Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
10-20-2006, 12:07 PM
|
#1
|
Member
Registered: Dec 2005
Location: Montana
Distribution: Debian "squeeze"
Posts: 157
Rep:
|
Routing between two subnets
Hi -
I've been pulling my hair out for the past two evenings trying to get packets to go between two subnets.
This is what I have:
D-Link DI-624 Router
- WAN PORT connected to internet
- LAN = 192.168.0.1
Linksys WRT54G Router
NOTE: Wireless disabled
NOTE: Set as Router instead of Gateway
- LAN = 192.168.0.4
- WAN PORT = 192.168.2.4
SMC Hotspot unit (CABLE/DSL Router)
- LAN = 192.168.2.1
The D-Link is connected to the Linksys via the LAN ports
The Linksys then connects to the SMC's LAN ports via it's WAN port
I have a PRIVATE WLAN/LAN on the D-Link and when my hotspot goes live I want my customers to use the PUBLIC WLAN/LAN on the SMC. The Linksys will act as a firewall between the two subnets, only allowing the SMC users access to the internet and to two laserjet printers which reside in the PRIVATE LAN.
Am I on the right track with this setup or am I lost?
Any help appreciated!
Thanks,
Scott
|
|
|
10-20-2006, 12:41 PM
|
#2
|
Member
Registered: Sep 2006
Location: Dayton, Ohio
Distribution: Slackware 12, Fedora Core, PCLinuxOS
Posts: 194
Rep:
|
From what I read, it sounds like you're on the right track. Just make sure that the WRT54G's default gateway is 192.168.0.1 and that the D-Link has 192.168.2.0 via 192.168.0.4 in its routing table.
Also, make sure that devices that will be on the 192.168.2.0 network have 192.168.2.4 as the default gateway, whether its by DHCP or static.
As far as restricting access from behind the WRT54G, are you going to use custom firmware or the default Linksys firmware? The dafault should be fine as long as the restricted machines are on the WAN port side, and you should be able to do this using port forwarding or port triggering. Custom firmware gives you some more options, but shouldn't be necessary in the configuration you described.
Last edited by alienux; 10-20-2006 at 12:43 PM.
|
|
|
10-20-2006, 01:17 PM
|
#3
|
Member
Registered: Dec 2005
Location: Montana
Distribution: Debian "squeeze"
Posts: 157
Original Poster
Rep:
|
Alienux -
Thanks for the quick reply.
Quote:
From what I read, it sounds like you're on the right track. Just make sure that the WRT54G's default gateway is 192.168.0.1
|
The WRT54G's default gateway can not be set manually. On the WAN port it can. The WAN port is statically set as 192.168.2.4 and the gw is set to 192.168.2.1 (The SMC address)
Quote:
...and that the D-Link has 192.168.2.0 via 192.168.0.4 in its routing table.
|
The D-Link DI-624 has no accessible routing table like the Linksys does.
Quote:
are you going to use custom firmware or the default Linksys firmware?
|
I'm using the factory firmware on all my devices.
Scott
|
|
|
10-20-2006, 01:43 PM
|
#4
|
Member
Registered: Sep 2006
Location: Dayton, Ohio
Distribution: Slackware 12, Fedora Core, PCLinuxOS
Posts: 194
Rep:
|
Quote:
Originally Posted by ScottReed
The WRT54G's default gateway can not be set manually. On the WAN port it can. The WAN port is statically set as 192.168.2.4 and the gw is set to 192.168.2.1 (The SMC address)
|
Ahh, that's right. I have a WRT54G and should have caught that. The only way to get traffic to the internet is for the WRT54G to have the D-Link as its gateway. You'd have to reverse the cabling. If the gw is 192.168.2.1, it will send all requests to the SMC, which doesn't sound like it has any further route. Reversing the cabling would defeat the security that you want to set up b/c the WRT54G doesn't block "outgoing" traffic, only incoming. There are some basic outgoing restricion options available, but they're mostly for blocking Internet access by URL, keyword, or service.
Quote:
The D-Link DI-624 has no accessible routing table like the Linksys does.
|
This will be a problem no matter how you set the Linksys device. Even if you get the 192.168.2.0 network routing to the D-Link, the D-link will need to know the route back to that network for return traffic.
