Ok networking gurus....

[GeoffS]

I may be showing some ignorance here, but I'm struggling and don't even know if I can do what I want to do with what I have.

I've got cable modem service at home. Attached to the cable modem is a Netgear ProSafe VPN Firewall (http://www.netgear.com/products/details/FVS318.php). It's setup as a dhcp server and is serving up IP addresses to 2 PCs, 1 server and a Netgear wireless-B router (http://www.netgear.com/products/details/MR814.php). "Attached" to the wireless router are a laptop and a PC.

The firewall is set up internally as 192.168.0.1 and is serving up IP addresses in the 192.168.0.2-50 range. The address 192.168.0.99 has been reserved for the router based on the mac address of the router.

Attached to one of the PCs attached to the firewall is a printer which is shared with the other PCs attached to the firewall. The printer is not a network printer, just a shared printer.

The wireless router is set up internally as 192.168.1.1 and is serving up IP addresses in the 192.168.1.51-99 range.

I want the devices attached to the wireless router to have visibility to the devices attached to the firewall, namely be able to print and retrieve files from the server, and I'm having no success... any help in how to configure the wireless router to just act as an access point and not serve up IP addresses and just let the firewall box do that would really be appreciated... at least, I think that's what I want to do....

Thanks!
Geoff

 

[EvilWobbles]

You're going to want to change the IP address of the wireless router to something on the 192.168.0.x range and then disable DHCP on the wireless router. When your wireless clients connect to the router, they will receive a DHCP offer from the Netgear VPN Firewall.

 

[RemyCanad]

Shouldn't you just need to disable the routing/NAT on the WAP? You could think of it kind of like a hub.

At least that is what I do with about 10 airports around here.

EDIT: You would obviously need to disable the DHCP server too.

 

[GeoffS]

Here's what happens when I do that.... first I set the wireless router to the ip of 192.168.0.100 in the LAN TCP/IP Setup page, and change the DHCP Server starting IP address range to 192.168.0.101-151 and click Apply. When I release the IP on the laptop and renew it, the wireless router serves me up an IP (192.168.0.101). Then I take the next step and uncheck the Use Router as DHCP Server box and apply the change. I release the IP and then try to renew it on the laptop and it just hangs trying to acquire an IP until it times out. I've tried unplugging the wireless router and plugging it back in to no avail.

The devices attached to the firewall at this point are:

IP Address Device Name MAC Address
192.168.0.2 PC1 00:0BB:59:65:E0
192.168.0.3 SC420 00:13:20:47:B7:F6
192.168.0.4 KIDS 00:06:5B:CF:02:9A
192.168.0.99 MR814v2 00:09:5B:9D:B4:F7 << this is the wireless router

The laptop does not acquire an address, but the wireless router does. If I take the cable that connects the laptop to the wireless router and connect it to the firewall instead (laptop is now connected directly to the firewall) it gets served up an address

IP Address Device Name MAC Address
192.168.0.2 PC1 00:0BB:59:65:E0
192.168.0.3 SC420 00:13:20:47:B7:F6
192.168.0.4 KIDS 00:06:5B:CF:02:9A
192.168.0.99 MR814v2 00:09:5B:9D:B4:F7
192.168.0.5 INSPIRON6000 00:12:3FA:96:AF << Laptop

So... something seems to be happening on the way through the wireless router that is not letting the firewall recognize the request from the laptop, through the wireless router, for an IP address.

 

[RemyCanad]

I would bet that your WAP is still routing. So you cannot pickup a DHCP address because you can't see your DHCP server.

 

[GeoffS]

Doesn't this step:

Then I take the next step and uncheck the Use Router as DHCP Server box and apply the change

turn off the WAP routing? If the wap was still routing, wouldn't the laptop get an IP from it?

 

[RemyCanad]

Well you stopped the WAP from acting as a DHCP server but it's still a router.

