Re: Workgroup Client Bridge Configuration



On Tue, 14 Feb 2006 22:13:14 -0500, RWM <RWM@xxxxxxxxxx> wrote:

The firewall is an original SonicWall device; not sure if it has dual IP
capability for the LAN interface, in any case it only allows one IP to
be specified.

It doesn't. Single IP address per interface. I have a bunch of the
original SOHO-10 routers in service and on my router pile. They are
excellent routers but rather slow. Add a few filters and they can't
do more than about 1Mbit/sec WAN to LAN.

I'm not sure if the original SOHO can even be configured as a non-NAT
router. I can fire one up on Thurs and check.

However it does cause problems with some Windoze and Mac clients that
do not appreciate having a default gateway that is outside of the
netmask range. For example, if the client's LAN IP is 192.168.1.2,
but the gateway is 216.216.216.1, some operating systems just will not
push packets at the gateway. Fortunately, this has become somewhat
common with VPN's, so the later operating systems all accomidate this
arrangement.

This is an interesting observation, in that I have never been able to
successfully create a VPN link through the Sonic in this configuration.

I have several VPN's running through a somewhat later Sonicwall TELE
router. No problems. I also a have a few where the router both
initiates and terminates the VPN. No need to go through the router. I
vaguely recall that there had to be some tweaking of GRE (general
router encapsulation protocol) and redirecting the ports used by IPSec
VPN pass-thru to get it to work through the router.

Any chance the PC on the wireless link is some ancient junker running
Windoze 95 or 98 first edition?

A mix of WinXP, Win2K and one ancient Win98SE machine.

I mean't the one computah that's going through the Seneo wireless. Is
it a Windoze 98SE machine?

So, what does your DHCP server deliver to the client? What does:
IPCONFIG
look like?

They are all static IPs; no DHCP enabled anywhere on the network.

Well, that's understandable. As soon as someone setup the Sonicwall
to *NOT* use NAT, it turned off the internal DHCP server. No way for
the internal server to deliver routeable IP's. Using the Sonicwall as
in "gateway" mode (I think that's the correct term for NAT turned
off), will function, but that's not the way it's usually done. Is
there a good reason why NAT and DHCP are off?

These are from a working wireless client (via the 2611CB3 functioning as
the AP):
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.168.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 216.251.112.1
DNS Servers . . . . . . . . . . . : 216.251.95.2
216.251.41.2

Amazing. Well, that will work if the Windoze client allows a gateway
that's outside the netmask. I'll confess that this is the first time
I've seen it done like this.

Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 216.251.112.1 192.168.168.101 1
192.168.168.0 255.255.255.0 192.168.168.101 192.168.168.101 1
192.168.168.255 255.255.255.255 192.168.168.101 192.168.168.101 1
Default Gateway: 216.251.112.1

Well, the local LAN and gateway all route correctly.

SonicWall/10 (the original FW appliance)

Original? There were huge numbers of firmware updates on the SOHO/10.
The bin files in my collection show 5.170 as the latest version. There
are some later versions (5.6) but my support subscription expired long
ago and I was too cheap to renew.
https://www.mysonicwall.com
However, I don't think there's anything broken in the Sonicwall. My
best guess is that the Senao bridges are doing something, but I can't
figure out what it might be.

If it's running NAT, it should have an IP address on the LAN side. Try
setting the gateway to 192.168.1.1 (or whatever) on the PC going
through the wireless link and see if that magically fixes things.

I have tried this (as well as 0.0.0.0) on the bridged machine, with no
joy, but that is with the unusual firewall gateway IP. I will change
that and give it a try.

The machine at the end of the wireless bridge should be configured the
same way as the others. Bridges don't know anything about IP
addresses and therefore cannot really mess with the IP layer stuff. It
should be totally transparent.

But you know, no one else has them, so they are relatively secure both
by design and limited user population.

I have a bunch. Paid about $500/ea for them. I installed most of
them in 1999 to 2000. Most are still in service.

Any of the laptops works hard-wired, so I was sort of warming (cooling?)
to that possibility... I have seen a certain flakiness manifest on
occasion with the Senao radios (CB, AP and cards).

Yeah. If that's the case, it has to be Senao. Much as I object to
your LAN IP layout, it does work. That leaves Senao.

How about doing something disgusting? Setup one Seneo as an access
point. No router, no DHCP on the access point. Setup the other end
as an ordinary wireless client. No bridging, just a simple client.
Kinda crude, but has fewer things to go wrong than a transparent
bridge. Personally, I would rip out the Senao radios and replace them
with a pair of WAP54G bridge radios and be done with it.


--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 jeffl@xxxxxxxxxxxxxxxxxxxxxx
# http://802.11junk.com jeffl@xxxxxxxxxx
# http://www.LearnByDestroying.com AE6KS
.



Relevant Pages

  • Re: Workgroup Client Bridge Configuration
    ... capability for the LAN interface, in any case it only allows one IP to be specified. ... original SOHO-10 routers in service and on my router pile. ... but the gateway is 216.216.216.1, some operating systems just will not ... I mean't the one computah that's going through the Seneo wireless. ...
    (alt.internet.wireless)
  • Re: Workgroup Client Bridge Configuration
    ... The 3054CB3 will bridge multiple MAC addresses. ... Functionality" which I guess means it will bridge more than one MAC ... addresses for the LAN interface. ... but the gateway is 216.216.216.1, some operating systems just will not ...
    (alt.internet.wireless)
  • Re: Using XP PC as Gateway, add Wireless router, cant share acros
    ... If you're talking about Windows ICS, although the range of IP addresses assigned by ICS can't be configured, ICS is smart enough to query the LAN first and not to assign an IP address that's already in use. ... The changes you suggested worked and I now have my wireless router set up as a gateway/access point with the LAN port plugged into my switch. ... There was another thing I noticed that seemed different with the gateway PC than when I used my router as the DHCP server. ... I wasn't able to figure out how to set the range of IP addresses the gateway computer doles out in order to prevent it from using the one I assigned to my router. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Workgroup Client Bridge Configuration
    ... The 3054CB3 will bridge multiple MAC addresses. ... Functionality" which I guess means it will bridge more than one MAC ... addresses for the LAN interface. ... but the gateway is 216.216.216.1, some operating systems just will not ...
    (alt.internet.wireless)
  • Re: VPN/Default Gateway/TerminalServices
    ... Pick one that is central to the LAN. ... and *only* it for the Default Gateway. ... "Router" that shares the Internet to the LAN. ... > Server A: DomainController, Static IP 192.168.0.200, Default Gateway ...
    (microsoft.public.win2000.networking)