and this should be her wifi/lan).
The second router(NG) will manage my devices on a seperate lan&wifi.
But we have some devices that we share in the (lets call it
'TransferLAN') for example the tv, a network printer and the internet
connection, of course.

So i would need to have access to the TransferLAN (if i initiate the access from my PrivateLAN side), but the devices of my
friend should not have access to the 'PrivateLAN' of my router.
I also have some extra configuration on my NG router, some VLAN's and a
DMZ bridge(br1) that only allows access to the internet
(if required i can access br1 hosts from br0), a different dns suffix
for my servers, openvpn and so on.

Currently i got the setup running so far (see attached illustration).

The NG WAN port gets assigned a static ip from the FB dhcp, which is
configured as exposed host (so no port forwarding or anything is needed
on the FB).

The NG router is configured to get his wan connection via dhcp.
Currently running in Gateway Mode (so NAT is active).
Firewall active
Wifi bridged to br0.

But until now i have no connection (or a very instable) to the network
printer in the TransferLan.
Wireshark traces show that all packets that leave the NG router are
correctly delivered to the printer.
But only one ping every ~45 seconds (originated from PrivateLAN)gets a reply.
Is this a NAT or a firewall config problem?

What can i do to get this working?
Do i need to link the Routers with static Routes?
But as far as i have found configuration guides for this on dd-wrt this would mean to:

deactivate the NAT(which is fine by me, no need to double NAT) by setting router mode under advanced networking
deactivate the Firewall(not very thrilled about that, unless this means iptables is still active and usable)
unbridge the network interfaces
assign dedicated subnets to the interfaces(a little extra work but doable)

Or is there another way of achieving what i want, can it even be configured this way?

[bow2evil]

did you see this? http://www.dd-wrt.com/wiki/index.php/Linking_Subnets_with_Static_Routes

[madtech_steve]

Hi bow2evil,

yes I have seen this guide, but I could not get it working as described.
As soon as I switched the mode to router the wan connection dropped.

I will try again when I get the time with detailed traces and logfiles.