Announcement

Collapse
No announcement yet.

Setting up a second with LAN&DSL, but still see network printers on other LAN.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Setting up a second with LAN&DSL, but still see network printers on other LAN.

    This is a bit of a confusing one, but I'll try and describe accurately and concisely what I'm trying to do.

    We have a simple existing LAN in our office, with an integrated DSL modem router both serving DSL and providing all-in-one NAT and DHCP on the usual 192.168.x.x range. However, we've just had a second DSL line installed which has faster upload (and is going to be used just for SIP phones and occasional burst uploading to iTunes, our web site, and digital aggregators etc).

    The kit I have for this network is as follows:

    ZyXEL P660-RU-T1 ethernet DSL modem
    Linksys WRT54GL, running DD-WRT v24
    ... plus the usual PCs


    This network is physically separate from the first network, and it has its own DSL connection. As I don't want other machines joining the second network to overutilise this second DSL connection, I thought best to segregate the networks and try and work like that. However, it would be very useful to be able to link the two networks together in some way, without automatically granting any other devices on the first LAN access to the Internet via this second DSL connection.

    I thought I could get the WRT54GL, running DD-WRT, to effectively control the DSL connection, by putting the ZyXEL into bridge mode - but unfortunately in the UK our DSL uses PPPoA, and the DD-WRT only really supports PPPoE, so I couldn't get that to work. So, I'm trying to achieve this another way... But I'm a little bit stuck!

    From reading up, I decided that it would be a good idea to lay the network out as follows:

    Modem: LAN IP: 10.1.1.1 (Internet-facing IP is assigned via DHCP from the ISP but it seems to be fairly static, indeed it may be so)

    Router (WRT54GL):
    WAN IP: 10.1.2.1, (default gateway of 10.1.1.1 and subnet mask of 255.0.0.0)
    LAN IP: 10.1.2.1 (note how I matched WAN with LAN purely for simplicity, although I was thinking about the WAN IP being 10.1.1.2)
    Devices are assigned IPs via DHCP between 10.1.2.100-10.1.2.200
    Subnet mask: 255.0.0.0

    The ZyXEL modem itself has a DHCP server and NAT built into it, which I've disabled - I want the WRT54GL to handle all NAT, uPnP and DHCP if possible - because I want to avoid a double NAT situation (less hassle with things like the SIP phones) but if it's the only solution then we'll have to do that. The modem supports both SUA and full NAT, so there's another option there.


    The modem is plugged into the WAN port on the WRT54GL. At the moment, one device is plugged into the switch on the WRT54GL for testing (will probably invest in a small 8 port switch to cater for all devices). The LAN side of things is working fine whatever I configure, but it's getting through to the Internet I'm having problems with. Also, the modem has its own web-based config pages, which you can access via its LAN IP - I need to be able to reach those from any machine on the LAN even though it's on a different address range.

    What happens at the moment:

    The DSL connects fine, machines plug into LAN and although it gets an IP (e.g. 10.1.2.127), it cannot see the Internet. It cannot resolve any domain names, and any attempted traceroutes to IPs time out after the first hop (the router).


    What's the best way to set the network up so that the router is handling all of the hard stuff, whilst leaving the modem to just work as a modem? I did have it working at one point, but it was with the modem plugged into one of the switch ports (instead of the WAN port) because it was the only way I found to make it work! I can't understand why, even with the WAN port disabled and assigned to the switch I don't think it worked... A very strange problem.

    Also another problem is that the network printers in the office are currently on another physical LAN, so I'm wondering if I can somehow attach a cat5 cable to both routers, and assign that port internally to be purely used as a bridge to let the other network communicate with the printers and ONLY the printers.


    This is a real baptism of fire for me, and I'm confused by all the various problems I'm having - so any info or tips, however small, are all really useful and appreciated! I don't exactly have the best equipment in the world to work with, but I'm hoping that the flexibility of DD-WRT running on the second router gives me an opportunity to set up this second LAN a little more intelligently.

    All help is appreciated! This forum has come through for me before so I have my fingers crossed.

