LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Running Second Router in Router Mode: DD-WRT (https://www.linuxquestions.org/questions/linux-networking-3/running-second-router-in-router-mode-dd-wrt-4175627289/)

des_a 04-09-2018 02:32 AM

Running Second Router in Router Mode: DD-WRT
 
Hello. I was troubleshooting here: https://forums.imore.com/ios-11/4016...ml#post3054488, and I needed to know how to get my routers working without NAT, so I can give things another go. Sometimes, double NAT, is a bad idea anyway. Some people say ALWAYS.

If I do everything exactly the same, but set my router to "router" mode, instead of "gateway" mode, which disables NAT, it does not work. I need help making this work.

All my routers, are now running DD-WRT. Probably no longer the latest version, but I'll try to upgrade soon, but not necessarily now. They might work better after upgrading.

I'm thinking, I need to create a VLAN in the first router and do something like that. But I'm not exactly sure if that's true or not. Plus, I don't know how to create VLANs or anything, or really, what they are, which is what's stopping me from trying that theory. I prefer to do everything possible from the web interface. Please help. Thanks!

P.S. - This doesn't seem to be exactly the same problem, or solution, but it's awfully close:https://www.linuxquestions.org/quest...r-mode-833145/

jefro 04-09-2018 01:06 PM

Most routers running alt firmware can be set in one of 4 modes.

There is not much of an issue running double nat by the way. I have done it for decades.

If your version of dd is able and your hardware is able then you can set it to any mode. A few of them will seem to lock you out since it will no longer accept input to the web interface.

What tutorial did you use from the dd web site?

des_a 04-12-2018 01:57 AM

Quote:

What tutorial did you use from the dd web site?
Actually... I didn't even know they had tutorials. Via click and point method, where are they on the website? I'll look, and see if I can find them, if not, I'll need help. Maybe tutorials will help me figure this out...

So, the "larger" picture, of what I'm trying to do, is get airprint to work on ipads, without breaking what already works. Something about either needing to be in the same subnet, or needing to be not NATed to work. Something about broadcasts not working all over the place or something. I don't quite get it yet, so I'm experimenting.

Anyway, I know it doesn't work in my situation, the way things are. I thought that running without NAT would be better. So running without NAT is the smaller picture of what I'm trying to do. I would like to try this for now, without breaking anything else, even if it doesn't help, and even if I decide it doesn't benefit me, and want to change it back afterward. I should learn to do this.

The theory, is that I should have all second routers (or maybe most of them), in router mode, and not gateway mode. However, it doesn't work for some reason. That was why I double NATd it. Except for the Windows Sharing issues and the airprint issue, I haven't had any issues with double NAT. I solved the Windows file sharing issue, I think. Now I'm trying to see if I can solve the airprint issue, which is going to require to try to put things in router mode, and see what happens. So I want to learn what is necessary on the first router, to make it work on the rest of the routers. All the routers are running DD-WRT. I will upgrade them soon as well, if there is upgrades available for them, to see if that fixes my small stability problem on clientrouter.

So my first step should be looking at tutorials on DD-WRT, so I'll give that a try, and see if that works or not. I'll tell you here, what I learned, or that I still need help finding them. Thanks!

des_a 04-12-2018 02:05 AM

Looks like I've found what "appears" to be the tutorials, you were talking about. Whether or not it is, it's worth taking a look at. Unfortunately, it looks like they only refer to the latest version of DD-WRT. So I'm going to upgrade now, and try to see what the new firmware is like. I "could" be offline while I upgrade the firmware...

des_a 04-12-2018 02:24 AM

So I've upgraded 2 out of 3 routers now. I've upgraded every router but guestrouter. That's because guestrouter is a different model. So it can wait until later.

It looks like it was new enough already, that there are no new features on the surface or anything. But hopefully, there's been some changes under the hood, that will make clientrouter more stable as it runs.

I'll take a look at what I "believe" are the tutorials you were talking about now.

des_a 04-12-2018 02:41 AM

Unfortunately, in the place I'm looking, anyway, I don't see a tutorial for what I'm trying to do. I'll link to the tutorial section, I'm looking in: https://www.dd-wrt.com/wiki/index.php/Tutorials.

I see some tutorials for connecting two routers wirelessly, but I want to connect them in the wired way. I would like to use the WAN port and not trick it by using the LAN port if it would easily work that way. In other words, I really don't want to have to change the physical connection to anything. I'd like to try and make all the changes that are necessary in mainrouter, and have things "just work" when I set it to router mode in clientouter, or if I wanted, in guestrouter. Also, any other router, for that matter (at least as long as it's dd-wrt).

