Date: Tue, 14 Feb 2017 10:43:08 -0800 From: Karl Young <karly@kipshouse.org> To: Ernie Luzar <luzar722@gmail.com> Cc: Bernt Hansson <bah@bananmonarki.se>, "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: linksys router behind gateway not working Message-ID: <20170214184308.GI2787@mailboy.kipshouse.net> In-Reply-To: <58A32ED6.1020504@gmail.com> References: <58A3185B.7020606@gmail.com> <db92fe4c-ad53-d3e2-6f0e-20cf744fbdae@bananmonarki.se> <58A32ED6.1020504@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ernie Luzar(luzar722@gmail.com)@2017.02.14 11:22:46 -0500:
> Bernt Hansson wrote:
> >On 2017-02-14 15:46, Ernie Luzar wrote:
> >>Hello list;
> >>
> >>I am running 11.0 on my gateway system. It has a small LAN
> >>behind it. This gateway host has ipfilter firewall and a dhcp
> >>server. The LAN is cabled from the host to a switch and from the
> >>switch to each PC on the LAN. I added a cable from the switch to
> >>a linksys wifi router. I can get wifi and cable connection to
> >>the router but no connection to the public internet through the
> >>LAN. The dhcp server lease file shoes a lease for the router. I
> >>can see this ip address in the router's internal configuration.
> >>
> >>Is the problem because the router NATs it's issued ip address
> >>and then the host gateway system NAT's it again?
> >>
> >>Thanks for any light you can shed on this
> >Our connection is like this, can't check right now but it is from
> >the top of my head.
> >
> >internet--gateway--switch---LAN
> > |
> > |-- wifi
> >
> >Hope this is readable. The switch is dell power connect 2716 wifi
> >is asus something.
> >.
> >
>
> This is what the layout looks like
>
> |----router
> internet--gateway--switch-|---lan pc
> |---lan pc
> |-- lan pc
>
>
If you have two gateways (or routers, they are synonyms), you need to have two different
networks, and a different topology.
So your "gateway" (Freebsd box) should connect to Internet and NAT to an
internal network (say, 10.0.0.0/24). It will have two interfaces:
inbound from ISP (with external address) and internal (10.0.0.1 is used
by convention).
Your "router" (Linksys)'s uplink interface should connect to the internal
interface of the "gateway" with a static address on the internal network
(say, 10.0.0.2), and upstream gateway set to 10.0.0.1..
Then it will provide NAT to a second internal network (say,
192.168.0.0/24). If you have more LAN PCs than available ports on the
Linksys "router" you can use a switch to add more ports.
Sorry, I don't have enough patience for ascii-visio, or I would add a
diagram. From your diagram above, move the switch to the downstream
side of the lnksys (or remove it if you don't need extra ports). then
change config to have two subnets.
But if all your PCs are currently connected to one network, and you only
need the linksys to provide wireless, you could leave the topology as it
iss and reconfigure the linksys to act as a bridge.
I do something like this, except I'm using PF as the firewall, and
Airport as wireless bridge.
Regards
-karl
> The router is a linksys model wrt160n with default internal config.
> The LAN has worked for many years and still works with the router
> connected as shown as above, but nothing connected to the router
> works in this layout. I can cable a pc to the router and get
> connected to the router and it says that I have internet connection,
> but trying to browse to a url gives page not found error. The same
> thing happens if I wifi connect to the router.
>
> The gateway is running ipfilter firewall and it's log shows nothing
> getting logged for the ip address assigned to the router.
>
> The setup works if I place the router in front of the gateway so I
> know there is nothing wrong with the router. Having it this way is a
> security hole to my gateway server and lan.
>
>
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170214184308.GI2787>