    Thanks in advance,
    Christopher
    Last edited by Christopher; 11th June 2008, 17:57. Reason: revision of thread title

  • #2
    Re: Setting up a second with LAN&DSL, but still see network printers on other LAN - h

    Hi Christopher
    As I see from Your explanation - the problem is that all Your network equipment is in the same A-class subnet 10.0.0.0/8
    So none of Your internal station don't even look for Defaut gateway.
    Try to do it this way:
    Internal Address of DSL modem - 10.1.1.1 Mask 255.255.255.0
    WAN port of Linksys - 10.1.1.2 Mask 255.255.255.0
    LAN port of Linksys - 10.1.2.1 Mask 255.255.255.0 (in case Your internal network less than 253 hosts)
    Internal LAN addresses - 10.1.2.2-254 Mask 255.255.255.0
    This will guarantee Internet access for stations in LAN.

    About printers - You'll need to physically connect both networks over router\firewall device to allow both networks print on Net printers. To prevent another network users from using wrong Internet access, You may apply correct routing and firewall rules. For example - allow users in new network access only IP's of net printers in old network and deny old network users access to new network at all.
    I think in Your situation its time to spend money in some more sophisticated hardware with ability of 2 WANs and more than 1 LAN (or VLANs).
    Regards
    Denis Laskov
    MCSA/E - CWNA - CCNA

    Comment


    • #3
      Re: Setting up a second with LAN&DSL, but still see network printers on other LAN - h

      dlaskov - thanks for your reply! I'm not a networking expert so I totally miss the obvious things sometimes

      Ok, this will make you scratch your head...

      Before I got your reply, earlier today I tried set up the router with a WAN IP of 10.1.1.2, to match with the modem - it didn't work! Before I left work this evening, I actually had the network working, but it's behaving very strangely - I can only get internet connectivity if I plug the modem into one of the ports on the router's switch, if I try to use the WAN connection (either as a WAN uplink or just as a regular port, by selecting the option "Assign WAN port to switch"... I couldn't get it to work.

      So currently, the modem is configured as 10.1.1.1, the router has a WAN IP of 10.1.2.1, and devices are DHCPed to 10.1.2.100-200 (although there's only about 8 devices in total on the LAN!)... And as long as the modem's plugged into a switch port, instead of the WAN port, it seems to work. Very strange. Unfortunately the modem is running in SUA NAT mode, which is effectively one-to-many NAT according to the documentation, but it's better than nothing.



      Do you have any ideas as to why having the modem in the WAN port wouldn't work? Is it looking for a plain Internet connection which isn't behind any kind of NAT or anything? The reason I ask is because although the work setup is using ADSL, my home connection (using an identical router with the same version of DD-WRT), on a cable modem connection, it works perfectly with the modem plugged into the WAN port, and the router is assigned the public internet IP.


      Unfortunately I really wish I could buy some expensive networking hardware and set up a decent VLAN, but I just don't have the budget (no budget!) to do it. I'm always keen to squeeze every last drop of performance from the equipment I have, so your feedback is very helpful. Regarding your last comments, about connecting the LANs together - I assumed I'd have to do that, would the WAN port come in useful here perhaps? If I could either set up some iptable entries via ifconfig to deny access to the 192.168.1.x subnet for all devices except for the static IPs which the printers are on, would that be the easiest way to do it?

      Also, I want to make sure that devices connected to the 192.168.1.x LAN via wifi or cat5 don't try to route through the 10.1.1x/10.1.2.x network to connect to the Internet - this connection is supposed to be purely for the SIP phones and uploading of our audio files to our service providers... Again, would static routes be the best way to achieve this? There's an Advanced Routing tab in DD-WRT, but I've never really played with it (I've never had a real reason to!) but I'm really determined to try and get this to work in the easiest way possible. I want to ensure that the whole network will still work without problems after I leave the my full time job with the company (which I'm due to do in a month or so), hence why I'm trying to do the hard work now!




