Post #137,329
1/23/04 10:59:03 AM
8/21/07 6:35:29 AM
|
I'm beginning to think this isn't possible
Right now what works is
DSL-->G4 Ethernet @ public static addr1
|
<G4 Wireless>
|
Laptops
I *could* add the PC to the DSL router as well to get the effect I want, except for space considerations. The crux of the issue is can I make a machine on a local wireless network respond to requests to one or more static ips from the DSL network. The answer appears to be not with this gear.
DMOZ should have been DMZ - linksys will route to one 10.1.1.x address when directly addressed from wan side. I was hoping to make that the G4 via wireless but it appears the DMZ machine must be wired.
The reason to be wireless is I have a machine that isn't wireless that I can't physically locate at the DSL router - I want to move it across the house and have it routed over the wireless link between the G4 and linksys. I could put the G4 or Linksys on either end of this deal.
However, it seems that the only way to route over wireless is to use dynamic addressing as neither wireless router has any configuration available wrt addressing, despite the ability to set static addresses in the wireless clients (laptops).
My ideal is to do something like:
DSL-->LinkSys-<wireless>-G4 wireless-->G4 Ethernet-->PC
|
Laptops
where the G4 and the PC are visible from DSL on known static ips. This, is suspect entails adding some kind of static route/forward from wan to wireless in the linksys. But I don't see how to do that.
"I believe that many of the systems we build today in Java would be better built in Smalltalk and Gemstone."
-- Martin Fowler, JAOO 2003
|
Post #137,335
1/23/04 11:51:19 AM
|
Sorry to stalk, but. . .
I just now tested the DMZ host configuration on my BEFW11S4, and it does forward connections to my laptop on the wireless. I tested with port 22 (ssh). It does not work with port 80, but I think that's because my provider blocks inbound connections on port 80.
Maybe you should forget about the DMZ host and the built-in router/NAT in the BEFW11S4 for now. Can you get the Airport card in your G4 to talk to the Linksys?
One other thing: I cannot test it right now, but it looks like you can set the BEFW11S4 to operate as a router rather than a gateway on the "Dynamic Routing" tab in the configuration utility.
[link|ftp://ftp.linksys.com/pub/manuals/befw11s4_ug.pdf|ftp://ftp.linksys.co...s/befw11s4_ug.pdf]
|
Post #137,345
1/23/04 1:32:17 PM
|
I guess I don't understand the G4 Airport thing.
My ideal is to do something like:
DSL-->LinkSys-<wireless>-G4 wireless-->G4 Ethernet-->PC
|
Laptops
where the G4 and the PC are visible from DSL on known static ips. This, is suspect entails adding some kind of static route/forward from wan to wireless in the linksys. But I don't see how to do that. Not only would you need to route correctly on the Linksys, but then on the G4, as well--I think your PC and G4 wire would then have to be on a different subnet than the Linksys wireless-to-G4 wireless. What make/model is the "DSL gateway" (the first item in your diagram)?
|
Post #137,347
1/23/04 2:15:41 PM
8/21/07 6:36:04 AM
|
It doesn't matter
What I don't understand is how to put the Linksys between the DSL modem and the G4 and still reach the G4 over wireless via a static ip address. If I can do that, I can work out the rest. But I can't seem to figure out how to do that. The "enter a route" screen is totally cryptic and HTF do I pick a static wireless address for the G4 intelligently and get the linksys to route to it? The G4 is totally in client mode when I do this.
I have another issue as well now - for expediency I've added the PC to the DSL modem/router on a static ip address of its own. It crashes the DSL router after about one or two web requests. What is with these PC things?
I've turned off all windows services, just have tcpip configured with static ip address, router, dns mask same as G4's ethernet settings, sitting side by side (except ip address is one higher) and the DSL gadget (its an ActionTec something or other - all I know is it provides 4 ports and routes 5 static ip addresses).
Tips on making the PC network nice to the G4 - even in a peer to peer - would be nice. How do windows people live like this? They don't connect to anything reliably.
"I believe that many of the systems we build today in Java would be better built in Smalltalk and Gemstone."
-- Martin Fowler, JAOO 2003
|
Post #137,369
1/23/04 4:47:50 PM
|
I asked about the ActionTec because I wanted to see...