I'm thinking it has something to do with either some kind of bridge, or the VLAN options. Neither of which, I know how to use right now. I would play with them, but I don't want to break things so that it won't work from not first understanding what I'm doing, before I make a change.

des_a 04-12-2018 02:51 AM

P.S. - The reason I want to connect them in a wired way, is both because they are close enough right now, that it's silly not to, and because that is my standard based off of the way things work right now, and the technology I can afford to make things work. This has to do with the fact that at times, I'm basically sending large "images" over the network, back and forth. I use Clonezilla-SysResc CD, to boot from System Rescue CD, and create partimage images, which I send over the network (but without a partimage server). These either are patterns, or backups. I use them so that when something goes wrong, I can either re-install the latest backup image, or re-create it from the proper pattern. These things are stored on mainnas.

I have used it thus far after getting setup to work, recently for fixing problems with my servers. So far, I believe I've had to redo vmain at least once. I've had to redo 3 app servers this way before too. Then, I've had to backup the vweb server, so that I could see if my fixes made it work. So far, my fixes worked, so now I have a good backup for when it fails again. Hopefully, things will go smoothly, and nothing will fail anytime soon, but just in case, now I have my images and stuff. mainnas, is one of the more important servers that I have right now.

des_a 04-12-2018 02:53 AM

P.P.S. - mainnas is important because, in what is currently an Active Directory free network, it provides features that Active Directory also provides. Active Directory is overkill for now, and is only Windows based, I think. But I have some of it's features that ARE useful, on Windows and Linux, by using mainnas.

des_a 04-12-2018 02:55 AM

P.P.S. 2 - mainnas also does other functions, such as storing most software for me, as well. This includes OS install disk ISO images.

des_a 04-12-2018 01:56 PM

Looks like this: https://www.dd-wrt.com/phpBB2/viewto...a82aef502880f3, is actually the same problem with setting my router to router mode.

I did see one place linked to from there, which showed me how to set the router to router mode: https://www.dd-wrt.com/wiki/index.ph...s_access_point. But I don't know if that is what I want or not. First, I think, I would like to try keeping the individual subnets, but diabling NAT. Then, I'll see whether or not the airprint will work. If it doesn't, the next best is to try this, except for having DHCP on this router act like the DHCP for everything connected wired or wirelessly to it, and then have a non-conflicting DHCP router on mainrouter as well, even if they are in the same subnet. Only the advanced instructions, "might" work for me.

des_a 04-12-2018 01:56 PM

Please give me feedback, and tell me if I'm at least on the right track or not.

jefro 04-12-2018 03:12 PM

Totally lost now.

Do you simply want to use router as a downstream switch?

des_a 04-13-2018 02:10 PM

Quote:

Do you simply want to use router as a downstream switch?
I don't know what a downstream switch is. But I do know what a switch is.

Anyway...


I don't know exactly what you call this, but I would like to try these solutions:

1) Behaves as a type of router, connected to mainrouter, as it already does, but with no NAT. Clients behind the router, on mainrouter, have a subnet, and are served by mainrouter for DHCP. Clients behind clientrouter, have their own subnet. All communication can be passed between both subnets, back and forth. They just have two separate address spaces. clientrouter serves it's address space with DHCP. Everything gets through to everywhere, except for it somehow "stops" at the router and is translated in a way that makes it compatible with the new subnet. Wireless is on the same subnet.

If I could get this, I'd try airprint and see if it works or not. If it works in this configuration, and nothing else is browken, great! If it doesn't, or this is somehow an impossible communication with DD-WRT, then, I'll move on to the next thing.

2) Behaves as a kind of an access point/router/switch/combination. There is a subnet that mainrouter is on, and clientrouter is on that subnet too. Wireless clients are on the same subnet, as well. For now, it's too small to care if this HAS to be the results or not. clientrouter serves DHCP to it's clients, without getting in the way of mainrouter's clients, which it serves DHCP to.

As always, I need to have only clientrouter's MAC locked down in mainrouter to have all MACs in clientrouter enabled on clientrouter, but clientrouter needs all it's own MACs to enable clients to connect to it. Each IP will continue to be static, unless it's a temporary guest on the network, which I have specifically enabled access to.