If you turn off the routing then it should act as a hub set to uplink. The routing is the reason you cannot see anything but items that are local to your WAP.

Turn off the DHCP like you have it. Then setup your notebook manually. You will need to make sure the internal address of your WAP is set to an IP on a different subnet than your firewall's internal.

You should still be able to get out to the internet. That would mean your WAP is still routing.

 

[GeoffS]

How do I turn off the routing? I'm not finding a setting...

And what do you mean by "make sure the internal address of your WAP is set to an IP on a different subnet than your firewall's internal"?

Geoff

 

[GeoffS]

This helped.... not connecting the firewall to the wireless router though the wireless router's WAN port... still working at it though...

 

[GeoffS]

That did the trick!!! By not connecting the wireless router to the firewall through the wireless router WAN port, it's not trying to route anything! The DHCP is unchecked and the firewall is serving up the IP addresses and I can see the other computers in the same workgroup! Woohoo!!

Thanks for all the help guys!
Geoff

 

[mondobyte]

You need to change the WAP to be a "bridge" ... not a router ... turn of NAT and DHCP ...

Turn on WEP or WPA ... use a shared key ...

mondo

 

[GimpyOne]

Don't know if it will help, but I had similar issues with a Netgear wireless router at my wife's work recently. It turns out to make everything happy I had to:

1. Unplug the wireless router from the network.
2. Turn off and reset the router
3. Turn router on and access setup page to change router IP and DHCP settings
4. After changing all this then plug router into the network


There were wierd issues going on where the DHCP server on the router overrode the one on the DSL line and the DSL would not take back over again even after the wireless reset itself. It would only work if I disabled the DHCP while disconnected from the network and then connected it. Go figure...:disgust:

edit: see you got it... I forgot to mention that part too. You can't use the WAN port on the wireless router if you only want it to act as a switch.

 

[GeoffS]

I've got WEP running, and I'm using an access list for MAC addresses... I can't turn off the SSID broadcasting until I get a better nic in the PC... it drops the connection if I turn off broadcasting.

I can't find a setting for NAT anywhere in the configuration. However, by plugging a cable from a port in the firewall to a regular port in the wireless router, I seem to have gotten around the whole routing issue

Thanks everyone for the input! What a great community! :beer:

Geoff

 

[RemyCanad]

Originally posted by: GeoffS
I've got WEP running, and I'm using an access list for MAC addresses... I can't turn off the SSID broadcasting until I get a better nic in the PC... it drops the connection if I turn off broadcasting.

I can't find a setting for NAT anywhere in the configuration. However, by plugging a cable from a port in the firewall to a regular port in the wireless router, I seem to have gotten around the whole routing issue

Thanks everyone for the input! What a great community! :beer:

Geoff

Yep that would do the trick. Glad to hear you got it up and running.

 

[SirUlli]

sorry when i go in this, but i have also a problem

you know the Problem

ping is going only in one Direction

Comp1 192.168.0.1
Comp2 192.168.0.2

the Ping from comp1 to Comp2 is going, but
the Ping from comp2 to Comp1 is going not

and a ping from comp2 to Comp1 with ping comp1 says

Ping Comp1 [192.168.0.1] mit 32 Bytes Daten:

timeout
so DNS is working, but no Ping

i can view both Comps over Network, and i find both comps,

all is working only the Ping....

no Firewall or anythink is aktivatet, both Comps are Windows XP with SP2, the Computer with the Problem is an Athlon64 3.500+ with an Nforce4 Mobo

i think i installed this over 100 times, but this is the first i dont know...

an other Networkcard PCI has the same Probs, i dont know what to do

Sir Ulli

 

[RemyCanad]

Okay here is a long shot but I seem to remember from back in the day that some nforce boards had security built into the onboard NIC.

Oh wait I just reread what you posted. So you are saying you have tried a different network card in both comps? Also how are they connected? Are they both connected to the same switch? Is there any router they are traveling through? How about a NAT?