What I meant was when using multiple routers (dd-wrt!) together like he said he did: I do this to, with one main router as the sole dhcp server, and the only one that will perform NAT. Other routers connected to my system will then have static adresses I assign outside the dhcp range, and they get set up so that they arent technically routers, anymore. These will not be dhcp servers, they will foreward that function directly to the "main" router, which will assign the adresses, and such. The other routers now become more or less, invisible. The network will appear as though only the first one, is actually there, unless, of course, you ping one of the others static adresses. Now otherwise, connecting 2 routers the second NAT's the first, meaning the first one can only see the second, and anything connected to the second, is invisible to the first. Firewalled by "NAT".
At any rate, when setup like I do, the first router is the one to the internet, and the only firewall you need. Generally speaking, a firewall BEHIND your firewall, can only cause issues, and it's generally better to disable them.
AND TO CLARIFY AGAIN: I did NOT reccomend disabling the firewall, just the firewall function of the second router connected to his network, since it's behind the only usefull firewall, the first routers', already. To have a smooth netork, with multiple routers working together, in such a way as he has, it takes a little setting up, but its better this way. i do the same thing, and I had issues with the second router's firewalling the first, and causing the whole thing to fail, since it prevented the first router from dhcp serving adresses to clients behind the second router's firewall, so they were just OUT.
On my network, I use dd-wrt's WONDERFUL Broadcom "Repeater-Bridge" setting, to do all this wirelessly, and extend my network range. By using all the same SSID's, and the same WPA settings, Windows only sees one SSID, and will seamlessly roam between them, as will they with each other, I can daisy chain to extend the range. So I have had AMPLE opportunity to mess with dd-wrt's on multiple routers, and this is something that I know a bit about. The thing to remember about this kind of setup is that if there is any breakdown in communication, EVERYTHING connected beyond that will fail to connect in any way, I know. I NEED dd-wrt's "spanning tree protocall", thats why my routers can connect to each other in any way, any router can connect to the network throu any other, or as many others as it takes, STP will resolve "loopback" issues, and the entire network works, for all intensive purposes, exactly the same as with just one router, no matter how complicated I make it. When its working, it's just a beautiful thing. I have had as many as 6 at once. Someone from down the street brings over their laptop, I connect to my network, wirelessly, for the passowrd. But they dont have enough range to connect from where they are, I loan them one of the "sattelite" routers, they just plug in the power, and put it someplace high, and their laptop will automaticly connect to that, whcih does the same with my network, they will be connected the same from there as it did here, and anywhere in between, they can walk from there to here with it and never loose connection, in fact from my end, I have to queary the sattelites to figure out exactly which one they are connecting to, at any given time.
Remeber, I have the internet connection, I dont need a router, or network of any kind at all, I have the modem. The only puprpose of my network, is just to do it. DD-WRT rocks, and there is no end to the ways it can be exploited, and just doing it all, just to know how to do it all, is fascinating. Lets face it, there isnt much left we can exploit out of the old ps2, and I still don't know what all dd-wrt's features do, I need to get the hotspot software down, next, so I can leave it open, and charge for it. I live damn nearly on the las vegas strip, with a network as big as mine, I could and should be exploiting the hell out of that fact, there are 2 wi-mesh networks around me, anyway, why not?
I want to assign a mac adress to my rc helicopter!