Hope this helps you help.

des_a 04-13-2018 02:10 PM

P.S. - I don't want to have to physically connect it differently.

des_a 04-13-2018 02:12 PM

VLAN Information I found that might help me:

https://www.flashrouters.com/blog/20...up-vlan-ddwrt/
https://en.wikipedia.org/wiki/Virtual_LAN
https://www.lifewire.com/virtual-loc...network-817357

des_a 04-13-2018 02:12 PM

I'm almost ready to experiment and see what happens, knowing that I should always be able to restore the same configuration again...

des_a 04-13-2018 06:14 PM

http://www.tomshardware.com/forum/33...nstream-router

So according to this, a downstream switch is simply a switch on the LAN side of the router. Nope, not quite what I want, even if it had wireless as well. But possibly I'm willing to try something like one of those with wireless, except for it should be a little smarter.

I have some actual switches. That's how the thing functions in the first place. I have done it this way whenever I have done it for years. There is a switch inbetween each router. Since it's on the downstream of one (LAN side), and upstream of the other (WAN side), I guess they are downstream switches. They don't have anything you can configure, they are just switches, plug them in and they do what they do.

I don't exactly want a duplicate of that, or it would be as easy in this case as unplugging the routers and using the switches.

Sorry, I can't provide diagrams, but my diagrams are way out of date, and I need to redo them at some point, so words will have to do.

mainrouter is connected to a switch, then clientrouter's WAN is connected to a switch. That is the part we are concerned with right now. If I break guestrouter, I can reconfigure it later, right after getting clientrouter to work.

clientrouter currently has NAT, and is in gateway mode, and allows wired and wireless devices to connect to it. But multicast packets aren't getting through I believe is the problem, even with "filter multicast" turned off, and the SPI firewall turned off. I "think" this is why it's not working. Anyway, I can have a more superior design if I route things differently anyway.

Ideally, everything would be in a differnet subnet, but everything could talk to each other. Even multicast packets would get through somehow. By the way, I don't really understand multicast, if it's the same as broadcast or not...

The wireless interface is fine for now, I want to keep that same interface.

I have enough information to start tinkering with things now, after a backup. I'm just not home yet, and need to be home to do this. I could modify configuration from here, but I wouldn't be able to see it's effect from here.

I am possibly going to settle with all being in the same subnet again, since even though it's "nice" to divide it like that, there's no technical reason to do so right now, since I have fewer than 254 clients still, even with all that I've got and with 8 virtual servers. So I can play with the access point tutorial, and see how that goes. I'll follow it so much, but adapt it to my actual needs and see if that goes well or not. I'll see if I break anything by doing it. If I don't break anything, I'll see how airprint works.

I WILL have to change the guest network (guestrouter). However, changing guestrouter is second priority as guestrouter needed some more changes anyway. First guestrouter needed to be upgraded, and then differnet things needed to be changed about guestrouter. This was on my list anyway...

des_a 04-13-2018 06:21 PM

Multicast information:

https://en.wikipedia.org/wiki/Multic...rnet_multicast
https://www.utilizewindows.com/the-d...cast-messages/

Now, I have a basic understanding of what the 3 types are.

des_a 04-13-2018 06:23 PM

I'm told that the basic reason I haven't gotten anything to work, is that multicast packets are not getting through to the other subnet.

des_a 04-13-2018 06:23 PM

So...

des_a 04-13-2018 06:29 PM

Multicast Enabling Information:

https://www.dd-wrt.com/phpBB2/viewto...11f755b016139d
https://www.dd-wrt.com/phpBB2/viewtopic.php?p=534033

Doesn't quite help, but getting closer to finding what I wanted for this part...

des_a 04-13-2018 06:31 PM

More:

https://www.dd-wrt.com/phpBB2/viewtopic.php?p=965915

des_a 04-13-2018 06:34 PM

Doesn't seem like I can solve it brute force... I don't see a way to enable multicast and get it through NAT. So, back to my original way of thinking. There was a device I could by for $99, but I was thinking that was overkill for my current situation. Plus, I don't have the funds right now...

I'll try my idea, when I get home. Unless there is more to say about the idea, that's probably all, until I try that idea.

des_a 04-13-2018 06:34 PM

...Except, for I'll check from here, to make sure everything else looks good...

des_a 04-13-2018 06:37 PM

...Yep...

SPI is disabled, and filter multicast is off.