      Thank you very much for your comments sir, they're much appreciated - I spent all afternoon reading about iptables, NATs and trying to glean as much knowledge as I could, but it's always so much harder when you're teaching yourself, instead of have someone who knows a lot show you how to do it in one go I wish we could afford more expensive equipment, but I really had to push to get this equipment, instead of just some awful all-in-one router which I knew would be awful... I think I might be able to achieve roughly what I want to do, minus the VLANs (I'd love to set up some VLANs for the SIP phones and maybe the printers, that might be a way round the problem... but I'm going to have to do some more reading!


      Cheers very much, your info was very useful. I'll go into work tomorrow and have another play about with the equipment and see if I can make it work a bit better!

      Thanks,
      Christopher

      Comment


      • #4
        Re: Setting up a second with LAN&DSL, but still see network printers on other LAN.

        The reason you can't access the Internet with modem plugged into the WAN port of the router if because of your IP address that you've assigned. Follow dlaskov's advice on the ranges you should use (the subnet masks are the key in this case) but I would only put about 100 addresses in your DHCP scope instead of 253. This will give you a little more flexibility.

        Also, the modem needs to perform NAT or else anything behind it won't be able to connect to the Internet. This is because if the modem doesn't do the NAT then it will try and route to the Internet traffic with a private source address and the packets will just be dropped by Internet routers.

        First let's get you new network running then we can worry about connecting it to the old one.
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Re: Setting up a second with LAN&DSL, but still see network printers on other LAN.

          Hello Jeremy Cheers for replying - some responses to your comments:

          Originally posted by JeremyW View Post
          The reason you can't access the Internet with modem plugged into the WAN port of the router if because of your IP address that you've assigned. Follow dlaskov's advice on the ranges you should use (the subnet masks are the key in this case) but I would only put about 100 addresses in your DHCP scope instead of 253. This will give you a little more flexibility.
          Following dlaskov's advice I changed my subnet masks to 255.255.255.0, made a difference.

          While I'm ironing out the kinks I decided to semi-mirror the setup of the other network. One very unusual thing I've noticed though is the modem's behaviour towards the SIP phones when they're provisioned static IPs out of the DHCP range...

          The ZyXEL modem has an AnyIP feature, where it will accept and route requests for internet access from any device connected to it, regardless of its IP address. Not quite sure how that works, but it's there (and enabled). Anyway, I migrated over my SIP phone for testing, and provisioned it as 10.1.1.221 (out of the DHCP range which I set from .100 to .199).

          I turned the phone on... And it wouldn't register with the SIP gateway. Tell the phone to get an IP via DHCP, and bingo: as soon as it initialised, it got an IP in the DHCP scope and bam - registered with the SIP gateway (external to our network). I can't understand this behaviour, particularly because a similar set up works absolutely fine on the other LAN. The phones have all the same settings, default gateway, subnet masks... Yet on the second LAN, it just doesn't work for some reason!

          I'm suspecting the modem's ignoring the traffic because the only other networking device is the WRT54GL running DD-WRT, which I also have at home running in a similar configuration (hooked up to my cable modem) and it has all manner of DHCP and static IP devices strung off it, which it copes with no problems. Yet, I can't understand the behaviour... As a workaround I ended up adding a DHCP reservation for the phone's MAC address on the modem (which is also doing DHCP at the moment), and extending the DHCP pool to 140 address (to take me into the range where I want the phones to live).


          Do you have any idea whatsoever as to what might be causing this? It's a real headscratcher for me, I've not had it happen to me before and you'd think it to be a pretty standard kind of setup.

          Originally posted by JeremyW View Post
          Also, the modem needs to perform NAT or else anything behind it won't be able to connect to the Internet. This is because if the modem doesn't do the NAT then it will try and route to the Internet traffic with a private source address and the packets will just be dropped by Internet routers.
          Right, I understand that just fine. What's puzzling is how the first configuration I tried didn't work... I think this needs graphs to illustrate:


          Code:
           [internet]
              |
              |
              |
              |
              v
           [dsl modem]      - routed mode, NAT only, no DHCP, no uPnP
             |
             |
             |
            into: wan port
             |
             v
           [wrt54gl router] - router doing all the heavy work (DHCP, uPnP)
             |1  |2 |3 |4
             v         v
             PC      SPA942
          
          
          
          
          modem: 10.1.1.1
          router wan: 10.1.1.2
          router lan: 10.2.2.1
          subnet: 255.255.255.0
          
          dynamic devices: 10.2.2.100-199
          static  devices: 10.2.2.200-240 (printers, SIP phones etc)
          This didn't work... And I don't really know why. Puzzlingly, the modem hooked up to the WAN port didn't seem to want to route and accept WAN traffic.

