Use Airport Time Capsule as second router behind Comcast modem/router

[tthkbw]

My Comcast modem/router (Cisco 3941T) is locked down by Comcast and I can't change the DNS settings on it. I run pihole on a raspberry pi, and I want to have a router that uses the pihole as the DNS server for all my devices, both wired and wireless.

I have an Apple Time Capsule. I would like to connect the Time Capsule to the Comcast router, then have the Time Capsule use DHCP for its clients, both wired and wireless, and also use the Time Capsule's DNS setting to direct its connected clients DNS to the pihole. I also want to keep the Comcast router running a wireless network since I have the two routers set in different locations and running both as wireless points covers the entire house with good wifi. So, I don't want to put the Comcast router in bridge mode.

I haven't been able to get this to work. The Comcast router is 10.0.0.1. I fixed the IP of the Time Capsule (I'll call it TC from now on) to be 10.0.0.2. Then I set up the TC in DHCP/NAT mode and created a subnet of 10.0.1.xx. Devices connected to the TC, but they could not get to the internet, which of course is available through the Comcast router. Why not?

One of the things that confuses me is when I use Airport Utility to configure the TC go to the Internet page, I select static. This page shows an IP address--which is the IP address of the TC (10.0.0.2), as I set on the Comcast router. Then the router address would be 10.0.1.1 in this case, correct? But I don't get internet.

I also tried segmenting the DHCP address ranges of the two routers and putting the TC on the same subnet as the Comcast router. So the TC was still at 10.0.0.2, but gave out DHCP from 10.0.0.200-250, while the Comcast router was set to give DHCP in range of 10.0.0.3-150. This worked (devices connected), but the clients connected to the TC did not get the DNS that I set on the TC, instead, they got the DNS from the Comcast router.

Any suggestions?

 

[ZeitGeist]

Set the time capsule to bridge mode.

 

[2984839]

Right now you have double NAT, which is going to cause weird issues.

Can you make the Time Capsule your main router and put the Comcast router in bridge mode behind it so that it's essentially an AP?

 

[tthkbw]

Zeitgeist:

I have been using the TC in bridge mode. Everything works, but clients connected to the wireless or wired ports of the TC do not use the DNS setting of the TC. For example, I connect my iPad to the TC wireless network, with the iPad's DNS set to "automatic". The TC has DNS pointing to my pihole. But, the iPad gets 75.75.75.75 as the DNS server, which is the DNS server of the Comcast router. I assume this is because the default gateway in this configuration is 10.0.0.1, which is the Comcast router.

556fmjoe:

I think I will try this again. I did this a few days ago, and nothing worked. So I tried something else. That didn't work either and I finally discovered that I had mistakenly wired a lan port from the TC back to a lan port on the Comcast router. I didn't go back and retry bridge mode on the Comcast router. Years ago, with a different Comcast router, I had a terrible time getting the TC to connect to the Comcast router when the Comcast was in bridge mode--a weird Apple thing of some sort--and so have been reluctant to use this. The disadvantage of doing this for me is that then I don't have the additional wireless network of the Comcast router. Since the routers are in different locations in my house, the two wireless networks give be really good wireless coverage whereas using only one doesn't work as well.

My current solution is twofold. For my Macs, which are ethernet connected, I set the DNS server in the network preferences pane to use the pihole. This works fine.

For my mobile devices--iPads and iPhones, I don't want to set the dns to the local ip of the pihole since then, when I leave the house, I have no DNS so have to change the DNS if I leave the house. So I installed OpenVPN on the pihole and I connect the mobile devices using the VPN, which uses pinhole for DNS. This works well, and in addition gives me better protection on unknown wireless networks. However, it also restricts bandwidth to the 6Mbits/sec of my Comcast upload bandwidth. At least it's easier to turn the VPN on and off than it is to change DNS.

 

[2984839]

Do you remember what the problem was with the TC when the Comcast was in bridge mode?

The other option, which will cost you a few bucks (probably around $80), is to get a wireless AP to pair with the TC and just dump the Comcast router that was giving you trouble in bridge mode. Now, the caveat is that some providers use all in one modem/router/wireless AP devices, so if you are relying on the Comcast router to also be a modem, then you'll need your own separate modem.

 

[tthkbw]

Thanks for the reply. I got back to this and did some more testing (can't mess up the network when others are using it!).

If I put the Comcast in bridge mode and the TC in DHCP+NAT mode, the TC never gets an Internet address from the Comcast. So I have no internet. I tried power cycling both devices and verified that the TC was connected to port 1 of the Comcast, and was the only device connected. The Comcast is really in bridge mode, I think.

Again, I vaguely remember years ago (2013, when I purchased the TC), that I had a different Comcast Modem (not a router). I remember going through this problem where the TC and the Comcast modem would not connect while my existing router (a DLink, I think, but maybe a Buffalo), connected without issue. I finally found some weird and magical incantation on the internet that that I used to get it working.

Because the Comcast takes minutes to reboot, screwing around with this is very time-consuming. It's going to have to wait until my wife is out of town for a week later this month, unless I find a known and very specific method for connecting the AirPort Extreme Time Capsule to the Comcast Cisco 3941T in bridge mode.

I am reluctant to dump the Comcast Cisco modem/router for one I purchase since then I lose Comcast support. I also have a landline from Comcast through the Cisco 3941T. Although I know I can now purchase a modem/router/voice device, even one Comcast supports, I remember the Comcast Techs working for 6+ hours to get my voice stuff working given the weird phone wiring in the house. I can imagine getting a new modem/router/voice device and the landline not working.

 

[2984839]

Thanks for the reply. I got back to this and did some more testing (can't mess up the network when others are using it!).