Here goes what I CAN, do here...

des_a 04-13-2018 06:57 PM

Settings were set from here. Nothing like losing the GUI or anything... I know I just broke DNS, and the DCHP configuration, but we'll see if I broke anything else or not. I can fix DNS from here, but we'll see if more stuff starts to work or not, when I try this configuration. If more things work, I'll first fix DHCP, then DNS, and make things more permanent. The first, will be to test airprinting, to see if that works or not. Then, I'll go from there...

des_a 04-13-2018 07:17 PM

P.S. - If I broke DHCP, it can always try to get a dynamic IP from the DHCP server, while I test it. It only matters when it's more permanent...

des_a 04-13-2018 09:34 PM

OK...

I'm back home now. I checked to see how it functions... I decided to wait to get DNS and DHCP how I want them, until I see if it works or not.

The computer has Internet, as desired. I still only need to give the router permission, and everything behind it has permission to function. So that works out okay. Then, I tested my iPad. It works okay, and airprint works. The only problem now, is that unlike my computer, the iPad is not getting an IP from DHCP at all. This is true no matter which wireless it's connected to, not just the special one. Although, this was probably why I went to the special wireless network in the first place. Maybe if I made a special wireless network for iPad on mainrouter??? Anyway, it won't get an IP address where I want it to be. If you give it one manually, everything works okay it seems, so it's giving it an IP address that's the problem.

des_a 04-14-2018 12:03 AM

Cool! I just had to wait a little longer. I configured the DHCP server. Now to configure DNS.

des_a 04-14-2018 12:34 AM

DNS is set! Everything works for clientrouter and mainrouter. Now airprinting works. Everything is in the same subnet, except, for now, for the guestrouter, and VPN. Is this a good design for my network do you think? Or was this a better design to keep the different subnets? Since I did have to remove one DHCP server to make it work, it's certainly harder to configure. If I DID keep the separate subnets though, I'd like to make sure I have no NAT or anything though, and don't break airprint.

des_a 04-14-2018 03:03 AM

If running more than one subnet is a good design, rather than one subnet, I could probably use VLANs, now that I have some sort of idea how to. I could assign the VLAN to the port that clientrouter is connected to, and assign it to it's own subnet, with it's own DHCP router. However, the downfall of this, is that if I did that, then I'd need to make sure that multicast was forwarded to the VLAN, and that guestrouter knew about it, and that I did not do anything else to break airprint, now that it's working. If it's a good design, there might also be a way to set it up just in clientrouter, without having anything else affected.

I'll do some quick research.

des_a 04-14-2018 03:39 AM

I found these:

https://www.dd-wrt.com/phpBB2/viewtopic.php?p=537038
https://www.dd-wrt.com/phpBB2/viewtopic.php?p=878670

And I don't know, but this:

https://www.dd-wrt.com/phpBB2/viewtopic.php?p=1009873

...

...May have been what I wanted...

Well, if that works, it would solve the original thing I may have wanted to do, but I don't know about the bigger picture.

des_a 04-14-2018 03:42 AM

While I can't find what the routing setting does, very well, I can now see one theory on how to put my router in router mode and have it work. It looks as if I add a gateway setting to the routing table of the first router.

However, if that's the case, would multicast packets make it through from one subnet to the other? As I said before, I "think" that that was the problem with airprint not working before, according to the forum I was previously on. So if I could have my subnet, and my airprint would work too...

des_a 04-14-2018 03:58 AM

So the next question, is this then, since we are getting closer to a solution. Which is a better design, to have? Is it a better design to have 2 subnets, so that I can have 2 DHCP servers at work, serving separate IPs for clients and basic network hardware? Or is it a better design, since I do not yet have more than 254 clients on the network, to use one subnet, and one DHCP server?

A helpful factor in deciding, is that there is always some IP switching to do, when adding clients/servers properly, as per the design.

According to the design, the MAC never changes unless there is a conflict, but may be recorded at times. The IP, is mostly static, but will sometimes change what that static IP is, as new devices are added or subtracted from the network.

The DNS name will not change, unless there is a new device from that owner of the same type.

---
For example, let's say I get a new laptop to use for completely personal use, and I want to put it on the network.

I will first need to make sure I have permission to add a device. I have already signed an updated AUP, so we are good to go there. I will need to provide my MAC, which I can change if I want more privacy or if there is a conflict. If the MAC changes, I will need to update it.

Then, I can be assigned an IP. I will follow the network standards to decide who gets which IPs, and then set up the corresponding router accordingly, which may shift existing IPs up or down.

