Like probably every other computer geek out there, I do a certain amount of helping friends set up their home systems. This particular friend knows nothing about networks and firewalls and the like, and just wanted something secure that would allow her to have a reasonably safe Windows box and the daughter to have a reasonably safe and virus-free Windows laptop. The easy bits were installing the spyware detectors (Ad-Aware and Spybot S&D) and the virus checker/utilities (Norton SystemWorks); the tough bit was getting the routers to work.
The system that made most sense was to feed the DSL into a wired ethernet router with a built-in firewall (the D‑Link DI-604 has a reasonable price point and an integrated firewall) and then set up a wireless point for the daughter’s laptop. So my friend got a Linksys wireless router (no firewall). We have this system at home, though with different hardware (Linux firewall + Airport wireless) and it works just fine. So I wasn’t expecting any oddities. I found the support page on the Linksys site that said to turn off the DHCP server on the wireless router, and to give it an IP address that fitted in with the IP setup of the wired router. That was easy enough to do. But somehow the laptop just never managed to sync up.
Ah, how good it was that I allowed more time than I expected to need to set it up! My basic idea was that ethernet comes out of the DSL mode, goes into the wired router in the uplink socket, then a cable comes out of the wired router and goes into the uplink socket of the wireless router. Still seems logical to me, but in this case my logic was completely wrong. Fortunately Linksys has live chat to tech support that works on a Saturday (good move, people!) and Melrose didn’t need very long to figure out the problem and tell me to put the cable coming out of the wired router into one of the 4 regular sockets. This worked just fine; the laptop synced up, my friend (and her daughter) are happy and think I know exactly what I’m doing, while I’m still slightly baffled and wondering what’s wrong with my simple hose-pipe analogy of internet connections. Still, I now know empirically what to do, so that’s the important thing.
I think your logic makes perfect sense. I sometimes use a similar, but non-wireless, configuration with an SMC Barricade router connected via its uplink (WAN) port to a Netgear DG834 Router/DSL modem.
Perhaps your problem was, though, that you had a cross-over cable between the two boxes. The “uplink” connections on most such boxes (including hubs) have the transmit and receive pairs switched so that a straight through cable will work. If you had a cross-over cable then transmit and receive would be swapped twice. Plugging the cross-over cable into one of the normal ports of the wireless router would then work OK.
Good point. My friend might have got a cross-over cable by mistake. I’ll know to look for that next time!
Help, I also have double routing problems…
I’m doing some firewalls for remote office sites, and want do have a dual VPN connection setup:
Two seperate VPN gateways at the main site, each with their own configuration files, internet connection etc. for redundancy.
On the remote end I specify (amongst others):
remote vpnbox1
ifconfig 10.251.0.2 10.251.0.1
ping 1
ping-restart 3
route 10.0.0.0 255.0.0.0 10.251.0.1 1
route-delay
And the other tunnel:
remote vpnbox2
ifconfig 10.252.0.2 10.252.0.1
ping 1
ping-restart 3
route 10.0.0.0 255.0.0.0 10.251.0.1 2
route-delay
This works, as both tunnels come up (each added with “ip route add 10.0.0.0/8 via metrix “, and “ip route” gives me two routes each with their own metric.
But alas, bringing one tunnel down, removes both routes as the route is removed with “ip route delete 10.0.0.0/8”
This is a bug, right?
I have the same problem but with different hardware, I will have to give this a go!