[TriLUG] OT LAN Segment issues

Shawn William Taylor STaylor at torexretailna.com
Thu Jun 28 08:25:47 EDT 2007 

Neil,
Some initial questions/observations are:
What is the IP/Mask of Subnets 2 and 3?
Second, your internet segment 166.82.aa.xx/29 is not really part of 
segment1.
It's a segment on it's own and the router/firewall that connects that 
internet segment has to be able to ping devices in subnet2 and subnet3 
successfully. Then, you will need to add rules to the firewall to allow 
whatever traffic you want to subnet2 and subnet3. The linksys by default 
will allow anything from subnet1 out to the internet and will NAT it back 
to subnet1, however it knows nothing about subnet2 or subnet3.
As far as your DMZ segment goes, what IP/mask are you using in there? 
Somehow I think linksys devices only support 1 host in the DMZ?? Although 
I bought my linksys device 4 or 5 years ago and have never used the DMZ 
port.
Shawn




"Neil L. Little" <nllittle at embarqmail.com> 
Sent by: trilug-bounces at trilug.org
06/27/2007 11:14 PM
Please respond to
Triangle Linux Users Group discussion list <trilug at trilug.org>


To
Triangle Linux Users Group discussion list <trilug at trilug.org>
cc

Subject
[TriLUG] OT LAN Segment issues






This is somewhat OT but it does involve servers that are all running 
some flavor of Linux.
I have certainly put myself in deep water on this one as this is my weak 
point. I appreciate any help I can get on this.

Our Lan is connected to DSL modem belonging to CTC. The gateway is 
assigned a static IP (166.82.aa.xx) provided by a DHCP server.
We have purchased a block of 6 IP addresses.
......Routed Block: 166.82.bb.x1
...........Usable IPs 166.82.bb.x2 through 166.82.bb.x7
......Broadcast IP: 166.82.bb.x8 
 
I am segmenting a small office LAN into 3 segments. The problem is I 
cant get segment 2 and 3 to see the internet and vise versa.
 
Segment 1 is the gateway (static IP 166.82.aa.xx)  to the DSL modem 
(Zhone 6211-I3 ADSL2+). It is a DHCP LAN (192.168.1.100 range of 50) 
containing all the office desktop computers. All these computers are 
sitting behind a 4 port Linksys router (BEFSX41). There is also a 16 
port workgroup switch (EZXS16W) connected to port 1 connected. I have 
turned on DMZ (port 4) and set the IP to 192.168.1.151.
 
Segment 2 is a 8 port Linksys router (BEFSR81) connected to the DMZ port 
(port 4, disables NAT/Firewall) of the Segment 1 router. It is a Static 
IP LAN and contains the servers. This is where the routed block of 8 IP 
addresses for this segment (6 IP + 1 router + 1 broadcast) is going.
 
Segment 3 is a 4 port Linksys vpn router (RV042) connected to one of the 
ports of the segment 2 router.
 
CTC, our provider. has indicated that they would like the routed block 
of IP addresses routed behind the gateway IP.
 
For Segment 2 router I have changed the settings under advanced routing 
to disable NAT and enabled Dynamic routing using rip1.
I have set the IP of the WAN gateway to 192.168.1.151 (connects to 
Segment 1 DMZ port 4 set to 192.168.1.151).
The IP of the LAN interface was set to the address CTC indicated was the 
router IP (166.82.bb.x1) for the Block of IPs.
The default gateway I set to the IP of the WAN interface for Segment 1 
(166.82.aa.xx)
 
I think I need a static IP pointing to the segment 2 router.....at least 
I think I do.
 
For segment 3 well, I have not even turned it on yet.
-- 
TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/

More information about the TriLUG mailing list