Last edited by alienux; 10-20-2006 at 01:48 PM.
|
|
|
10-20-2006, 02:03 PM
|
#5
|
LQ Newbie
Registered: Sep 2006
Posts: 5
Rep:
|
I could use RIP version 1 or 2 on each device, so I don't need to input statice routing list if there is no manual input. As my knowledge, the topology you are setting up should have no problem. Hope things going well.
Regards,
- Eric
|
|
|
10-20-2006, 02:12 PM
|
#6
|
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,982
|
I was sitting here trying to visualize what you're setting up and my fingers were itching to draw a picture. When figuring out a networking setup, I find it absolutely essential to grab a legal-pad and a number-two pencil and draw what I'm trying to set up.
Setting up a subnet is a tricky exercise of figuring out how the various routing-tables go. But you can be sitting at any one of those routers and feel like you're caught up in an endless hell of "I change this, to fix that, and now such-and-so is broken."
When you finally do get it all worked out, make a nice-looking diagram and file several copies away. Make a small version of it, including the routing instructions for each router, and print it on removable label-stock, preferably an off-color. Attach the label to each device, and lightly tape the edges. Also, put a revision-number and date on each label. Even for your own, home network, this information can save hours. And, of course, many precious hair-follicles.
|
|
|
10-20-2006, 03:04 PM
|
#7
|
Member
Registered: Sep 2006
Location: Dayton, Ohio
Distribution: Slackware 12, Fedora Core, PCLinuxOS
Posts: 194
Rep:
|
Quote:
Originally Posted by sundialsvcs
I was sitting here trying to visualize what you're setting up and my fingers were itching to draw a picture. When figuring out a networking setup, I find it absolutely essential to grab a legal-pad and a number-two pencil and draw what I'm trying to set up.
|
That's exactly what I wanted to do when I first read Scott's post. I actually opened Visio on my XP box and started to create a basic drawing, then got distracted by one of my kids and forgot about it before posting my reply
|
|
|
10-20-2006, 03:19 PM
|
#8
|
Member
Registered: Dec 2005
Location: Montana
Distribution: Debian "squeeze"
Posts: 157
Original Poster
Rep:
|
I'm still having trouble with this setup
I sat down last night for two hours and drew up the network on paper. I honestly thought I had it baked, but obviouslly not.
All I want to do is allow 192.168.2.0 access to 192.168.0.0 and vice-versa. The internet connection exists on the D-Link in 192.168.0.0 and the SMC Hotspot box resides in 192.168.2.0
I think I need a real router...
Scott
|
|
|
10-20-2006, 03:40 PM
|
#9
|
Member
Registered: Sep 2006
Location: Dayton, Ohio
Distribution: Slackware 12, Fedora Core, PCLinuxOS
Posts: 194
Rep:
|
Quote:
Originally Posted by ScottReed
I'm still having trouble with this setup
I sat down last night for two hours and drew up the network on paper. I honestly thought I had it baked, but obviouslly not.
All I want to do is allow 192.168.2.0 access to 192.168.0.0 and vice-versa. The internet connection exists on the D-Link in 192.168.0.0 and the SMC Hotspot box resides in 192.168.2.0
I think I need a real router...
Scott
|
Is there any reason you can't switch the positions of the D-Link and the Linsys devices? That may work since the Linksys does do static routing, and the D-Link would just need the Linksys as its default gateway in that scenario, but I don't know what kind of security your D-link provides for access to only the printers you mentioned and to the Internet.
|
|
|
10-20-2006, 03:44 PM
|
#10
|
Member
Registered: Dec 2005
Location: Montana
Distribution: Debian "squeeze"
Posts: 157
Original Poster
Rep:
|
I could try this
|
|
|
10-20-2006, 04:44 PM
|
#11
|
Member
Registered: Dec 2005
Location: Montana
Distribution: Debian "squeeze"
Posts: 157
Original Poster
Rep:
|
I got something working now. At least I think i'm on the right track. I actually pulled the Linksys out of the loop and connected the D-Link to the SMC's WAN port.
