Re: Workgroup Client Bridge Configuration



Jeff Liebermann wrote:
On Tue, 14 Feb 2006 22:13:14 -0500, RWM <RWM@xxxxxxxxxx> wrote:


The firewall is an original SonicWall device; not sure if it has dual IP capability for the LAN interface, in any case it only allows one IP to be specified.


It doesn't. Single IP address per interface. I have a bunch of the
original SOHO-10 routers in service and on my router pile. They are
excellent routers but rather slow. Add a few filters and they can't
do more than about 1Mbit/sec WAN to LAN.

I'm not sure if the original SOHO can even be configured as a non-NAT
router. I can fire one up on Thurs and check.


However it does cause problems with some Windoze and Mac clients that
do not appreciate having a default gateway that is outside of the
netmask range. For example, if the client's LAN IP is 192.168.1.2,
but the gateway is 216.216.216.1, some operating systems just will not
push packets at the gateway. Fortunately, this has become somewhat
common with VPN's, so the later operating systems all accomidate this
arrangement.

This is an interesting observation, in that I have never been able to successfully create a VPN link through the Sonic in this configuration.


I have several VPN's running through a somewhat later Sonicwall TELE
router. No problems. I also a have a few where the router both
initiates and terminates the VPN. No need to go through the router. I
vaguely recall that there had to be some tweaking of GRE (general
router encapsulation protocol) and redirecting the ports used by IPSec
VPN pass-thru to get it to work through the router.


Any chance the PC on the wireless link is some ancient junker running
Windoze 95 or 98 first edition?

A mix of WinXP, Win2K and one ancient Win98SE machine.


I mean't the one computah that's going through the Seneo wireless. Is
it a Windoze 98SE machine?


Yes, the desktop is a Win98SE machine, though I tend to set up and test the link with a Win2K laptop so I can hot-swap networking specs and IPs.



So, what does your DHCP server deliver to the client? What does:
IPCONFIG
look like?

They are all static IPs; no DHCP enabled anywhere on the network.


Well, that's understandable. As soon as someone setup the Sonicwall
to *NOT* use NAT, it turned off the internal DHCP server. No way for
the internal server to deliver routeable IP's. Using the Sonicwall as
in "gateway" mode (I think that's the correct term for NAT turned
off), will function, but that's not the way it's usually done. Is
there a good reason why NAT and DHCP are off?


OK, but the Sonic/10 (5.1.7.0 FW, 6 current conections) is in "NAT Enabled" mode and DHCP is NOT enabled.




These are from a working wireless client (via the 2611CB3 functioning as the AP):
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.168.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 216.251.112.1
DNS Servers . . . . . . . . . . . : 216.251.95.2
216.251.41.2


Amazing. Well, that will work if the Windoze client allows a gateway
that's outside the netmask. I'll confess that this is the first time
I've seen it done like this.


Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 216.251.112.1 192.168.168.101 1
192.168.168.0 255.255.255.0 192.168.168.101 192.168.168.101 1
192.168.168.255 255.255.255.255 192.168.168.101 192.168.168.101 1
Default Gateway: 216.251.112.1


Well, the local LAN and gateway all route correctly.


SonicWall/10 (the original FW appliance)


Original? There were huge numbers of firmware updates on the SOHO/10.
The bin files in my collection show 5.170 as the latest version. There
are some later versions (5.6) but my support subscription expired long
ago and I was too cheap to renew.

Right, it is running the final 5.1.7.0 FW.


https://www.mysonicwall.com
However, I don't think there's anything broken in the Sonicwall. My
best guess is that the Senao bridges are doing something, but I can't
figure out what it might be.


If it's running NAT, it should have an IP address on the LAN side. Try
setting the gateway to 192.168.1.1 (or whatever) on the PC going
through the wireless link and see if that magically fixes things.


I have tried this (as well as 0.0.0.0) on the bridged machine, with no joy, but that is with the unusual firewall gateway IP. I will change that and give it a try.


The machine at the end of the wireless bridge should be configured the
same way as the others. Bridges don't know anything about IP
addresses and therefore cannot really mess with the IP layer stuff. It
should be totally transparent.


But you know, no one else has them, so they are relatively secure both by design and limited user population.


I have a bunch. Paid about $500/ea for them. I installed most of
them in 1999 to 2000. Most are still in service.

Yes, they are bulletproof and the XR 500mw radios have great coverage; mine have been running without a hiccup since 1999.

What I meant by "no one" is not very many people in the non-professional war-driver/AP-snooping crowd have them; not really consumer wireless gear.



Any of the laptops works hard-wired, so I was sort of warming (cooling?) to that possibility... I have seen a certain flakiness manifest on occasion with the Senao radios (CB, AP and cards).


Yeah. If that's the case, it has to be Senao. Much as I object to
your LAN IP layout, it does work. That leaves Senao.

How about doing something disgusting? Setup one Seneo as an access
point. No router, no DHCP on the access point.


OK, this is the way the 2611CB3 is set up now; as an AP, no DHCP.


Setup the other end
as an ordinary wireless client. No bridging, just a simple client.

If it was a laptop with PCMCIA slot, I would go that way, but the remote client is a desktop, so I am using the 3054CB3 as a wireless adapter.


Kinda crude, but has fewer things to go wrong than a transparent
bridge. Personally, I would rip out the Senao radios and replace them
with a pair of WAP54G bridge radios and be done with it.

That will be the reluctant next step. The 2611CB3 in access point mode works fine, so I may first just try a replacement for the 3054CB3 wireless adapter.

Again, thanks.
.

Relevant Pages

  • Re: Connect a Wireless Router to my SBS Network
    ... I assume your DSL modem-router is acting as a router (with a WAN and a LAN ... This setup is the Airlink wireless attached to the 5-port switch? ...
    (microsoft.public.windows.server.sbs)
  • Re: Workgroup Client Bridge Configuration
    ... original SOHO-10 routers in service and on my router pile. ... do more than about 1Mbit/sec WAN to LAN. ... but the gateway is 216.216.216.1, some operating systems just will not ... The machine at the end of the wireless bridge should be configured the ...
    (alt.internet.wireless)
  • Re: Using XP PC as Gateway, add Wireless router, cant share across su
    ... I'm using a spare PC running Windows XP Pro configured as a gateway to allow ... other computers to access the Internet through this PC. ... Things have been running pretty good so I added a wireless router to the mix ...
    (microsoft.public.windowsxp.network_web)
  • Re: Change wireless configuration
    ... I have them set up for ICS over a Wireless system, set up in what I think ... ICS is a MS term. ... It allows one computer to share its Internet connection with other computers in a LAN situation. ... to the Wireless Router, the XP Pro PC is connected to the Router by a ...
    (alt.internet.wireless)
  • Re: VPN over wireless
    ... You will still the need the Router to issue DHCP and wireless ... network but still access to the internet. ... LAN Router Wireless Router ...
    (microsoft.public.windows.server.sbs)