          The only way I could get the network working properly was like this:


          Code:
           [internet]
              |
              |
              |
              |
              V
           [dsl modem]      - routed mode, NAT, DHCP server, uPnP enabled
             |
             |
             |
            into: switch port on router
             |
             |
             V   [wrt54gl router] - router purely acting as a switch (WAN port disabled)
             |     |1  |2 |3 |4
             |     |   |     V
             V     |   PC   SPA942
             |     |
             |     ^
             |->--dsl modem (incoming)
          
          
          
          modem: 10.1.1.1
          router wan: disabled
          router lan: 10.1.1.2
          subnet: 255.255.255.0
          
          dynamic devices: 10.1.1.100-199
          static  devices: 10.1.1.200-240 (printers, SIP phones etc) - except the SIP phones hate this!
          Note how the modem is plugged into the switch, bypassing the WAN port entirely. It only seems to want to serve out IPs and deal with uPnP and NAT properly when hooked up via the switch (which I get, but I can't understand why! if you follow my meaning). I've tried various configurations and in some, the connection has mostly worked but some stuff like uPnP hasn't - which I couldn't work out. Unfortunately, having uPnP working is important for us as we have kit and software which relies on uPnP for smooth operation.

          I often tend to think that having a network where something doesn't work for some unexplainable reason isn't good enough, I have a quite dogged determination to work out exactly why it's happening and fix it So I'd rather have the network fully working in a slightly more complex configuration than just put up with 90% of the features working and some of them not, but not bothering to do anything about it.



          Even more strangely, when you disable the WAN port in DD-WRT, you can assign the WAN port to the switch (I'm guessing it rewrites its iptables), but although I could get to the router I couldn't see the Internet or ping out beyond the LAN when I plugged my PC into it. Nor could I get a DHCP IP, for that matter. What is the icing on the cake though is that the DD-WRT router itself has a static IP of 10.1.1.2 - and it can see the Internet just fine (as it gets its time via NTP, and it also pings freedns.afraid.org to update a dynamic subdomain every so often, and that always works!) if I SSH into the router, I can also ping external sites fine, so that raises fresh doubts for me as to whether it's the modem or the router which is still misbehaving.

          I've never seen this happen before, and it's clear that something's a little odd in this setup, just can't understand why the modem isn't playing ball with some of the things I'm trying to make the network do! Doesn't seem so complicated... Anyway, if the network *has* to be run like this, then so be it - there's an 8 port switch on the way to expand the connectivity for the WRT54GL anyway, so if the modem has to be hooked up to the switch for the network to work then so be it.


          I know some people would just go "eh, it works, never mind" but I'm so determined to understand the root cause of why this isn't working properly - I hope this doesn't put you guys off And any knowledge or stuff you can teach me is very useful (and much appreciated).


          Originally posted by JeremyW View Post
          First let's get you new network running then we can worry about connecting it to the old one.
          It works... I suppose... Not ideal configuration, but it does work. What is still puzzling me is that the modem and devices on the network are interacting in the way they are - I've never seen devices on a LAN act so strangely!
          Last edited by Christopher; 10th June 2008, 16:48.

          Comment


          • #6
            Re: Setting up a second with LAN&DSL, but still see network printers on other LAN.

            Cheers on the diagram and the verbose posts. Too much information is much better than too little.

            After looking over your setup it appears that nothing is malfunctioning. It's working how I would expect it to work. The problem with the first diagram is that the modem doesn't know where to send traffic destined for the 10.2.2.0 network.

            I would set things up like you had in the first diagram and then add a static route to the modem.

