LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-06-2012, 07:22 AM   #1
Corsari
Member
 
Registered: Oct 2004
Posts: 46

Rep: Reputation: 15
Question ADSL WIFI ROUTER, SETTING DIFERENT IP RANGES BETWEEN WIRED and WIFI


Hi to all the members

I'm loosing myself in a glass of water :-)

So thank you for any support.

I have got one ADSL router with WIFI capability.

Quote:
The requirement is this: WIFI users should only have access to the internet connection, while should not "see" the wired computers at all.
At the moment, I can only take advantage of the password protection (there are windows PCs in the wired network) on the workstations.

In my mind it comes that the solution should be something like: WIFI guests should get one DHCP address that is on one IP range different than the wired one.
To achieve this, if needed, I can set fixed IPs on the wired workstations (they are not so many).

But next I'm wondering about, which could be the smartest setup? because I suppose, the router IP must be in the wired IP range.

Could the router IP be something like 192.168.1.1 and its DHCP server, being 192.168.0.100 to .0.200 ?
But next? How it would be achieved to allow WiFi guests to browse the internet? Setting something up in the router's NAT or ROUTING?
Or is it needed to (maybe) setup one linux VM on the server (there is one VirtualBox running) and use it for this need?

Thank you for any hint, I'm not so strong with these setups and this confuses me a bit.

Cor.

Last edited by Corsari; 12-06-2012 at 07:24 AM.
 
Old 12-07-2012, 01:28 AM   #2
Uaebuntu
Member
 
Registered: Feb 2011
Location: Dubai
Distribution: Unbuntu 14.04
Posts: 44

Rep: Reputation: 0
Subnets and masks

Depends on your router.

I can configure the DCHP wirless addresses to be greater than .200 and the hardwired to be .100 and below (or the other way round)as part of my router settings, so I also reserve some for static IPs on printers and NAS between .100 and .199 this overlapping of ranges would allow you to have separate and shared access on submets

I think you need to understand subnets and masks a bit better, I suggest

www.bradreese.com/how-to-subnet-a-network.pdf

as a good introduction and see if you can set up such a scheme on your router and then use masks on your devices to provide access. It's a bit difficult to help more with more info (type of router, number of wireless and wired devices etc)
 
Old 12-07-2012, 01:51 AM   #3
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Your router may have a couple features that will help. 1) wireless connections are isolated. 2) Have two APs. One for the LAN, another for guests.
 
Old 12-08-2012, 08:23 AM   #4
Corsari
Member
 
Registered: Oct 2004
Posts: 46

Original Poster
Rep: Reputation: 15
@ Uaebuntu and jschiwal

thank you for your kind replies

unfortunately, I can find only the Italian version of this router' user guide.

There are the available settings.

The best I can figure out, should be to setup the DHCP to serve let's say, the addresses from .100 to .150 and next, to setup the routing or the NAT (sorry, here I'm not so strong), to allow those 50 IPs, the internet access only.

What is your opinion?

As said above the issue is that WiFi clients are /will be ONLY considered foreign guests, so they should be able to browse the internet only, while they should be DENIED to browse the LANs (intranet) resources.

Thank you


EDITED: sorry, seen right now on the F.M. (R.T.F.M :-) ). This router (see the user guide, PDF page 50, chapter 4.4.5) allows to setup VLANs: could this feature being the solution?

Last edited by Corsari; 12-08-2012 at 08:35 AM.
 
Old 12-08-2012, 11:38 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,369
Blog Entries: 54

Rep: Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870
Quote:
Originally Posted by Corsari View Post
This router (...) allows to setup VLANs: could this feature being the solution?
Yes.
 
Old 12-09-2012, 07:48 AM   #6
Corsari
Member
 
Registered: Oct 2004
Posts: 46

Original Poster
Rep: Reputation: 15
cool... but how?

I see on the manual (sorry at the moment that router is up and running installed in another location, so I will be able to do some tests only the next week) that I can assign the 4 RJ45 ports to VLAN 1 and i.e. the WiFi "NIC" to VLAN 2.

But next?

Do you suppose that the router will manage to allow the internet access to WiFi clients without allowing "them" to browse the RJ45 resources? Or is it supposed to have a second element, i.e. one soho firewall box to place between the adsl router and that office hub/switch?

Thank you for any suggestion and for your kind replies

Cor
 
Old 12-09-2012, 08:21 AM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,369
Blog Entries: 54

Rep: Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870
Quote:
Originally Posted by Corsari View Post
I see on the manual (..) that I can assign the 4 RJ45 ports to VLAN 1 and i.e. the WiFi "NIC" to VLAN 2.
Reading may help understanding what it is and how it works: Network virtualization -> Virtual LAN -> Tagging.


