My computer was setup correctly to use the 192.168.1.x range and was talking to the router happily right up to the point of rebooting it. I had to factory reset it, several times, until I managed to pin down what was breaking it.

It turns out that firewall rules on the ST must not have spaces in their names. Unfortunately the web UI allows you to add spaces and the underlying code in the backend allows the UI to save the rules with spaces. The CLI shows the rules setup, with their spaces.

As soon as you reboot however, one of two things can happen. Either the router comes back up with your firewall settings (and a whole bunch of others settings) discarded, which isn't too bad. Or even worse it comes back up, but with the firewall in some sort of broken state. When it comes back up broken you can't access the web UI or the CLI. So you have to do a factory reset and start again.

Interestingly when you do a factory reset it comes back up with no wifi security and the firewall turned off. Unfortunately it also remembers your ADSL login details, so faithfully connects you to the Internet with zero security in place. Nice.

I finally worked out what was going wrong with the firewall settings, when I discovered that the CLI correctly disallows you from putting a space in the firewall rule names. Once I worked that out I could at least set the firewall up without destroying my config every time I rebooted.

There were however other nasties in store.

I discovered that the web UI lets you set invalid endpoints in DHCP ranges (I set my DHCP range ending with the broadcast address, doh). That wouldn't be so bad if it just broke DHCP. However when you reboot, like the firewall error, it has collateral damage. When you have an invalid DHCP range it then forget that it knows anything about the subnet that the DHCP range was part of. It also then forgets all the firewall rules connected with it. Basically it throws away all your network config.

Again the CLI knows more than the web UI, if you enter the wrong DHCP range it tells you and disallows it.

Just when I thought I had everything setup I made the mistake of trusting the web UI again. I selected a couple of wifi devices via the web UI and selected "always use this IP for this device". The router instantly disconnected both devices and would then not let them reconnect via wifi.

After a lot of digging through the CLI I discovered that when the web UI set the DHCP leases for the two devices to infinite it also added them to the wifi MAC access control list with the setting set to "deny" !

So after a day and a half of very painful messing about I finally have it up and working. I'd love to make use of the QoS features and other advanced stuff, but at this point I am fearful of touching it.

I didn't think my requirements for a router were that demanding:

- no NAT
- reserved addresses in the single DHCP scope
- a dozen straight forward firewall holes

No other router has ever made it this difficult to get those simple things setup.

I have not mentioned some of the other issues I had along the way, including random rebooting after config changes.

The Thompson Speedtouch TG585n may well be a good ADSL modem, router and access point. I do know for sure though that its web UI is just not up to the task.

If you find yourself working on one of these routers, ignore the web UI for anything but the most basic details.