            Code:
            Address  Mask          Gateway
            10.2.2.0 255.255.255.0 10.1.1.2
            Regards,
            Jeremy

            Network Consultant/Engineer
            Baltimore - Washington area and beyond
            www.gma-cpa.com

            Comment


            • #7
              Re: Setting up a second with LAN&DSL, but still see network printers on other LAN.

              Originally posted by JeremyW View Post
              Cheers on the diagram and the verbose posts. Too much information is much better than too little.

              After looking over your setup it appears that nothing is malfunctioning. It's working how I would expect it to work. The problem with the first diagram is that the modem doesn't know where to send traffic destined for the 10.2.2.0 network.

              I would set things up like you had in the first diagram and then add a static route to the modem.

              Code:
              Address  Mask          Gateway
              10.2.2.0 255.255.255.0 10.1.1.2
              Woohoo, with your help I got it working!

              I never quite got my head around static routes, and there's nobody around who could help me learn by showing me how to set it up properly... I took your advice and set up the route (slightly modifying it), and also set up a mirror route on the router: and it works!


              Here's what I did:

              On the modem (10.1.1.1/255.255.255.0):
              Code:
              Name	Destination	Gateway		Subnet Mask
              
              wan	10. 2. 2. 1	10. 1. 1. 2	255.255.255. 0
              (as you recommended)

              And on the WRT54GL router (10.2.2.1/255.255.255.0):
              Code:
              Name	Destination	Gateway		Subnet Mask
              
              to-wan	10. 1. 1. 1	10. 2. 2. 1	255.255.255. 0
              I think this was what I was missing before, although I tried various combinations of static routes on the modem (never quite getting it right, because I was confused with the x.x.x.0 specification, and all sorts of other stuff).

              What does putting a 0 as the last octet signify in an IP - that it should apply to the whole subnet? How exactly does specifying a static route where the destination ends with .0 work? I've looked for some tutorials or help guides but most of the popular hits are for Cisco kit - and besides the fact we have no Cisco kit here, no WAY do I want to dive into IOS right this moment!

              The routing table on the WRT54GL is currently showing as this:

              Code:
              Destination LAN NET	Subnet Mask	Gateway 	Interface 
              10.2.2.0 		255.255.255.0 	0.0.0.0 	LAN & WLAN 
              10.1.1.0 		255.255.255.0 	0.0.0.0 	WAN 
              169.254.0.0 		255.255.0.0 	0.0.0.0 	LAN & WLAN
              0.0.0.0			0.0.0.0 	10.1.1.1 	WAN
              I'm not sure if that 10.2.2.0 route is there from a previous 'attempt' on my side which went wrong, but I added the 10.1.1.0 route and after power cycling the device, it works.

              And, the good news is that after obtaining a new DHCP release for the PC, the device can now see the Internet! The VoIP phone also works (with a static IP) with the default gateway set as 10.2.2.1, which it never did before.

              However, using uTorrent to check uPnP functionality highlights a problem - uPnP autonegotiation still isn't working properly for some reason. That said, when I fired up a couple of torrents (don't worry, Linux images!) I did notice that after a couple of minutes, uploads did start and it's seeding away at a decent speed. However, the 'no incoming connections' icon would indicate that there's still a problem with devices being able to automatically configure incoming port maps.

              More confusingly, when you go to the uPnP status page in the DD-WRT web admin, it shows the application and the port maps it's created - which are all shown correctly. I have the same kinds of entries for my uTorrent install on my home PC, and uPnP works absolutely fine (but I have an ethernet cable modem which passes my public IP right through to the WAN interface of my router, and I'm guessing it's this extra layer of NAT which is causing the problem).

              Would this be solved by a manual port map for specific listening ports on the modem end (which I can also still access on 10.1.1.1), or is it just something which I have to acknowledge will never work? If there's some solution for it then I'd love to know, because it's probably an exceedingly useful bit of knowledge to have.

              I also have a feeling it's possibly because DD-WRT can't properly handle PPPoA connections on its own so it can't directly see the Internet - I did try the modem in bridge mode and set up the appropriate details in DD-WRT (the modem strangely did still have two boxes to put in a connection username and password, which I tried, but it still wouldn't connect) but it wouldn't connect.

