I am basically trying to do the same thing; offer wireless access to others
while keeping a local LAN secure. The only equipment we have so far is the
DSL modem and the router and a PC. So we have DSL --- router ---- LAN. I
was thinking that if I plugged a Wireless AP/router like the Linksys
Befw11s4 into the existing router, the Befw11s4 would act as a firewall to
protect my local LAN. It sounds like that is not the case??? Would the
"right thing" to do be to get an old 386/486 and use the FREESCO solution
with a WAP11 plugged into it and connected to the existing router? We also
want to provide a couple of hardwired jacks to plug into, I assume the same
details apply...
So, we have either:
DSL --router ---- LAN
|
|
BEFW11S4 router/wap
OR
DSL ---router ---LAN
|
|
386/FREESCO/3 NICs/WAP11
Any input greatly appreciated!
Thanks
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Anthony DeRobertis
Sent: Thursday, June 27, 2002 11:47 AM
To: [EMAIL PROTECTED]
Cc: Bob Keyes; John M Stec; [EMAIL PROTECTED]
Subject: RE: [BAWUG] How to ? Will this work
On Wed, 2002-06-26 at 10:46, Enrique LaRoche wrote:
>
> like you said
>
> Your diagram isn't clear to me. Do you mean:
> PubIP DHCPSERV PrivIP
> DSL --- router --- switch
> / \ \ \
> / \ \ \
> (DHCPCLIENT) / \ \ \
> (DHCPSERV) router LAN
> |
> WAP11
Yes, that's what I mean.
> I am not able to ping the first router or any machine on the wired side.
You should be able to, by NATing through the second router. The only
reasons I can think of that you couldn't is because:
a) You have locked down the second router to only allow traffic to
destination IPs not in RFC1918 space. This would be a fairly
secure config.
b) You have blocked ICMP echo request or ICMP echo reply.
c) Broken NAT implementation
d) Misconfiguration
>
> I understandthe principle of the NAT type router is the 192.xx.xx.xx
address
> are NON routable.
First off, it's 192.168.x.x ('192.168.0.0/16'), not 192.x.x.x
('192.0.0.0/8'). Please beware of that, as there are perfectly valid
hosts in the much larger 192/8 block. Example: 192.52.71.4
Second, the only special thing about 192.168/16 is that it is not routed
across the internet (at least its not supposed to be. It has been on
many occaisions). Your pair of routers will happily route it to each
other.
> If I am on a different non routable IP on the wireless side, how can I get
> to the non routable addresses on the lan side?
Basicly, it'll look something like this. First, a diagram (hope you can
understand this one....)
router1 (external: internet; internal: 192.168.0.1)
|
switch ---- pc (192.168.0.3)
|
router2 (external: 192.168.0.2; internal: 192.168.1.1)
|
WAP11
|
wireless client 192.168.1.2
Wireless client sends ping to 192.168.0.3.
Checks routing table: Send through gateway 192.168.1.1
Checks ARP table; finds no translation
Sends ARP for 192.168.1.1
Sends ICMP packet with IP destination of 192.168.0.3; ethernet
destination of router2
Router2 receives packet.
Checks routing table: Send to directly attached external machine
Performs NAT; sets source IP address to 192.168.0.2 [router2 ext.]
Checks ARP table
Sends ARP for 192.168.0.3
Send out the packet
PC received the packet
Generate ICMP response
Sends response
Checks routing table for 192.168.0.2
Checks ARP table; does any needed ARPing
Router2 received the response packet
Checks NAT table
Find entry; sets destination to 192.168.1.2
Checks routing table
Checks ARP tabe; performs ARP if needed
Sends packet
wireless client receives packet.
Thus concludes a long explanation of how things work.
--
general wireless list, a bawug thing <http://www.bawug.org/>
[un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
