Post #137,036
1/22/04 3:41:12 AM
|
Re: Sort of - more questions
Sorry about my bad assumptions.
You are right about the BEFW11S4 except for a minor technicality: The 4-port switch and the wireless are bridged. The WAN port is on the "other side" of its internal router.
I have one, and it never occurred to me to try to use it as a real router. So far as I can tell from the config screens, it does not work as one. That is, it only does NAT. I cannot seem to locate the CD with the documentation on it at the moment.
Of course, if you plugged your DSL connection into the LAN side of the BEFW11S4, it would essentially provide you with direct internet access on your wireless (that is, you would need to use the assigned IP addresses for any machines connecting on either the internal switch or the 802.11b).
The BEFW11S4 allows you to do inbound forwarding for a single host or to designate a host as a "DMZ" host (all incoming connections are forwarded to this host).
So far as the bandwidth goes, I wouldn't sweat it. I would bet that even the slowest wireless data rate on your wireless will be much higher than what your DSL gives you.
For security's sake, I would look into using the NAT on the router, running all your boxes on a private subnet, and exposing your services using either inbound forwarding port by port or by establishing a DMZ host (both options are under "Advanced" configuration). If your services are web and are running on different boxes, then you could use Apache mod_proxy in a reverse proxy configuration to provide a single view of all your web areas. Of course, if you're running other stuff, then pardon my assumption :-)
|
Post #137,220
1/22/04 9:35:42 PM
8/21/07 6:32:06 AM
|
Still not there yet
I did this:
DSL Router->WAN LinkSys->..<wireless>..G4
I gave the LinkSys one of my public static ip addresses (I only really need one just now anyhow) on the WAN. The linksys lives at address 192.168.1.1 on the lan.
So on the G4 I set 192.168.1.1 as the router, gave it static wireless address 192.168.1.2, and entered that as the DMOZ machine address in the linksys. I set linksys to be DHCP server and to start serving addresses at 192.168.1.4.
This doesn't work at all. :-(
It seems that the wireless and the lan networks on the linksys are different networks. I have no idea what address the linksys lives at on the wireless side - the software doesn't seem to address configuration of wireless side of network. I note that when connecting to linksys via wireless it typically vends 169.254.186.116 mask 255.255.0.0 to the first machine to connect. OTOH, the lan side show config of 192.168.1.1 mask 255.255.255.0.
The theory was that the linksys would forward requests to its wan address to the G4 living accessible via the wireless network. But I'm not sure what to put in for DNS, Router, IP, Mask in the G4's wireless config to make this happen.
:-/
"I believe that many of the systems we build today in Java would be better built in Smalltalk and Gemstone."
-- Martin Fowler, JAOO 2003
|
Post #137,227
1/22/04 10:09:31 PM
|
Do you have tcpdump/Ethereal?
...to help track down what stage is failing. By "DMOZ" do you mean "DeMilitarizedZone"? If have multiple static IP's provided by your DSL, why run the G4 through the Linksys at all? Just to "be wireless"? Here's what I'd do if I were you--feel free to say "no thanks": \n ISP\n | 66.xxx.xxx.17\n |\nDSL Modem\n |\n |\nA hub (NOT a router)----> G4 @ 66.xxx.xxx.18\n |\n | 66.xxx.xxx.19\n WAN\n Linksys\n LAN\n | 192.168.1.1\n |\n +----> Wired desktops, all DHCP (192.168.1.x)\n :\n :\n :......Wireless clients, all DHCP (192.168.1.x) The important bit is the hub. See how the ISP gateway, your G4 server, and the Linksys WAN port are all on the same subnet? Boxes like the Linksys will let you connect those three on its LAN side, but it won't route packets correctly--it expects the default gateway for all clients to be its own WAN port. So get a hub that doesn't route at all.
I was one of the original authors of VB, and *I* wouldn't use VB for a text processing program. :-) Michael Geary, on comp.lang.python
|
Post #137,329
1/23/04 10:59:03 AM
8/21/07 6:35:29 AM
|
I'm beginning to think this isn't possible
Right now what works is
DSL-->G4 Ethernet @ public static addr1 | <G4 Wireless> | Laptops
I *could* add the PC to the DSL router as well to get the effect I want, except for space considerations. The crux of the issue is can I make a machine on a local wireless network respond to requests to one or more static ips from the DSL network. The answer appears to be not with this gear.
DMOZ should have been DMZ - linksys will route to one 10.1.1.x address when directly addressed from wan side. I was hoping to make that the G4 via wireless but it appears the DMZ machine must be wired.
