Re: Help required - Linksys BEFSX41 & WRT54G setup
From: Rich Wales (richw_at_richw.org)
Date: 10/10/03
- Next message: Beoweolf: "Re: Checkpoint experiences"
- Previous message: Wayne McGlinn: "Re: Checkpoint experiences"
- In reply to: who: "Help required - Linksys BEFSX41 & WRT54G setup"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 10 Oct 2003 04:58:36 +0000 (UTC)
who@net.com wrote:
> I have a LAN setup as below . . . . The objective is to
> enable PC1, PC2, NB1 & NB2 to share resources, e.g., files
> or internet access.
> does connecting WRT54G to one of the switch port on
> BEFSX41, open a big hole in the SPI firewall ??
Possibly. If you leave your wireless router wide open and don't
enable its security features, you're potentially exposing your
home LAN to your neighbours.
You need to be very careful to configure your wireless router with
as much security as possible. At the very least, use WEP with a
128-bit key; this can be broken by a determined hacker, but it
will discourage casual breakin attempts.
If possible, use the new WPA security scheme; the WRT54G supports
it (if the firmware is at version 1.30.1 or later), but I believe
you can only use WPA if =all= of your wireless devices are also
able to use WPA.
If you upgrade the firmware in the WRT54G in order to get WPA
support, be aware that the latest firmware version (1.41.2) has
a bug -- the web interface won't let you specify an NTP (time
synchronization) server. This is a major issue if you want to
use time-dependent packet filters or have reasonable time stamps
on log entries. I reported this problem to Linksys a couple of
weeks ago, but I don't know when they'll get around to posting a
new firmware revision. In the meantime, it appears that if you
set an NTP server using an older version of the firmware, and
then upgrade to 1.41.2, the NTP server you specified previously
will be retained (you just won't be able to change it). Or,
if you're resourceful, you might be able to find the previous
firmware revision (1.30.7) on Linksys's web site; that version
supports WPA =and= lets you specify an NTP server.
> should i connect the UTP cable from one of the switch port
> on BEFSX41 to WRT54G's WAN port or WRT54G's switch port
You can do either, and your choice will depend on how you want to
have your local network set up.
(Yes, I know some people will say at this point that I'm crazy,
and that the one and only correct answer is to plug the cable
into the router's WAN port, but please hear me out. I went
through this particular issue in very painful detail with Linksys
tech support this last summer, so I know what I'm talking about.)
If you hook up your DSL router to the WAN port of the wireless
router (WRT54G), the wireless router will act as a NAT gateway;
your wireless devices will be in their own separate IP subnet and
(from the point of view of the rest of your network) they will
be hidden behind the WRT54G's WAN IP address. This will provide
further protection for your wireless devices, but it also means
that your non-wireless devices (e.g., PC1 and PC2) will =not= be
able to access shared resources on your wireless devices (e.g.,
NB1 and NB2). There is no way to turn off the WRT54G's NAT
activity between its external (WAN) and internal (LAN) interfaces.
HOWEVER . . . if you hook up your DSL router to one of the four
LAN ports of the WRT54G, the wireless router will act as a simple
bridge, and your wireless devices (NB1 and NB2) will be on the
same IP subnet as your non-wireless devices (PC1 and PC2). I
have a Linksys WRT54G at home right now, hooked up in this way.
The WAN port on the wireless router isn't connected to anything
at all; in the setup, I configured the WAN port with an address
on a private IP subnet which I don't use at all (e.g., if your
main subnet for your LAN is 192.168.1.x, you might configure your
WAN port to use the 192.168.2.x subnet).
This is an undocumented feature of the WRT54G, and it required an
extended e-mail exchange with a Linksys tech support person before
the support person (1) understood exactly what I was trying to do
and (2) managed to come up with a solution that actually worked.
I asked the support person to submit the issue to their knowledge
base and/or have it added to the user's guide, but I haven't gone
back to check to see if they have done either of these things.
> should I enable DHCP ? on BEFSX41 or WRT54G
Unless all of your computers (including the wireless systems) are
going to be configured statically with fixed IP addresses, you do
need to enable DHCP somewhere.
If you follow my idea (see above) and hook up your WRT54G as a
simple wireless bridge, I believe you should enable DHCP in the
DSL router (BEFSX41), but =not= in the WRT54G. If you were to
enable DHCP in the WRT54G, you would run into problems because
wireless devices using DHCP would end up trying to use the WRT54G
as their IP gateway. (Remember, DHCP supplies not only an IP
address, but also a subnet mask and a default gateway address.)
If you hook up your WRT54G as a NAT gateway (by connecting to its
WAN port), then you =must= enable DHCP in the WRT54G if you want
your wireless devices to use dynamic IP addresses. You should
also enable DHCP in the DSL router (BEFSX41), but =only= if you
want some or all of your non-wireless systems to use dynamic
addresses too.
> PC1 & PC2 gateway ip address would be BEFSX41 ip
> address, but what is the gateway ip address for
> NB1 & NB2 ??
It depends on how you hook up the WRT54G. If you're using the
WRT54G as a NAT gateway, then NB1 and NB2 would use the WRT54G's
internal (LAN) address as their gateway. But if you set up the
WRT54G as a simple wireless bridge, then NB1 and NB2 should use
the BEFSX41's internal address as their gateway.
In each case, the gateway IP address would be the internal (LAN)
address, not the external (WAN) address. The gateway address
used by a computer needs to be on the computer's own subnet, or
else it won't be used (because the computer won't know how to
reach anything outside its own subnet without sending it through
the default gateway).
Keep in mind, too, that the gateway IP address will be set
automatically if you use DHCP. Again, be sure you enable DHCP
in the right router(s).
Rich Wales richw@richw.org http://www.richw.org/pgp/
PGP2 (2k bits): FDF8FC65 / 2A67F410 0C740867 3EF13F41 528512FA
GnuPG: 85B05210 / 573B4DFC 7F984F11 A5DFB18D 348EDEFF 85B05210
- Next message: Beoweolf: "Re: Checkpoint experiences"
- Previous message: Wayne McGlinn: "Re: Checkpoint experiences"
- In reply to: who: "Help required - Linksys BEFSX41 & WRT54G setup"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