Quote:
Originally Posted by Corsari View Post
Do you suppose that the router will manage to allow the internet access to WiFi clients without allowing "them" to browse the RJ45 resources?
After reading (and maybe search for "Linux VLAN HOWTO" to get a feel for how you would do things manually) you should conclude your router takes care of all things VLAN for you w/o the need for any extra hardware.

*BTW have a look at this vulnerability that recently surfaced. While this shouldn't scare you (yours isn't the TP-Link TL-WR841N after all) it should serve as a warning that you should secure the device as much as possible (no management access from outside the LAN, no default passwords, strongest wireless encryption possible, guard against connecting unauthorized devices or isolate them in a different VLAN) and remain vigilant. For example if the device comes with remote syslog capabilities then you could send them to your server and parse logs there for anomalies.
 
1 members found this post helpful.
Old 12-10-2012, 07:46 AM   #8
Corsari
Member
 
Registered: Oct 2004
Posts: 46

Original Poster
Rep: Reputation: 15
Dear unSpawn, thank you so much for your answers and hints.

It will be interesting to test this and how it works; this issue also allowed me to dive a bit in the VLANs argument, though and so thank you for your links too.

To make the things a bit tricky I would ask you the last curiosity:
let's say that one day in the future would araise the need to allow some LAN/Office users/employees to connect their notebooks to the LAN in WiFi mode. If it will happen, at that point, I suppose some extra device/s will be needed, isn't it? Basically for the fact that two different WiFi accesses were needed, or not?

Thank you

Cor
 
Old 12-10-2012, 08:16 AM   #9
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,369
Blog Entries: 54

Rep: Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870
Depends. Modern Wireless routers often allow for several, separate wireless networks. Search for "Multiple SSIDs Settings".
 
Old 12-12-2012, 02:37 AM   #10
Corsari
Member
 
Registered: Oct 2004
Posts: 46

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by unSpawn View Post
... Search for "Multiple SSIDs Settings".
Hi unSpawn! Unfortunately, according with the manual, this model has got only one SSID.

Anyway, I'd like to better understand what you mean, as example, what about VLANs? Do you mean that certain routers, providing multiple SSIDs are also providing VLANs for SSIDs? Or what?

Thank you for your hints

Cor
 
Old 12-12-2012, 06:09 AM   #11
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,369
Blog Entries: 54

Rep: Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870
Quote:
Originally Posted by Corsari View Post
Unfortunately, according with the manual, this model has got only one SSID.
OK, so be it.


Quote:
Originally Posted by Corsari View Post
I'd like to better understand what you mean, as example, what about VLANs?
Did you search the 'net for like "Linux VLAN HOWTO" or "Linux 802.1q tagging"?


Quote:
Originally Posted by Corsari View Post
Do you mean that certain routers, providing multiple SSIDs are also providing VLANs for SSIDs?
A Wireless router will provide one SSID. It may allow you to configure multiple SSIDs, a wired-only "port-based" VLAN or wired-only, separate wired and wireless or hybrid "virtual port" VLANs. It depends on the routers feature set (or if it runs Linux: if you're able to configure it anyway). And if a router doesn't provide all the features you want then additional hardware may help. For example you could have your access point just forward traffic to another machine which takes care of authentication, DHCP and routing.
 
Old 12-12-2012, 08:14 AM   #12
Corsari
Member
 
Registered: Oct 2004
Posts: 46

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by unSpawn View Post
...or if it runs Linux: if you're able to configure it anyway...
I've read that some routers allow to load an "open" linux firmware.

Do you have some links?

Thank you so much for all the infos.
 
Old 12-12-2012, 08:27 AM   #13
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,369
Blog Entries: 54

Rep: Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870
It's time you start searching the 'net: http://www.dd-wrt.com/wiki/index.php...evices#TP-Link and http://www.techinfodepot.info/index....TD-W8961ND_2.0 Note the latter concerns a V2 but it gives you firmware names to search for.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting up a home network wifi-ap/proxy/router etc cjreyn Linux - Networking 1 01-16-2011 10:49 AM
dual wifi and wired connection: how to make a specific website use only wifi? shinji2001xyz Linux - Networking 2 04-08-2010 10:13 AM
can't access public wifi BUT wifi works on my router at home rob.rice Linux - Networking 4 05-15-2009 01:59 AM
Forwarding wifi connectivity from one router through a single-card Wifi computer CJ Chitwood Linux - Networking 3 11-01-2008 08:56 PM
The mac addres of the access point of integrated adsl wifi router cavazziniangelo Linux - Wireless Networking 1 11-01-2007 06:45 AM


All times are GMT -5. The time now is 01:58 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration