ADSL WIFI ROUTER, SETTING DIFERENT IP RANGES BETWEEN WIRED and WIFI
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
ADSL WIFI ROUTER, SETTING DIFERENT IP RANGES BETWEEN WIRED and WIFI
Hi to all the members
I'm loosing myself in a glass of water :-)
So thank you for any support.
I have got one ADSL router with WIFI capability.
Quote:
The requirement is this: WIFI users should only have access to the internet connection, while should not "see" the wired computers at all.
At the moment, I can only take advantage of the password protection (there are windows PCs in the wired network) on the workstations.
In my mind it comes that the solution should be something like: WIFI guests should get one DHCP address that is on one IP range different than the wired one.
To achieve this, if needed, I can set fixed IPs on the wired workstations (they are not so many).
But next I'm wondering about, which could be the smartest setup? because I suppose, the router IP must be in the wired IP range.
Could the router IP be something like 192.168.1.1 and its DHCP server, being 192.168.0.100 to .0.200 ?
But next? How it would be achieved to allow WiFi guests to browse the internet? Setting something up in the router's NAT or ROUTING?
Or is it needed to (maybe) setup one linux VM on the server (there is one VirtualBox running) and use it for this need?
Thank you for any hint, I'm not so strong with these setups and this confuses me a bit.
I can configure the DCHP wirless addresses to be greater than .200 and the hardwired to be .100 and below (or the other way round)as part of my router settings, so I also reserve some for static IPs on printers and NAS between .100 and .199 this overlapping of ranges would allow you to have separate and shared access on submets
I think you need to understand subnets and masks a bit better, I suggest
as a good introduction and see if you can set up such a scheme on your router and then use masks on your devices to provide access. It's a bit difficult to help more with more info (type of router, number of wireless and wired devices etc)
The best I can figure out, should be to setup the DHCP to serve let's say, the addresses from .100 to .150 and next, to setup the routing or the NAT (sorry, here I'm not so strong), to allow those 50 IPs, the internet access only.
What is your opinion?
As said above the issue is that WiFi clients are /will be ONLY considered foreign guests, so they should be able to browse the internet only, while they should be DENIED to browse the LANs (intranet) resources.
Thank you
EDITED: sorry, seen right now on the F.M. (R.T.F.M :-) ). This router (see the user guide, PDF page 50, chapter 4.4.5) allows to setup VLANs: could this feature being the solution?
I see on the manual (sorry at the moment that router is up and running installed in another location, so I will be able to do some tests only the next week) that I can assign the 4 RJ45 ports to VLAN 1 and i.e. the WiFi "NIC" to VLAN 2.
But next?
Do you suppose that the router will manage to allow the internet access to WiFi clients without allowing "them" to browse the RJ45 resources? Or is it supposed to have a second element, i.e. one soho firewall box to place between the adsl router and that office hub/switch?
Thank you for any suggestion and for your kind replies
Do you suppose that the router will manage to allow the internet access to WiFi clients without allowing "them" to browse the RJ45 resources?
After reading (and maybe search for "Linux VLAN HOWTO" to get a feel for how you would do things manually) you should conclude your router takes care of all things VLAN for you w/o the need for any extra hardware.
*BTW have a look at this vulnerability that recently surfaced. While this shouldn't scare you (yours isn't the TP-Link TL-WR841N after all) it should serve as a warning that you should secure the device as much as possible (no management access from outside the LAN, no default passwords, strongest wireless encryption possible, guard against connecting unauthorized devices or isolate them in a different VLAN) and remain vigilant. For example if the device comes with remote syslog capabilities then you could send them to your server and parse logs there for anomalies.
Dear unSpawn, thank you so much for your answers and hints.
It will be interesting to test this and how it works; this issue also allowed me to dive a bit in the VLANs argument, though and so thank you for your links too.
To make the things a bit tricky I would ask you the last curiosity:
let's say that one day in the future would araise the need to allow some LAN/Office users/employees to connect their notebooks to the LAN in WiFi mode. If it will happen, at that point, I suppose some extra device/s will be needed, isn't it? Basically for the fact that two different WiFi accesses were needed, or not?
Hi unSpawn! Unfortunately, according with the manual, this model has got only one SSID.
Anyway, I'd like to better understand what you mean, as example, what about VLANs? Do you mean that certain routers, providing multiple SSIDs are also providing VLANs for SSIDs? Or what?
Unfortunately, according with the manual, this model has got only one SSID.
OK, so be it.
Quote:
Originally Posted by Corsari
I'd like to better understand what you mean, as example, what about VLANs?
Did you search the 'net for like "Linux VLAN HOWTO" or "Linux 802.1q tagging"?
Quote:
Originally Posted by Corsari
Do you mean that certain routers, providing multiple SSIDs are also providing VLANs for SSIDs?
A Wireless router will provide one SSID. It may allow you to configure multiple SSIDs, a wired-only "port-based" VLAN or wired-only, separate wired and wireless or hybrid "virtual port" VLANs. It depends on the routers feature set (or if it runs Linux: if you're able to configure it anyway). And if a router doesn't provide all the features you want then additional hardware may help. For example you could have your access point just forward traffic to another machine which takes care of authentication, DHCP and routing.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.