If I put the Comcast in bridge mode and the TC in DHCP+NAT mode, the TC never gets an Internet address from the Comcast. So I have no internet. I tried power cycling both devices and verified that the TC was connected to port 1 of the Comcast, and was the only device connected. The Comcast is really in bridge mode, I think.

Again, I vaguely remember years ago (2013, when I purchased the TC), that I had a different Comcast Modem (not a router). I remember going through this problem where the TC and the Comcast modem would not connect while my existing router (a DLink, I think, but maybe a Buffalo), connected without issue. I finally found some weird and magical incantation on the internet that that I used to get it working.

Because the Comcast takes minutes to reboot, screwing around with this is very time-consuming. It's going to have to wait until my wife is out of town for a week later this month, unless I find a known and very specific method for connecting the AirPort Extreme Time Capsule to the Comcast Cisco 3941T in bridge mode.

I am reluctant to dump the Comcast Cisco modem/router for one I purchase since then I lose Comcast support. I also have a landline from Comcast through the Cisco 3941T. Although I know I can now purchase a modem/router/voice device, even one Comcast supports, I remember the Comcast Techs working for 6+ hours to get my voice stuff working given the weird phone wiring in the house. I can imagine getting a new modem/router/voice device and the landline not working.

What if you plug the TC directly into your modem and plug the Comcast router into the TC? Can the TC get an IP that way?

 

[npmacuser5]

What works for me using your exact configuration. Needs a wire between the router and extreme. Set up Extreme as “create a new network”. Setup network DHCP as Bridge. Add name and password for the connection. Set IOS and other devices to login to this network additionally. Auto switching will take place if signal low. Otherwise just select this network when in that area or other permanent devices. No need to have any access to the Comcast Cisco Router. Key the cable. Hope that helps.

 

[tthkbw]

556fmjoe:

The Comcast modem/router/voice is a Cisco 3941T. The router and the modem are in one device, so I can't do what you suggest. I can put the Cisco into bridge mode, which disables the router function, which is what I tried.

npmacuser5:

I can run the TC from the Comcast modem router with the TC in bridge mode. However, when I do that, even though I set a DNS on the TC, the DNS clients use is from the Comcast and is Comcast's DNS server 75.75.75.75. The TC creates a wireless network with separate name and login/password, but it doesn't do DHCP (since it is in bridge mode), and doesn't give out DNS addresses. This is the mode I currently use, the TC is basically just a wireless extender.

 

[npmacuser5]

556fmjoe:

The Comcast modem/router/voice is a Cisco 3941T. The router and the modem are in one device, so I can't do what you suggest. I can put the Cisco into bridge mode, which disables the router function, which is what I tried.

npmacuser5:

I can run the TC from the Comcast modem router with the TC in bridge mode. However, when I do that, even though I set a DNS on the TC, the DNS clients use is from the Comcast and is Comcast's DNS server 75.75.75.75. The TC creates a wireless network with separate name and login/password, but it doesn't do DHCP (since it is in bridge mode), and doesn't give out DNS addresses. This is the mode I currently use, the TC is basically just a wireless extender.

The reason I did not do that, performance. The wire gives full performance of the router. Not for everyone.

 

[CaliforniaDreamin]

Apologies in advance if my question seems like thread-jacking. However, I try to search for previous threads on a forum prior to posting new ones. This thread brings up a number of things pertaining to my question.

I just got a late-2012 Mini Server and the seller had a 5th gen Airport Extreme included. We just moved residences and are about to set up Xfinity/Comcast Internet. From what I can see, Comcast won't let us just use the AE since it is not on their "approved" list of routers. Should I use this thread as a lead into what I should do or am I missing something?

 

[yasai_2]

@tthkbw did you ever get this working? I am in the exact same spot as your original post, pihole, comcast router, and apple time capsule. This post is still one of the first search results, so thought I'd check if you had solved things.

 

[tthkbw]

I gave up. I have rebuilt my network almost completely. I ditched the Comcast modem and purchased my own Arris SVB3202, a modem/phone line only device (no router). I purchased a Flashrouter Netgear R7800 as my main router. I kept the TimeCapsule and use it in bridge mode to give better wireless range.

There were lots of interesting challenges doing this. Many of them had to do with the Flashrouter (runs DDWRT). DDWRT is infinitely configurable, and very powerful, but is also very technical in its approach to documentation. Unless you really understand routers and networking, it is difficult to understand what a lot of things do, and it allows you to configure really cool problems. In addition, development is continuous and it is difficult to understand what any particular release does and whether it might solve a problem for you or create one. I purchased the router with support from Flashrouters. Useless--when I had a problem, they seemed to have less understanding than I did of what to do and fell back on upgrading the DDWRT firmware. I was reluctant to do this as all the recent releases had confusing mentions of lots of wireless problems. Luckily, I used the DDWRT forum, where a guru was very helpful and I now have a stable system.

However, I have two separate wireless networks--one produced by the Flashrouter, and one produced by my bridge mode TimeCapsule. I think this sometimes creates issues. I want to change the mode of the TimeCapsule from "Create a wireless network" to "Extend a wireless network" to avoid this.

The Flashrouter with DDWRT does provide a lot of great features I have taken advantage of, however, and overall I think it was a good purchase. The Arris Modem was also a great purchase--$100 from Best Buy, and it saves me almost $20 per month on my Comcast bill. At the end of this month it will have paid for itself.

 

[yasai_2]

Thanks for letting me know! I'm going to try and hack on this comcast/tc/pihole problem a bit longer. It looks likely that I'll end up replacing the comcast router too.