Hi all,


I'm currently in the process of rewiring up all my computers at home, to neaten up things... However I've come across an issue where I want to move which system is running my webserv etc at home.

I have made up a proposed diagram for my network here: http://www.gliffy.com/pubdoc/2398808/L.png which shows what my network will end up as.

However I have a few issues...

Will I need to masquerade the 192.168.2.0/24 clients, and will this cause any issues with the NAT on the main modem/router? I believe as long as I'm running the DMZ it shouldn't, however I'd like a second opinion

My other issue is, with my samba server, will clients on the 192.168.1.0/24 network be able to access shares off 192.168.2.0/24 ? - From my research it appears they can, if a wins server is setup. Has anyone done this and can confirm?


When I setup the DMZ will it effect the 192.168.1.0 clients at all? From what I can figure out the DMZ basically means ALL ports are forwarded to the DMZ host, unless there is an rule saying otherwise? Will UPnP still work?

Many thanks,

If you do NAT on your server for 192.168.2.0/24 then your wireless devices won't be able to access them. If you don't do NAT, then you need to add a route 192.168.2.0/24 via 192.168.1.1 for all your wireless devices, otherwise they will send the traffic to the wrong router.

I don't know about UPnP I'm afraid.

You need to be a bit careful actually. Assuming you want the samba services accessible from 192.168.1.0/24 then you'll need samba listening on 192.168.1.0/24, and if you were to put this machine in the DMZ and you didn't properly configure the firewall and/or tcp_wrappers then your samba server will be accessible from the internet.

I wouldn't assign your server to the DMZ. Just forward the specific ports you need for example HTTP, SMTP, for it.

[QUOTE=phil.d.g;4207969]If you do NAT on your server for 192.168.2.0/24 then your wireless devices won't be able to access them. If you don't do NAT, then you need to add a route 192.168.2.0/24 via 192.168.1.1 for all your wireless devices, otherwise they will send the traffic to the wrong router.[QUOTE]
A nicer way would be to add a route to 192.168.2.0/24 in the modem/router instead of having to configure all devices on the 192.168.1.0/24 network.

You can also try using a routing protocol like RIP : http://en.wikipedia.org/wiki/Routing...ation_Protocol
This will be more 'research' and work if you have never done this but might be nice to know how it works (never used this under linux but it's on my todo list, only used it on cisco router and other hardware firewalls)

From your responses.... I'm going to have fun

Adding the routes to all the devices is lame (and some can't have routes added, they are xboxes, etc) however I dont think the current firmware on the MAIN router will let me either.


How about if I moved DHCPd onto my "server" as well, and maybe a DNS Server too, would this help it resolving the routes?

No. The problem is that your gateway router doesn't know where to send traffic in the 192.168.2.0/24 range. Its not in its routing table so it will try to go out the default gateway out to the internet (where obviously it will fail).

You need to set a static route on your gateway which directs 192.168.2.0/24 traffic to your server box. A routing protocol as brought up above just automates this process.
You can run NAT on your server as an alternative so that your server and the 192.168.2.0/24 network is treated as one device.

Putting a static route in the gateway router for 192.168.2.0/24 would be the easiest way. I just looked at the manual for a DLink G604T and you can do it with that, however it's a bit hit and miss how much consumer grade routers will let you configure.

You could put a wireless card in your server and set it up as an access point. Your server will then route between the wireless and wired networks and do NAT on both for the internet side. Additionally you will be able to lock the internet side of the server down more.

However there doesn't seem to be much out there for setting up a Linux router with UPnP

http://linux-igd.sourceforge.net/

The UPnP I could get over if I had to....

As for running as a AP, its something I've concidered but will need a card to support it, as my current one didn't when I tried about a year ago (RT61/RT2561).

I'm having some strange issues with the network at the moment, simply everything connected normally via wifi, yet nothing is seeing one of the machines on the wifi randomly. Will need to fix that before I carry on

If the lack of UPNP isn't a problem I think that switching to a single router (like using a linux box) would be the best solution.

For the wireless network you could still use a simple NIC in you box connected to a access point. This might also give you some advantages like being able to connect a wired device if needed (can be handy for testing your router settings) and if ever want to change the wireless (future speed or standard upgrades) you only have to put a new AP and avoid finding a compatible wireless adapter for your linux box.