I'll document and post back tomorrow with my results so far.
Scott
|
|
|
10-21-2006, 09:30 AM
|
#12
|
Member
Registered: Dec 2005
Location: Montana
Distribution: Debian "squeeze"
Posts: 157
Original Poster
Rep:
|
Alright, so here is what is working...
D-Link - 192.168.0.1
WAN PORT = Internet via PPPoE
LAN = 192.168.0.0
SMC HotSpot - 192.168.2.1
WAN PORT = 192.168.0.4 with gw set to 192.168.0.1
LAN = 192.168.2.0
The D-Link basically cables into the SMC's WAN port.
OK, so with this setup I am able to sit in 192.168.2.0 and access any 192.168.0.0 resource and any 192.168.2.0 resource. I am also able to access the internet. Which is a huge step here.
HOWEVER, when I sit in the 192.168.0.0 subnet I can only ping as far as 192.168.0.4. I CANNOT ping any hosts inside of 192.168.2.0!
But, we know the route is working because hosts in the 2.0 subnet can access the internet which means traffic must be flowing in both directions.
I checked the settings on the SMC and block-ping-to-wan-port is turned OFF. There are no strange firewall settings that could be blocking the icmp traffic from 0.0, so i'm stumped. I guess it's not a big deal though.
So now what i'm thinking is that I will set firewall rules on the d-link and cut off 192.168.0.4 from accessing a specific range of IP's (192.168.0.10 - 192.168.0.20). That would be my PRIVATE network.
Any thoughts?
Scott
|
|
|
10-21-2006, 09:53 AM
|
#13
|
Member
Registered: Sep 2006
Location: Dayton, Ohio
Distribution: Slackware 12, Fedora Core, PCLinuxOS
Posts: 194
Rep:
|
How many machines do you have on the 192.168.0.0?
The D-link still does not have a static route to the 192.168.2.0 network, so if anything originating on the 192.168.0.0 network tries to go to that subnet, the D-Link will actually route the packets to it's default gateway (the internet) and they will not reach their destination.
Since we've discovered that the D-Link can't do this, you could test by adding the static route to 192.168.2.0 locally on one of the machines in the 192.168.0.0 network. If you don't have a whole lot of computers on that network, it may be easiest to just add this static route on each one.
|
|
|
10-21-2006, 10:02 AM
|
#14
|
Member
Registered: Dec 2005
Location: Montana
Distribution: Debian "squeeze"
Posts: 157
Original Poster
Rep:
|
Quote:
How many machines do you have on the 192.168.0.0?
|
I have:
192.168.0.2 - C86 Printer
192.168.0.3 - HP LaserJet
192.168.0.10 - 192.168.0.20 - Private WLAN. Mostly windows machines, one linux.
So, total of 3 windows, 1 linux, 2 printers
Quote:
The D-link still does not have a static route to the 192.168.2.0 network
|
Yes, you are right, and I've tried to create a static route on my linux workstation to the 2.0 network.
Code:
route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.0.4
Code:
bash-3.00# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 192.168.0.4 255.255.255.0 UG 0 0 0 ath0
192.168.0.0 * 255.255.255.0 U 0 0 0 ath0
loopback * 255.0.0.0 U 0 0 0 lo
default 192.168.0.1 0.0.0.0 UG 1 0 0 ath0
When I add that route and then I attempt to ping a host in the 2.0 I don't get any response.
Thanks,
Scott
Last edited by ScottReed; 10-21-2006 at 10:06 AM.
|
|
|
10-21-2006, 10:47 AM
|
#15
|
Member
Registered: Sep 2006
Location: Dayton, Ohio
Distribution: Slackware 12, Fedora Core, PCLinuxOS
Posts: 194
Rep:
|
If I've kept up with the changes correctly, it looks like everything should add up. One thing is that I don't know anything specific about the SMC device. Does it allow all traffic in through the WAN side, or does it have some kind of basic firewall that needs to have ports opened? If so, does it allow you to forward requests to their destination, or only to a specific IP address based on incoming port numbers?
|
|
|
All times are GMT -5. The time now is 08:33 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|