[TriLUG] OT LAN Segment issues

Neil L. Little nllittle at embarqmail.com
Sat Jun 30 15:10:12 EDT 2007 

Friday I was able to get the segment 2 to start talking to segment 1. 
I read what you said about the DMZ and realized where my logic failed 
me. I turned off DMZ on port 4.
The DHCP server assigned the address, the default gateway, and the DNS IPs

The IP mask for the routed block is 255.255.255.248

I believe I now need to set a static route so segment 1 can see segment 
2 from segment 1.

As a side note I tried for a simpler configuration by putting a switch 
between the DSL modem and then connect the routers to the switch.
The result of that little exercise, was the modem would assign an IP to 
the BEFSX41 router but not the other two.
CTC is looking for a specific MAC address and will only assign an IP to 
a device with that MAC.
They also have the modem locked down as well. I tried to gain access to 
it to see what they were doing.

Still to come are the joys of getting an IPSEC policy to work with the 
XP VPN client on winders handshake and establish a VPN tunnel at the 
BEFSX41 router.

Neil, WA4AZL
JARS Forever!!

Shawn William Taylor wrote:
> Neil,
> Some initial questions/observations are:
> What is the IP/Mask of Subnets 2 and 3?
> Second, your internet segment 166.82.aa.xx/29 is not really part of 
> segment1.
> It's a segment on it's own and the router/firewall that connects that 
> internet segment has to be able to ping devices in subnet2 and subnet3 
> successfully. Then, you will need to add rules to the firewall to allow 
> whatever traffic you want to subnet2 and subnet3. The linksys by default 
> will allow anything from subnet1 out to the internet and will NAT it back 
> to subnet1, however it knows nothing about subnet2 or subnet3.
> As far as your DMZ segment goes, what IP/mask are you using in there? 
> Somehow I think linksys devices only support 1 host in the DMZ?? Although 
> I bought my linksys device 4 or 5 years ago and have never used the DMZ 
> port.
> Shawn
>
>
>
>
> "Neil L. Little" <nllittle at embarqmail.com> 
> Sent by: trilug-bounces at trilug.org
> 06/27/2007 11:14 PM
> Please respond to
> Triangle Linux Users Group discussion list <trilug at trilug.org>
>
>
> To
> Triangle Linux Users Group discussion list <trilug at trilug.org>
> cc
>
> Subject
> [TriLUG] OT LAN Segment issues
>
>
>
>
>
>
> This is somewhat OT but it does involve servers that are all running 
> some flavor of Linux.
> I have certainly put myself in deep water on this one as this is my weak 
> point. I appreciate any help I can get on this.
>
> Our Lan is connected to DSL modem belonging to CTC. The gateway is 
> assigned a static IP (166.82.aa.xx) provided by a DHCP server.
> We have purchased a block of 6 IP addresses.
> ......Routed Block: 166.82.bb.x1
> ...........Usable IPs 166.82.bb.x2 through 166.82.bb.x7
> ......Broadcast IP: 166.82.bb.x8 
>  
> I am segmenting a small office LAN into 3 segments. The problem is I 
> cant get segment 2 and 3 to see the internet and vise versa.
>  
> Segment 1 is the gateway (static IP 166.82.aa.xx)  to the DSL modem 
> (Zhone 6211-I3 ADSL2+). It is a DHCP LAN (192.168.1.100 range of 50) 
> containing all the office desktop computers. All these computers are 
> sitting behind a 4 port Linksys router (BEFSX41). There is also a 16 
> port workgroup switch (EZXS16W) connected to port 1 connected. I have 
> turned on DMZ (port 4) and set the IP to 192.168.1.151.
>  
> Segment 2 is a 8 port Linksys router (BEFSR81) connected to the DMZ port 
> (port 4, disables NAT/Firewall) of the Segment 1 router. It is a Static 
> IP LAN and contains the servers. This is where the routed block of 8 IP 
> addresses for this segment (6 IP + 1 router + 1 broadcast) is going.
>  
> Segment 3 is a 4 port Linksys vpn router (RV042) connected to one of the 
> ports of the segment 2 router.
>  
> CTC, our provider. has indicated that they would like the routed block 
> of IP addresses routed behind the gateway IP.
>  
> For Segment 2 router I have changed the settings under advanced routing 
> to disable NAT and enabled Dynamic routing using rip1.
> I have set the IP of the WAN gateway to 192.168.1.151 (connects to 
> Segment 1 DMZ port 4 set to 192.168.1.151).
> The IP of the LAN interface was set to the address CTC indicated was the 
> router IP (166.82.bb.x1) for the Block of IPs.
> The default gateway I set to the IP of the WAN interface for Segment 1 
> (166.82.aa.xx)
>  
> I think I need a static IP pointing to the segment 2 router.....at least 
> I think I do.
>  
> For segment 3 well, I have not even turned it on yet.
>

More information about the TriLUG mailing list