..is it running in bridged mode or routed mode? And lots of (e.g. Qwest) DSL gets you an ActionTec *wireless* DSL router. If you've got both of those, you shouldn't need the Linksys at all.
But if the ActionTec is bridged, then you're only going to get to use a single one of those IP's the DSL provider gave you, and everything inside will probably be NAT'ed, in which case you could route *ports* to the PC server, not an IP.
I was one of the original authors of VB, and *I* wouldn't use VB for a text
processing program. :-) Michael Geary, on comp.lang.python
|
Post #137,387
1/23/04 7:21:47 PM
8/21/07 6:36:43 AM
|
I think I've got something
We'll see how stabile it is.
The ActionTec is now running in routed mode to allow my 5 ip addresses past it. I set up its DHCP to dynamically serve 3 of the 5, and statically assigned the main one to the G4's Airport interface. I then put the linksys in the kitchen, turned off its DHCP, selected router mode, connected the uplink port of the lan side to one of the ports on the ActionTec. I now have the G4 with a static ip address reachable over a wireless link. My laptops are grabbing their ips from the DHCP pool (which I would prefer to be not reachable from outside...) over the same wireless network.
I have the PC and G4 talking over ethernet in their own little private idaho. Its a little annoying in that I can't seem to reach the internet from the PC directly and have to download stuff to the G4, then ftp it from the PC, but I'm planning to relegate the PC to just oracle server soon anyhow. So this is actually fine.
What's good - it works. What's not good - everything is hanging out there. I feel like I need a firewall in here or something. Realistically I only want to expose ssh, www, and scp to the world. I've got an old sonicwall soho kicking around here somewhere....
Can I fiddle the DHCP pool to serve addresses that are not routed outside? Aren't addresses in the 10.0.0.x range only routed locally? Something like that?
Networking is clearly a black art and too hard for the average bear. No wonder millions of PCs are hacked every day.
"I believe that many of the systems we build today in Java would be better built in Smalltalk and Gemstone."
-- Martin Fowler, JAOO 2003
|
Post #137,394
1/23/04 7:27:53 PM
|
Re: I think I've got something
Not a matter of routability, the 10. and 172.16. and 192.168. networks are forbidden from being routed by Internet trunk carriers. You can quite easily set up static routes for private networks.
RFC 1918: [link|http://www.faqs.org/rfcs/rfc1918.html|http://www.faqs.org/rfcs/rfc1918.html]
-drl
|
Post #137,406
1/23/04 8:17:18 PM
|
How about this:
Deactivate the DHCP server in the ActionTec.
Connect the WAN port on the Linksys to the ActionTec (with crossover cable if need be). Assign one of your real static IP addresses to the WAN interface (on the Setup page).
Configure the Linksys with a non-routable address on its "internal" interface in the "LAN IP Address" field on the Setup page.
Put the Linksys back into gateway mode. Activate its DHCP server and assign it a block of addresses to dispense on your non-routable subnet.
Connect the uplink port on the LAN side of your Linksys to the ActionTec (like it is now).
Keep your G4 configuration the same as it is now.
What this does is give you two different subnets on what is effectively a single ethernet segment. The static IP information on your G4 makes it participate in the subnet that your DSL provides. The DHCP addresses dispensed by the Linksys will put your laptops and other wireless machines on the non-routable subnet. If you want to put another machine on the internet, just configure it to be on the public subnet like you did with the G4.
I am guessing that your Oracle server does not have wireless. This configuration does not give your Oracle machine internet access.
|
Post #137,515
1/24/04 1:37:38 PM
8/21/07 6:39:19 AM
|
Bingo!
That was it - I'm able to use a local address on either the wireless or lan network for the DMZ host and only my DMZ host is visible to the world. I'll sleep better tonight.
Networking is very painful - this was - what - something like 4 half days of work to figure this out?
Its much slowed down by the fact that everytime you change some address you have to run around and re-init all the devices that used to talk to it - including the device (laptop) you were using to talk to it to change the config.
I expect that by mucking with the port forwarding I can get more machines on the net to do their various jobs.
Thanks again!
"I believe that many of the systems we build today in Java would be better built in Smalltalk and Gemstone."
-- Martin Fowler, JAOO 2003
|