The reason to be wireless is I have a machine that isn't wireless that I can't physically locate at the DSL router - I want to move it across the house and have it routed over the wireless link between the G4 and linksys. I could put the G4 or Linksys on either end of this deal.
However, it seems that the only way to route over wireless is to use dynamic addressing as neither wireless router has any configuration available wrt addressing, despite the ability to set static addresses in the wireless clients (laptops).
My ideal is to do something like:
DSL-->LinkSys-<wireless>-G4 wireless-->G4 Ethernet-->PC | Laptops
where the G4 and the PC are visible from DSL on known static ips. This, is suspect entails adding some kind of static route/forward from wan to wireless in the linksys. But I don't see how to do that.
"I believe that many of the systems we build today in Java would be better built in Smalltalk and Gemstone."
-- Martin Fowler, JAOO 2003
|
Post #137,335
1/23/04 11:51:19 AM
|
Sorry to stalk, but. . .
I just now tested the DMZ host configuration on my BEFW11S4, and it does forward connections to my laptop on the wireless. I tested with port 22 (ssh). It does not work with port 80, but I think that's because my provider blocks inbound connections on port 80.
Maybe you should forget about the DMZ host and the built-in router/NAT in the BEFW11S4 for now. Can you get the Airport card in your G4 to talk to the Linksys?
One other thing: I cannot test it right now, but it looks like you can set the BEFW11S4 to operate as a router rather than a gateway on the "Dynamic Routing" tab in the configuration utility.
[link|ftp://ftp.linksys.com/pub/manuals/befw11s4_ug.pdf|ftp://ftp.linksys.co...s/befw11s4_ug.pdf]
|
Post #137,345
1/23/04 1:32:17 PM
|
I guess I don't understand the G4 Airport thing.
My ideal is to do something like:
DSL-->LinkSys-<wireless>-G4 wireless-->G4 Ethernet-->PC | Laptops
where the G4 and the PC are visible from DSL on known static ips. This, is suspect entails adding some kind of static route/forward from wan to wireless in the linksys. But I don't see how to do that. Not only would you need to route correctly on the Linksys, but then on the G4, as well--I think your PC and G4 wire would then have to be on a different subnet than the Linksys wireless-to-G4 wireless. What make/model is the "DSL gateway" (the first item in your diagram)?
|
Post #137,347
1/23/04 2:15:41 PM
8/21/07 6:36:04 AM
|
It doesn't matter
What I don't understand is how to put the Linksys between the DSL modem and the G4 and still reach the G4 over wireless via a static ip address. If I can do that, I can work out the rest. But I can't seem to figure out how to do that. The "enter a route" screen is totally cryptic and HTF do I pick a static wireless address for the G4 intelligently and get the linksys to route to it? The G4 is totally in client mode when I do this.
I have another issue as well now - for expediency I've added the PC to the DSL modem/router on a static ip address of its own. It crashes the DSL router after about one or two web requests. What is with these PC things?
I've turned off all windows services, just have tcpip configured with static ip address, router, dns mask same as G4's ethernet settings, sitting side by side (except ip address is one higher) and the DSL gadget (its an ActionTec something or other - all I know is it provides 4 ports and routes 5 static ip addresses).
Tips on making the PC network nice to the G4 - even in a peer to peer - would be nice. How do windows people live like this? They don't connect to anything reliably.
"I believe that many of the systems we build today in Java would be better built in Smalltalk and Gemstone."
-- Martin Fowler, JAOO 2003
|
Post #137,369
1/23/04 4:47:50 PM
|
I asked about the ActionTec because I wanted to see...
..is it running in bridged mode or routed mode? And lots of (e.g. Qwest) DSL gets you an ActionTec *wireless* DSL router. If you've got both of those, you shouldn't need the Linksys at all.
But if the ActionTec is bridged, then you're only going to get to use a single one of those IP's the DSL provider gave you, and everything inside will probably be NAT'ed, in which case you could route *ports* to the PC server, not an IP.
I was one of the original authors of VB, and *I* wouldn't use VB for a text processing program. :-) Michael Geary, on comp.lang.python
|
Post #137,387
1/23/04 7:21:47 PM
8/21/07 6:36:43 AM
|
I think I've got something
We'll see how stabile it is.
The ActionTec is now running in routed mode to allow my 5 ip addresses past it. I set up its DHCP to dynamically serve 3 of the 5, and statically assigned the main one to the G4's Airport interface. I then put the linksys in the kitchen, turned off its DHCP, selected router mode, connected the uplink port of the lan side to one of the ports on the ActionTec. I now have the G4 with a static ip address reachable over a wireless link. My laptops are grabbing their ips from the DHCP pool (which I would prefer to be not reachable from outside...) over the same wireless network.