              Can you think of any possible solution to this? It's a really odd little problem, but it's one which I have a feeling will come back to bite me in the arse at some point in the future, and I'll regret never having tried to solve it! I've tried adding this machine to the DMZ on the router, I've tried enabling and disabling the uPnP service on the modem/router/both devices, and no combination of enabled/disabled options seems to make a difference. Granted, I didn't leave it very long between changing the options, but I waited at least a minute after changing an option to see if uPnP showed as OK in uTorrent. (When I was connected the old way, uPnP showed as OK after a few seconds as I think it polls and checks to see whether the uPnP map is working ok every few seconds, too).


              Either way, you've saved my hairline! Congratulations sir If you have a PayPal account (or you're coming to Birmingham soon ) I'll gladly send you some beer money by way of thanks for helping me so far.

              Comment


              • #8
                Re: Setting up a second with LAN&DSL, but still see network printers on other LAN.

                Sorry for the delay. When I read the post I didn't have enough time to respond and then I forgot about it... until I was cleaning out my email today.

                Originally posted by Christopher View Post
                And on the WRT54GL router (10.2.2.1/255.255.255.0):
                Code:
                Name	Destination	Gateway		Subnet Mask
                
                to-wan	10. 1. 1. 1	10. 2. 2. 1	255.255.255. 0
                This should be unnecessary and actually is probably ignored by the router because the "connected" route will have a lower cost than this static entry.
                Basically, because the router has an interface configure with an address in the 10.1.1.0/24 network, it will already have a route for that network with it's own IP as the gateway.

                What does putting a 0 as the last octet signify in an IP - that it should apply to the whole subnet? How exactly does specifying a static route where the destination ends with .0 work? I've looked for some tutorials or help guides but most of the popular hits are for Cisco kit - and besides the fact we have no Cisco kit here, no WAY do I want to dive into IOS right this moment!
                Briefly I'll go over it. An IP address like "10.2.2.1" is a decimal representation of a binary number. Each dot separates an octet. Also, an IP address is made up of two parts; the network bits and the host bits. The subnet mask tells the computer or router (or any layer 3 device) what part of the IP address is the network bits and what part is the host bits.

                The IP address and the subnet mask are compared through an ANDing process to determine what part of the IP address is network bits and what part is host bits. The 1 bits of a subnet mask represent the network bits and the 0 bits represent the host bits.
                Below is a diagram to help illustrate it.

                Code:
                Decimal:
                Addr.  192.168.33.110
                Mask   255.255.255.0
                
                Binary:
                Addr.  11000000 10101000 00100001 01101110 
                Mask   11111111 11111111 11111111 00000000
                       |-------- network -------| |-host-|
                The network address is 192.168.33.0 (convert the network bits to decimal)

                And if we change the mask:
                Code:
                Decimal:
                Addr.  192.168.33.110
                Mask   255.255.252.0
                
                Binary:
                Addr.  11000000 10101000 00100001 01101110 
                Mask   11111111 11111111 11111100 00000000
                       |------- network ------||--host---|
                So with the new mask the network address is 192.168.32.0 (confused yet?)

                Here's a great article on IP addressing http://www.3com.com/other/pdfs/infra..._US/501302.pdf


                I'm not sure if that 10.2.2.0 route is there from a previous 'attempt' on my side which went wrong, but I added the 10.1.1.0 route and after power cycling the device, it works.
                The route is there because there is an interface configured on that network.

                However, using uTorrent to check uPnP functionality highlights a problem - uPnP autonegotiation still isn't working properly for some reason. That said, when I fired up a couple of torrents (don't worry, Linux images!) I did notice that after a couple of minutes, uploads did start and it's seeding away at a decent speed. However, the 'no incoming connections' icon would indicate that there's still a problem with devices being able to automatically configure incoming port maps.

