Networking #101
 

Hello,

Right - need a little help please! My networking is a bit poor. I know the basics IP, DHCP, DNS and all that.

My scenario is:

Current:

Linksys Router connecting to a 1Gb switch which provides connectivity to the wired LAN. Linksys is acting as the DHCP server on 192.168.1.x.

I now want to put in a hardware firewall (Watchguard).

It has a WAN (external) interface and Trusted (LAN) interface.

In the config of the external interface I've set to DHCP because my router is the DHCP server.

I tried setting up the trusted also as a 192.168.1.x but it complained because they were the same - obviously you can't have two of the same network ranges.

So I could setup the trusted as 192.168.10.x but the router is acting as the DHCP so do client PC's get their IP address as I've just said the trusted is 192.168.10.x?

:dunce:

Re: Networking #101
 

Is the firewall between the router and the modem, or between the router and the switch? If the latter, does the firewall have DHCP server capability?

Re: Networking #101
 

Ahh - ok - to clarify - it's a Linksys WAG325N ADSL Modem / Router.

So it currently goes:

• ISP IP 62.x.x.x to internet connection on WAG325N
• WAG325N is the DHCP Server for client PCs.
• WAG325N connects to 1Gb switch where other PC's are connected.

So my theroy was to place it as so:

<Internet> <WAG325N> <Firewall> <Switch>

Yes the firewall has DHCP capability for trusted LAN.

Re: Networking #101
 

In that case, just set the trusted interface to (say) 192.168.10.1 and make it the DHCP server for the LAN. You can either leave the router as DHCP server JUST for the firewall external interface, or give the firewall external interface a static IP of (say) 192.168.1.2 (if the router is 192.168.1.1).

Your client PCs will then all get 192.168.10.x addresses.

Alternatively, if you have any static IPs on the LAN, switch everything round so the LAN remains on 192.168.1.x and give the router and firewall external interfaces 192.168.10.x addresses.

(All this assumes you are using a subnet mask of 255.255.255.0)

Re: Networking #101
 

Right - all becomes a bit clearer now. Yes I do have some static addresses - my PC because I can RDP to it from elsewhere on the LAN and also a static on the NAS device.

Also - the firewall has a DHCP relay feature so I can still use the Linksys as the DHCP server if required - I assume I tick the box to enable and provide 192.168.1.1 which is the IP of the Linksys.

Re: Networking #101
 

Not sure about that, TBH, as I've never used DHCP relay. Would you not have to configure the routet so that it dishes out 192.168.1.x addresses for the clients, but set it's own address is 192.168.10.x to allow it to talk to the firewall's external interface?

Re: Networking #101
 

I agree with JohnHorb(post #4)

I'd forget the DHCP relay, i think this could cause more trouble than it's worth.

Are you putting the Watchguard in for your own training, or to beef up your network security? Can you turn off the router part of your ADSL router/modem? I ask this because otherwise your going to have lots of fun with double NATing.

Edit: This explains double NATing better: http://support.iprimus.com.au/index....517&Itemid=214

Re: Networking #101
 

Relay - ok no worries. Loolks like a bit of re-jigging of IP addresses then!

Training / Security - Err - a bit of both to be honest. We use these on customer sites so just trying to gain a bit more knowledge but fell at the first hurdle! :D

Not sure how to disable the router part of the Linksys.

The other issue is that it's a wireless router and I want to keep the wireless part enabled - I know it won't be protected by the Watchguard...

Re: Networking #101
 

If you want to retain the wireless connectivity of the linksys then your going to have to keep the router part of the Linksys turned on.

In the end, your going to have two subnets, one for the wired PC's, and the other for the wireless. Also be aware that your wired PC's won't show up in network neigbourhood on your wireless PC's and vice versa.

Did you read the link in my last post about double NAT, part the bit about sending email.

Re: Networking #101
 

Yeah - that's true...ok - might have to invest in to a el'cheapo router and turn the Linksys into a pure access point only.

NAT - yeah - I understood what you meant.

Thanks for the advice all!

Re: Networking #101
 

Not to throw a stone into the pond but wouldn't the following make more sense:

switch <- (subnet1) -> router <- (subnet2) -> watchguard <- -> modem

This way all wired and wireless clients are on the same subnet. I always thought a firewall should go at the edge...

Re: Networking #101
 

Because my router and modem are currently in one combined unit.

Re: Networking #101
 

Ahh, sorry...

Re: Networking #101
 

Don't be....all donations gratefully received!

I always thought it went:

ISP >> ADSL Router >> Firewall >> Switches >> Internal LAN Devices

Re: Networking #101
 

The problem then lies in the fact that your ADSL router is a NAT firewall by default.

RDDearing is spot on with what he's said. That's what I was getting at when asked if you could turn the NAT/Firwall off on the linksys and use it just as a modem/bridge.

TBH, if your wanting to tinker with things for self education you may be better at some point getting a plain ADSL modem with ethernet output. You've then got more configuration flexibility.

Re: Networking #101
 

Agreed. Need to get a bog standard ADSL modem with ethernet - I'll have a look at work tomorrow to see if we have any in stock.

Re: Networking #101
 

*Bump*

Back to this Networking #101 thread!

I've now purchased a bog standard Zyxel router from eBay and I've now managed to convince my ISP to give me a static IP and and a block of 8 addresses - 5 of which I believe are usable.

So - this weekend I'm going to attempt to install this...

What's the best way to configure it and in what order should the devices be connected?

I think it goes:

Zyxel Router > WatchGuard Firewall > Switch

And from the switch I can connect the client PC's, printers etc as well and the current Linksys wireless router which will be in access point mode only.

Also - what's the best device for DHCP - Zyxel or Firewall?

Cheers

Lee

Re: Networking #101
 

Sounds like the best layout given that the router is also your modem.

I would have suggested making the WG Firewall the DHCP server (using one range) and then setting a different range between the WG's external port and your new router.

It may also be worth then putting the WG in the DMZ of the router (if the option is available) or turning NAT off on the router as I'm not sure what hassle you might get if both router and WG are NAT'ing.

Someone please leap in if I'm wrong on that!

Re: Networking #101
 

*Bump*

Bit of a bump! Just been playing with my setup this afternoon and I can't work out how to setup the Linksys WAG325N ADSL Modem / Router as a just an access point...

Want I want to do is have any wirless clients coming in over wifi to get the IP address from the ZyXEL (sorry - you may need to read up a bit for a refresh!)

Any ideas how I can diaable the WAN / ADSL functions and use as a access point?

It's just a simple ADSL router at the moment - just ignore everything about the WatchGuard firewall - I've not put that into the loop yet - wanted to the the basic ZyXEL router / Linksys WAG325N as an access point working first!

Cheers

Lee

Re: Networking #101
 

My network used to be like that, then it got pointless and i used the firewall on my Router and set a netgear as a wireless access point, and the switch is in my bedroom for all the stuff in there :p: