[NCSA-discuss] wrt54gs and openwrt, rfc1918/dhcp question

Steven Champeon schampeo at hesketh.com
Thu Jan 19 17:25:31 EST 2006 

on Thu, Jan 19, 2006 at 04:28:17PM -0500, Brian Henning wrote:
> Is it your specific intent to segment your wireless from the rest of 
> your network like that?

No, not really, though either way is fine with me - having all my hosts
under 192.168.1/24, or having wireless segmented out to the 192.168.2/24
net, as long as the latter lets me pass traffic to the former. What I'm
afraid of is having to renumber the hosts on my LAN to use 192.168.0.x
or modify the netmask on the LAN so as to segment the fixed wire hosts
from the wireless hosts as the WRT seems to force 192.168.1.x for its
wireless DHCP range. (I can adjust the netmask, but not the third octet,
AFAICT).

> My setup at home is my WRT54G is not routing at all--the rest of my LAN 
> connects on one of the LAN ports of the WRT, and the WRT doesn't do any 
> of its own DHCP serving or any such thing (so the proper gateway, dns, 
> etc all come from my existing DHCP server).

Right - I have a similar setup at home (with Airport Extremes in a WDS
setup with an Express for AirTunes - works reasonably well, but I've got
several steel roofs to work around, and am suffering from some dropouts
on airtunes so I'm trying to get my SO's laptop on G so I can put my
whole wireless net using G - dual b/g support is apparently one cause of
the audio/packet dropouts). Since Apple fixed the "time out dormant ssh
connections after an hour (!)" bug, Ahem, I've been happy. Anyway.

I've got the following setup at home:

cable >-----<WAN  Airport  LAN>--------[ 4-port dlink hub ]
                         z                     |     |
                         z WDS                 |ether|
                         z                     |     |
<Express> wmw WDS wmw < Airport Extreme >    ibook  mini

Everything's got fixed IPs (except the WAN i/f on the cable modem) so I
can use hardcoded /etc/hosts to ssh from one to the other, etc. But this
setup is 10/8, not 192.168. The two Airports are Extreme (B/G capable)
and the Express is a WDS remote BS, so I can use the ibook in the den.
Whoo.

At work, it's more like:

                 +-------+  /
fract T1>--------<eth1   | /  192.168.1.0/24 land
                 |  fw   |/
                 |   eth0>---[ switch ]
                 +-------+     | 
   public Inet land   /   +----------------------------+
                     /      |||           |          |
    5c4ry           /   (lan hosts)   (airport)  (airport)
   h4x0rs          /                      z          z
                  /                    laptop      laptop

The Airports each have fixed IPs in 192.168.1/24, and do DHCP from their
own fixed range of IPs (so I can hardcode their rDNS). It Just Works.

Now, I want to add this WRT in exactly the same way as I have the
airports, but for whatever reason it's not behaving. I was just trying
to figure out if it was a limitation of the WRT, the WRT firmware, a
configuration toggle I haven't found yet, or what.

> If you /do/ want your wireless segmented like that, I'd suggest putting 
> its internal network on a separate subnet, say, 192.168.2.0/24.

Well, I would, but the WRT DHCP range is hard-coded to 192.168.1.x. I'm
hoping that sveasoft/openwrt/dd-wrt will let me override that, or it's
smart enough to act as an access point within a single /24 instead of as
a router expecting different networks on LAN and WAN sides.

> When something on your wireless, 192.168.1.52-60, asks the WRT to direct 
> packets to 192.168.1.1, the WRT's routing table sees "ah, my IP is 
> 192.168.1.129, and my netmask is 255.255.255.0.  That means 192.168.1.1 
> is on the local side" and spits the packet out on the LAN side.  Unless 
> you make your wireless subnet smaller, to where 52-60 isn't in the same 
> subnet as 1 (such as using a 27-bit netmask, and in which case you'd 
> need to make sure the WRT's IP was in the same subnet as its DHCP pool, 
> which may or may not be automatic), I don't think the WRT is ever going 
> to route a packet destined for its own subnet out its WAN port.

OK, that's what I was afraid of. I wonder if I can have it dole out
DHCP IPs from 192.168.1.248/28 even if the LAN is using 192.168.1.0/24?
Or will I need to reconfigure everything on the LAN to use different
netmasks, etc? Forgive me, for I know not what I do ;)
 
> I use MAC filtering plus WPA-TKIP to keep my wireless net secure.

Yep, we use MAC filtering here; one of the benefits of moving to this
wifi box was to let me go from WEP to WPA. 

Thanks,
Steve

-- 
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
antispam news, solutions for sendmail, exim, postfix: http://enemieslist.com/

More information about the ncsa-discussion mailing list