                More confusingly, when you go to the uPnP status page in the DD-WRT web admin, it shows the application and the port maps it's created - which are all shown correctly. I have the same kinds of entries for my uTorrent install on my home PC, and uPnP works absolutely fine (but I have an ethernet cable modem which passes my public IP right through to the WAN interface of my router, and I'm guessing it's this extra layer of NAT which is causing the problem).

                Would this be solved by a manual port map for specific listening ports on the modem end (which I can also still access on 10.1.1.1), or is it just something which I have to acknowledge will never work? If there's some solution for it then I'd love to know, because it's probably an exceedingly useful bit of knowledge to have.

                I also have a feeling it's possibly because DD-WRT can't properly handle PPPoA connections on its own so it can't directly see the Internet - I did try the modem in bridge mode and set up the appropriate details in DD-WRT (the modem strangely did still have two boxes to put in a connection username and password, which I tried, but it still wouldn't connect) but it wouldn't connect.

                Can you think of any possible solution to this? It's a really odd little problem, but it's one which I have a feeling will come back to bite me in the arse at some point in the future, and I'll regret never having tried to solve it! I've tried adding this machine to the DMZ on the router, I've tried enabling and disabling the uPnP service on the modem/router/both devices, and no combination of enabled/disabled options seems to make a difference. Granted, I didn't leave it very long between changing the options, but I waited at least a minute after changing an option to see if uPnP showed as OK in uTorrent. (When I was connected the old way, uPnP showed as OK after a few seconds as I think it polls and checks to see whether the uPnP map is working ok every few seconds, too).
                I'm still a little foggy on how you have the NAT setup. Are both the modem and the router performing NAT? Are there specific ports that need to be forwarded to the internal network?

                My advice is to make sure the router is not performing NAT and also make sure all the necessary port are open on the routers firewall. On the modem, forward any necessary ports to the proper IP address. If the case is that you need to forward ports to the 10.2.2.0 network but you modem doesn't allow it (I've seen SOHO devices that only allow you to forward to the connected LAN) then you'll either need to do the double NAT or get the bridge working.
                Regards,
                Jeremy

                Network Consultant/Engineer
                Baltimore - Washington area and beyond
                www.gma-cpa.com

                Comment


                • #9
                  Re: Setting up a second with LAN&DSL, but still see network printers on other LAN.

                  Guess what - good news! (I'll explain further down).

                  In short: everything's working now as I wanted it to from the start...


                  ... Got any quick tutorials on setting up VLANs correctly so both nets can be connected together and both see the printers? It's my last day in the office for a while so I might just have a play about later, see if I can get it to work - the crucial part is that the wired and wifi network is now working exactly as I wanted it to, so I'm verging on the delerious!


                  Originally posted by JeremyW View Post
                  This should be unnecessary and actually is probably ignored by the router because the "connected" route will have a lower cost than this static entry.
                  Basically, because the router has an interface configure with an address in the 10.1.1.0/24 network, it will already have a route for that network with it's own IP as the gateway.



                  Briefly I'll go over it.

                  [MASSIVE subnet tutorial snipped ]

                  The route is there because there is an interface configured on that network.
                  Gotcha. Well, I did a Networking module on my second year of my Uni course and I definitely learnt the basics of subnetting but I think I just learnt double that by reading your excellent cribsheet! I'll have to go re-read it to make sure it all soaked in properly. Thanks very much for writing it up


                  Originally posted by JeremyW View Post
                  I'm still a little foggy on how you have the NAT setup. Are both the modem and the router performing NAT? Are there specific ports that need to be forwarded to the internal network?

                  My advice is to make sure the router is not performing NAT and also make sure all the necessary port are open on the routers firewall. On the modem, forward any necessary ports to the proper IP address. If the case is that you need to forward ports to the 10.2.2.0 network but you modem doesn't allow it (I've seen SOHO devices that only allow you to forward to the connected LAN) then you'll either need to do the double NAT or get the bridge working.


