[NCSA-discuss] wrt54gs and openwrt, rfc1918/dhcp question

Brian Henning brian at strutmasters.com
Thu Jan 19 16:28:17 EST 2006 

Is it your specific intent to segment your wireless from the rest of 
your network like that?

My setup at home is my WRT54G is not routing at all--the rest of my LAN 
connects on one of the LAN ports of the WRT, and the WRT doesn't do any 
of its own DHCP serving or any such thing (so the proper gateway, dns, 
etc all come from my existing DHCP server).

If you /do/ want your wireless segmented like that, I'd suggest putting 
its internal network on a separate subnet, say, 192.168.2.0/24.  I would 
suspect that the reason you can't ping your real gateway is explained in 
  the following rudimentary ASCII art:

          }     [      WAN port ->] -- { rest of your LAN
Wireless } --- [ WRT             ]
          }     [     LAN ports   ]
                  (no connections)


When something on your wireless, 192.168.1.52-60, asks the WRT to direct 
packets to 192.168.1.1, the WRT's routing table sees "ah, my IP is 
192.168.1.129, and my netmask is 255.255.255.0.  That means 192.168.1.1 
is on the local side" and spits the packet out on the LAN side.  Unless 
you make your wireless subnet smaller, to where 52-60 isn't in the same 
subnet as 1 (such as using a 27-bit netmask, and in which case you'd 
need to make sure the WRT's IP was in the same subnet as its DHCP pool, 
which may or may not be automatic), I don't think the WRT is ever going 
to route a packet destined for its own subnet out its WAN port.

Also, if you go the separate subnet route, all the boxes on the WAN side 
of the WRT will need static routes in order to get packets back to 
machines on the LAN side of the WRT (otherwise they'll send all their 
responses out through the default gateway).

So either put your WRT on a separate subnet, or plug the rest of your 
LAN into the LAN side of the WRT and turn off its DHCP and router.

I use MAC filtering plus WPA-TKIP to keep my wireless net secure.


Cheers,
~Brian



Steven Champeon wrote:
> on Thu, Jan 19, 2006 at 02:07:11PM -0500, John Broome wrote:
> 
>>On 1/19/06, Steven Champeon <schampeo at hesketh.com> wrote:
>>
>>>Seems, however, that the s/w that comes with the WRT54GS expects to hand
>>>out 192.168.1.x addresses - and there's no way to change it. Also, it
>>>doesn't seem to want me to treat its IP as anything but 192.168.1.1.
>>>Well, I've already got one of those, thanks. And I'd like to be able to
>>>say "hey, WRT, be 192.,168.1.129, and hand out IPs from 130 to 140" or
>>>some such, and have it route traffic over to 192.168.1.1, my Linux
>>>firewall, and on the internal network.
>>
>>According to my neighbors WRT54G that's unsecured you can change the
>>Router IP to be whatever you want, then change the starting IP address
>>and max number of DHCP users that you want.
>>
>>All on the first page of linksys admin interface.
> 
> 
> OK, fair enough. You *can* change the "local" IP (I was relying on old
> memories and got that part wrong). IIRC (I last screwed around with this
> late last week) I was confused because /out of the box/ the WRT defaults
> to 192.168.1.1 and I had to set up an isolated direct ethernet config to
> talk to the box, where my laptop was .2, until I could change the "local"
> IP on the WRT to something else that wouldn't conflict with my existing
> network setup. So, mea culpa. It *doesn't* let me change the network from
> which I can configure it to hand out DHCP addresses, so it's 192.168.1.x
> or nothing, AFAICT.
> 
> Mine is currently configured thusly (in "Static IP" mode):
> 
> "Internet" IP: 192.168.1.128/24, gateway 192.168.1.1
> "Local" IP: 192.168.1.129/24
> 
> and it's handing out DHCP IPs from 192.168.1.52-60. 
> 
> When I connect my laptop to it via ethernet, with fixed IP, I can config
> the box via the HTTP UI.
> 
> When I connect my laptop with wifi to the box, I get an IP via DHCP, but
> it doesn't route traffic via the gateway I expect it to use, and in fact
> tells me that the host is down. Basically, I get an IP but can't even
> ping the WRT, either interface, or my firewall, or any other host on my
> internal network. I've tried .129 as the gateway (which is what it hands
> out via DHCP), I've tried .1 as the gateway, with no luck.
> 
> Perhaps I need to tweak another knob on another page? Say, letting it
> know it should act as a gateway instead of a router?
> 
> I do have v4.0 of the GS. So perhaps I'll look into sveasoft or dd-wrt.
> 
> Thanks,
> S
> 

-- 
----------------
Brian A. Henning
strutmasters.com
336.597.2397x238
----------------

More information about the ncsa-discussion mailing list