I have the PC and G4 talking over ethernet in their own little private idaho. Its a little annoying in that I can't seem to reach the internet from the PC directly and have to download stuff to the G4, then ftp it from the PC, but I'm planning to relegate the PC to just oracle server soon anyhow. So this is actually fine.
What's good - it works. What's not good - everything is hanging out there. I feel like I need a firewall in here or something. Realistically I only want to expose ssh, www, and scp to the world. I've got an old sonicwall soho kicking around here somewhere....
Can I fiddle the DHCP pool to serve addresses that are not routed outside? Aren't addresses in the 10.0.0.x range only routed locally? Something like that?
Networking is clearly a black art and too hard for the average bear. No wonder millions of PCs are hacked every day.
"I believe that many of the systems we build today in Java would be better built in Smalltalk and Gemstone."
-- Martin Fowler, JAOO 2003
|
Post #137,394
1/23/04 7:27:53 PM
|
Re: I think I've got something
Not a matter of routability, the 10. and 172.16. and 192.168. networks are forbidden from being routed by Internet trunk carriers. You can quite easily set up static routes for private networks.
RFC 1918: [link|http://www.faqs.org/rfcs/rfc1918.html|http://www.faqs.org/rfcs/rfc1918.html]
-drl
|
Post #137,406
1/23/04 8:17:18 PM
|
How about this:
Deactivate the DHCP server in the ActionTec.
Connect the WAN port on the Linksys to the ActionTec (with crossover cable if need be). Assign one of your real static IP addresses to the WAN interface (on the Setup page).
Configure the Linksys with a non-routable address on its "internal" interface in the "LAN IP Address" field on the Setup page.
Put the Linksys back into gateway mode. Activate its DHCP server and assign it a block of addresses to dispense on your non-routable subnet.
Connect the uplink port on the LAN side of your Linksys to the ActionTec (like it is now).
Keep your G4 configuration the same as it is now.
What this does is give you two different subnets on what is effectively a single ethernet segment. The static IP information on your G4 makes it participate in the subnet that your DSL provides. The DHCP addresses dispensed by the Linksys will put your laptops and other wireless machines on the non-routable subnet. If you want to put another machine on the internet, just configure it to be on the public subnet like you did with the G4.
I am guessing that your Oracle server does not have wireless. This configuration does not give your Oracle machine internet access.
|
Post #137,515
1/24/04 1:37:38 PM
8/21/07 6:39:19 AM
|
Bingo!
That was it - I'm able to use a local address on either the wireless or lan network for the DMZ host and only my DMZ host is visible to the world. I'll sleep better tonight.
Networking is very painful - this was - what - something like 4 half days of work to figure this out?
Its much slowed down by the fact that everytime you change some address you have to run around and re-init all the devices that used to talk to it - including the device (laptop) you were using to talk to it to change the config.
I expect that by mucking with the port forwarding I can get more machines on the net to do their various jobs.
Thanks again!
"I believe that many of the systems we build today in Java would be better built in Smalltalk and Gemstone."
-- Martin Fowler, JAOO 2003
|
Post #137,250
1/22/04 11:57:54 PM
|
Re: Still not there yet
Your "theory" matches my reality. I have a BEFW11S4, and the LAN and wireless are bridged. My BEFW11S4 has an address of 192.168.0.2. I have a FreeBSD box at 192.168.0.1 on the LAN side which serves DHCP in the 192.168.0.40-192.168.0.70 range. One machine, with a lease, is connected on the LAN side. The other machines are a mix of laptops and my wife's work-issued WinCE handheld. All of these machines are on the same subnet (whether on LAN or wireless) and see 192.168.0.2 (the BEFW11S4) without a problem.
Would it be possible to power-down your G4 and see if you can get another machine to associate with your BEFW11S4? I haven't a clue what you were using on your G4 to provide access to the other wireless machines, but I suspect that whatever it is is causing the weirdness. Perhaps it's serving DHCP?
Also, if you're using Windows and you get the 169.254.x.x address again, please try a release/renew cycle. In my [limited] experience, Windows will try to continue to use the last address it was issued if it cannot get a new one via DHCP at startup.
I think your first step would be to make sure that your wireless clients are associating with the 802.11b net that your BEFW11S4 is providing. The wireless card status monitors on your clients should tell you what ESSID they are associated with.
BTW, the answers to your questions about the G4 config should be:
IP: 192.168.1.2 Router: 192.168.1.1 DNS: 192.168.1.1 Netmask: 255.255.255.0
If it's connecting to the BEFW11S4's wireless net, then you should be able to ping 192.168.1.1.
Also, have you looked at the LEDs on the far left of the BEFW11S4? They indicate wireless activity.
|