Then, I will get a DNS name. Let's say this is a client. Let's also say it's another laptop computer. So my IP will be changed in the place for clients, which is now in mainrouter, but was in clientrouter before. I own more than one device already, including more than one computer. So my DNS name is a number in my special format (which is often a letter), w, if it's a wireless interface, then a dash, then my 3 initials. It will not be required for the network to work, so there will be no dash and then no "rec".

The number will be the number corresponding to the order the computer was obtained in. So if this is my 3rd computer, the DNS name would be "c-des".

These are updated, if the order of the computer changes, such as getting rid of a computer.
---

I could let users request a special alias, to their client machines, but this would be upon request, not given standardly. The alias, would not have to change.

des_a 04-14-2018 11:26 AM

P.S. - By the way, the switching is why there ARE standard aliases for most servers. That's where mainrouter, clientrouter, and guestrouter come from. They are basically treated as a type of server. Those are the shortest names for them, and therefore, the easiest to remember. Those are their hostnames. I do believe, that as of yet, none of them have WINS names, just hostnames. But some of them might have WINS names later, because some of them will also become NASs.

The 3 domain names, are smiley000.net, clients.smiley000.net, and guests.smiley000.net. Now, clients.smiley000.net is the same IP range as smiley000.net, while guests.smiley000.net is a different range.

mainrouter, is in smiley000.net. clientrouter, is in both smiley000.net, and clients.smiley000.net. guestrouter is in both smiley000.net, and guests.smiley000.net.

These are internal names, NOT external names. They won't work on the Internet at large, just my network. On the Internet at large, my only name that can be used right now, is smileynet001.ddns.net.

I could mess around with names on the outside, but that'd cost me money to register the domain names, so instead I stick with free solutions for now.

des_a 04-14-2018 12:00 PM

OK. Here goes a reconfiguration experiment. I will attempt to reconfigure things again, and see if I broke airprint or not. Please be patient. I'm no longer home right now. I'll reconfigure it from here, and when I get home, I'll check it.

des_a 04-14-2018 12:29 PM

All went ok, except for when I added the route to the routing table. It looks like I added it wrong. I'll have to read up on routing tables, I guess. At first, I added

Code:

192.168.2.0 0.0.0.0 192.168.1.2 LAN & WAN
But since that didn't show up in the routing table, I tried to add:

Code:

0.0.0.0 0.0.0.0 192.168.1.2 LAN & WAN
Everything then didn't work. I'll have to fix it when I get home. I'll probably have to reset the router, and then re-install the configuration settings. It'll be awhile until I get home again...

des_a 04-14-2018 12:29 PM

Then, of course, when I get this working, I'll see if I broke airprint or not. But NAT should be disabled.

des_a 04-14-2018 12:30 PM

...and it should be in it's own subnet.

des_a 04-14-2018 01:14 PM

I found these links:

https://www.techrepublic.com/article...outing-tables/
http://library.mobrien.com/Manuals/M...es/routing.htm

des_a 04-14-2018 01:15 PM

So, the reason it's now not working, is because I told it to change the default gateway. So, it's probably functioning, but not from here, and without Internet. But why didn't it change the routing tables?

des_a 04-14-2018 01:16 PM

I could always try from the command line, but that seems silly, if there's a GUI that works...

jefro 04-14-2018 01:59 PM

des_a. I was wrong. I said before I was lost, now I am really, really lost.

Is there any chance you can re-edit all this to some simple question while deleting all the extra information?

des_a 04-14-2018 02:02 PM

I found these:

https://www.dd-wrt.com/help/english/HRouting.asp
https://www.dd-wrt.com/wiki/index.ph..._Static_Routes

This:

https://www.dd-wrt.com/wiki/index.ph..._Static_Routes

...is probably what I should have done...

Oh well!

des_a 04-14-2018 02:27 PM

THE QUESTION RESTATED
=====================

I'll try to add information first, which will hopefully tell you, what you need to know.

What I was trying to ask, in the most simplest form, was how to get clientrouter on a subnet of it's own, without NAT. But then they should be able to communicate with each other, back and forth. Unfortunately, I did not know the terminology to ask that yet. I was gaining the terminology as I troubleshooted. I still don't know the exact terminology, in technical terms, so that description will have to do. I knew it was when the router was in Router mode, that this can happen. But I didn't figure out before, how to make things like Internet work, which I still wanted to work.

