config internet -> Arris CM/WAP stock -> Netgear 2000 DD-Wrt v24 (wired connect to CM)

All machines have internet access

Netgear CM machine 1 - wired to netgear machine 2 - wired to netgear machine 3 - wireless to CM

Machine 1 can ping CM, Netgear, and Machine 3, but not machine 2 Machine 2 can ping CM, Netgear and Machine 3, but not machine 1

Obviously something in the Netgear box is working, but I cannot find setting DHCP is off, its set to router function , wan port is off, ap isolation is off

If you can give me some idea I can run down the setting , but I just don't know what is going on, never seen two machines on the same router not be able to ping each other.

  • If both machine 1 and 2 are on the LAN ports on the Netgear then check them for local firewalls that are blocking ICMP first. Also make sure both of their default gateways are correct (shouldn't matter here, but still).
    – TheCleaner
    Commented Apr 23, 2013 at 13:07

3 Answers 3


Thank you for the direction, I am going to have to come up to speed on a few things, to work on the advice, but for now

The SPI firewall on DD-WRT machine is disabled There are no Security Policies in place on the DD-WRT router (in the Security Tab) DMZ, QOS are disabled WAN is Disabled DHCP is disabled Advanced Routing is set to Router Mode

The Firewall and all other security on the Arris CM is off (for testing) RoutedwithNAT is on in LAN Settings DHCP pool starts at x.x.x.05

One other fact I discovered this afternoon is that though DD-WRT has the option to make the uplink port just a regular port when DHCP and WAN are disabled - and according to the wiki on WRT the connection should be lan-lan port, NOT uplink port, I only get internet on the M1 and M2 when the cable from the CM is plugged into the uplink port, not any other port, even though the uplink port is supposed to be just a regular port. So its as if the Netgear is not taking the WRT setting, or the Arris won't recognize a connection to any other port.

Even stranger is WIRELESS connections (droid phone) through the netgear router (diff SSID than Arris CM) will ping through to M2 and it has internet - so its just the two wired machines that cannot see each other;

For completeness M1 and M2 are both running Lubuntu 12.10 and have no security/firewall policies that I know of turned on. I am going to revisit local firewall settings as I can't see anything else in WRT that can be changed. I appreciate the help, the best I have gotten at DD-WRT is "it should work if you followed the tutorial"

  • Hi and Welcome to Super User! Please read the How to Answer a Question Guide. This site is a Q&A site not a forum.
    – slm
    Commented Apr 24, 2013 at 1:52
  • You might want to get your accounts merged, using the "contact us" link at the bottom of the page
    – Journeyman Geek
    Commented Apr 24, 2013 at 3:44

It looks like some kind of security/ACL/firewall rule setting. Check within DD-WRT to see how the interfaces are set up (one of them might be set up as a 'DMZ' style interface). I don't know DD-WRT very well, but dig around for iptables or ipchains and look for rules which may be preventing interfaces from contacting each other. Whatever is happening is most likely due to interface security configuration given that the hosts are within the same subnet.

You might also do a traffic capture on M1 and see if you can see broadcast traffic from M2. If you can't see any broadcasts after five minutes, then you can definitely tell that they are firewalled from each other somehow.

Failing all that, TheCleaner's suggestion on local firealls is the most likely answer.


Try this:

swconfig dev eth1 set enable_vlan 1
swconfig dev eth1 set apply

Save as a startup command.

You must log in to answer this question.