                  In the end, I had a eureka moment. I decided to try approaching my search for the right information from a different tack, and although I'd been searching for this exact thing countless times before, I finally unearthed conclusive information on how to enable PPPoA half bridge mode on the modem. The moment I did that, the router started behaving exactly as I wanted it to - it received the external IP, somehow the modem then assigned itself an IP of 192.168.1.1 and is accessible locally (perfect) while the rest of the network works away quite happily on a 10.2.2.x range. All the SIP phones (with much further tweaking of the impenetrable Sipura settings, to run without glitches) and every other device works absolutely perfectly. Even uPnP traversal works correctly!

                  (I actually wrote up an article based on my experiences with the Sipura phones because I found it so cathartic!) I also documented the info on how I enabled PPPoA half bridge mode on that modem - once I'd found it I couldn't work out how I hadn't found it before, but believe me I'd looked in all the places you'd expect to find this info, and I'd even checked on the ZyXEL KnowledgeBase - their search is absolutely USELESS! I actually found the right info on an almost entirely unrelated search, it was one of those totally random moments.



                  Although the complex solution we (well, mainly you ) hashed out earlier in this thread wasn't used in the end, your info and advice proved invaluable in helping me work out exactly what was going on, how to attack the problem and how to get it all working. I think my little spark of a good idea was just the cherry on top of the cake

                  Really appreciate all your info and tips, I hope other people find this thread a useful resource in the future. What we managed to work out in this thread might still come in useful for my own network at home (you wouldn't believe how rudimentary it is), and it's certainly inspired me to go off and stufy up on advanced networking configuration to learn everything I can about its ins and outs!


                  Mucho thanks indeed to all who participated in this thread thus far, particularly Jeremy.

                  Comment


                  • #10
                    Re: Setting up a second with LAN&DSL, but still see network printers on other LAN.

                    Glad to help! And glad you got it working!

                    To get the printers shared on both subnets it would be best to route between them.
                    If you have VLANs then a router-on-a-stick configuration might do it for you if your linksys has that capability. Probably should start a new thread for that.

                    Took a brief look at you blog post.... over 2600 words, very verbose

                    Cheers.
                    Regards,
                    Jeremy

                    Network Consultant/Engineer
                    Baltimore - Washington area and beyond
                    www.gma-cpa.com

                    Comment


                    • #11
                      Re: Setting up a second with LAN&DSL, but still see network printers on other LAN.

                      Originally posted by JeremyW View Post
                      Glad to help! And glad you got it working!

                      To get the printers shared on both subnets it would be best to route between them.
                      If you have VLANs then a router-on-a-stick configuration might do it for you if your linksys has that capability. Probably should start a new thread for that.

                      Took a brief look at you blog post.... over 2600 words, very verbose

                      Cheers.


                      I know - when I get on a roll I find it hard to stop! Router on a stick eh... I think some of the WRT54G devices have PCMCIA expansion slots if you're talking about software on a removable memory device, but the GL doesn't. There's no VLANs set up at present, thinking about it I'm not quite sure why I said VLANs for printers (I've been staring at the Sipura options pages too long and they have VLAN parameters smattered all over them!)

                      Time to go figure out static routes... It should be a challenge; both networks have their own DHCP servers and different IP ranges, but they both have their own DSL connections and I don't want to contaminate this second connection wit the general office + home traffic including p2p by his kids and suchlike. What's on one LAN needs to go over the WAN connection which it's physically connected to. In fact, only the printer traffic needs to go one way - from the second LAN to the first, as all the other PCs go onto the first LAN, which cuts down on complexity.

                      This is going to be a tricky one.

                      (do you have paypal? I'd like to wire you some beer money by way of thanks. PM me with the info)

                      Comment


                      • #12
                        Re: Setting up a second with LAN&DSL, but still see network printers on other LAN.

                        Originally posted by Christopher View Post
                        Router on a stick eh... I think some of the WRT54G devices have PCMCIA expansion slots if you're talking about software on a removable memory device, but the GL doesn't.
                        Not software but a setup. Basically if the router can do dot1q then you should be able to set it up as a router-on-a-stick.
                        http://en.wikipedia.org/wiki/One-armed_router
                        Regards,
                        Jeremy

                        Network Consultant/Engineer
                        Baltimore - Washington area and beyond
                        www.gma-cpa.com

                        Comment

                        Working...
                        X