My larger purpose, of asking this question, was to create a system where airprint would work, without doing anything like hooking things up differently, or getting new equipment. The underlying problem of that, was that multicasting wasn't working with NAT. I wanted to see if disabling NAT would make things work or not. It may or may not, as my experiments and learning have found. I got airprint to work with everything in the same subnet, the question now, is the way I wanted to try it first, to begin with - will that work or not. I figured out the other way first, and was willing to keep it if I absolutely had to, but I don't know for sure if I prefer it or not.

So, then, I would also amend my original question, to also ask which is a better design, if they both prove to work? Keeping the multiple subnets, or pushing them all to one again. For that, I'd provided some knowledge about how my network works, and how I have to change the things at times, according to the standards.

I've almost figured it out, with the minimum help, and the troubleshooting I have done. It took this thread to make that progress though. I have to wait until I get home to do more troubleshooting, since I can't get to it from here anymore with the changes I've made.

Hopefully, this helps. It's valuable data to me, this thread, but if it's not to everyone else, I'll do something about that, while saving it for me - if my permissions allow. If I'd seen this thread before I started, and especially, mine on my site: http://smileynetmain.createaforum.co...cross-subnets/, I'd have had no trouble figuring it out WITHOUT all this work. That is the purpose for me, of being able to add documentation in this way.

des_a 04-14-2018 02:32 PM

Hopefully this will help too:

https://www.linuxquestions.org/quest...-design-37719/

des_a 04-14-2018 04:48 PM

I just read my original question again. Looks like where I restated it, was better. I just didn't know the terminology to explain what I was trying to do, until more troubleshooting.

I'll try to do better next time.

des_a 04-14-2018 09:20 PM

Now, I get to go home, and try things. I will restore my router, if need be, and then try the routing table again.

des_a 04-14-2018 11:19 PM

OK. I'm home. Internet restored, and basic network functions restored. Unfortunately, because of the lack of the routing table entry, nothing will work yet.

I don't have permission to connect to the router from the LAN side, so what I'm doing is using my mobile hotspot on my phone to connect to Internet. Then, I can get to it from the WAN side.

Now, I read the information about routing tables closely, and try to put in the "right" entry. Then, I plug things back into their proper spots, and I try it from the LAN side.

des_a 04-15-2018 01:40 AM

Done playing around now, with my new knowledge. OK. Here's what I found:

It's still impossible for me for now to get what I was trying to do in router mode done, in router mode. The reason for trying so hard, was that the DD-WRT docs (and sometimes other docs), says that if you have more than one router on the network, you should try for router mode, instead of gateway mode for your router. As I thought, enabling router mode, disables NAT. However, that seems to lead to issues in itself.

I'd added the static route and everything, and got everything working, except for Internet. It seems, that what I'd have had to do, to get Internet working, is to put everything from every routing table on the Internet, in my little router, or something like that. That's the impression I got.

HOWEVER, I did, get to figure out what I was trying to do with router mode in gateway mode, which unless someone has more input, I will settle for this answer about things.

First, I have to set the route in the first router, like I did with router mode. Then, I add a firewall rule as follows:

Code:

iptables -I FORWARD -j ACCEPT
Important! I do this on the second router, NOT the first router!!! Not that I tried, but I can see why this would be dangerous on the first router.

Doing all of this, gives the desired effect, it would seem.

However, for the larger problem, I checked it. I tried airprint from this setup on clientrouter, and it fails to work. So I will NOT be using this setup for clientrouter. It DOES work, the other way that I had it last night, however. So I restored the setup from last night, and everything there is good to go.

That answers the second small question I had, about design. If it works one way, but not the other, then the way it works is the better design.

I DID want the NAT type setup on guestrouter, as I decided that I don't want airprint to work, for safety reasons, on my guest network. If they really need to print, they will have to download the app, which works just fine. But then, I can control who will figure it out and who won't, a little bit better. Unless they are of my level, they probably won't figure it out, without some hints.

Windows printing works just fine, but you still have to make sure you add the printer properly for it to work. This adds some protection against misuse of the printer. I want them to be able to use most of my servers, and it seems to work okay, as is.

I think I have a good enough answer to what I was looking for, and I was right, I solved the larger problem, from solving the smaller problem(s). I will go post there next. If anybody has any more to add, post before it won't let you anymore. Check out the thread about the iPad printing, for the larger picture. A link is in the first post.

Check out my LQ blog, as I will be posting my findings there too. Thanks! Even though you have given me minor hints, it helped with the troubleshooting so that I could solve this the rest of the way. I like when things simply get me "unstuck".


All times are GMT -5. The time now is 06:10 AM.