[MLB-WIRELESS] File sharing over 2 x WRT with WEP

Peter Buncle peter at nmc.net.au
Sat May 7 09:46:27 EST 2005 

Morning 

Ok my 2c worth from my experience (ie just what i've proven works
reliably!),

for starters dont try to link them using bridging on the wlan interface.

what you should be doing is separating the wlan interface to a different
subnet and routing 
between the subnets.

I've found through much time spent on the wrt's 3rd party firmware, they
basically dont 
like having their wlan interface bridged and work 100 times better &
more reliable when you route it 
properley and treat it like a separate interface (this applies to
sveasoft and openwrt software)


ie for example and lets keep it simple (kiss protocol)


WRT 1  (main site put in ap mode)
Internal IP: 192.168.1.1 mask 255.255.255.0
Wlan External IP: 192.168.2.1 mask 255.255.255.0
Gateway: what ever your internet gateway with NAT address is ie
192.168.1.x

you'll have to add a static route to this box for example for 
openwrt you'd put this in a file in the /etc/init.d folder and give it
execute rights (chmod 777 <filename> to make it easy)

/sbin/route add -net 192.168.3.0 netmask 255.255.255.0 gateway
192.168.2.2




WRT 2 (remote site client mode)
Internal IP: 192.168.3.1 mask 255.255.255.0
wlan External IP: 192.168.2.2 mask 255.255.255.0
Gateway: 192.168.2.1  

pc's on this internal network will have a 192.168.3.x address and just 
have a default route of 192.168.3.1

The wrt's will do the rest.

The only other thing you have to do is put some static routes in your
internet gateway router

192.168.2.0 netmask 255.255.255.0 gateway 192.168.1.1
192.168.3.0 netmask 255.255.255.0 gateway 192.168.1.1

And i do suggest you keep your internet gateway router separate to save
on complexity.



Once this is all working , then look at getting things like wep or vpn
tunnels running.



Cheers

Peter
Network Engineer
NodeGUR




-----Original Message-----
From: Guy Weymouth [mailto:guy_vid at yahoo.com.au]
Sent: Thursday, 5 May 2005 11:46 AM
To: David Ashburner; melbwireless at wireless.org.au
Subject: Re: [MLB-WIRELESS] File sharing over 2 x WRT with WEP


Um... Oh dear god... Give me strength!

Ok...

I tried the whole bridging thing effectively setting up three networks;
2 x
WRTs and a bridging network in between and pointed each WRT to the
gateway
of the other. I couldn't get it to work because it seems to treat the
wireless and LAN ports as one and I basically got confused.

So, bridging then is what I want if it's going to make it faster.
Bridging
to me would mean:

WRT 1
Internal IP: 192.168.1.1
External IP: 192.168.1.2
Gateway: 192.168.2.2

WRT 2
Internal IP: 192.168.2.1
External IP: 192.168.2.2
Gateway: 192.168.1.2

I'm sure that's wrong... Which then leads me to ask...

how do I configure each router, as below?

Router 1 - Main
Internet Connection Type:
Internal IP: 
Subnet: 
Gateway: 
DCHP Server (on or off? What range of IPs?):
SSID and Router Name:
Set up as (AP / Client / Ad Hoc?):
Anything else?

Router 2 - Second
Internet Connection Type: Disable
Internal IP: 192.168.20.2
Subnet: 
Gateway: 192.168.20.1
DCHP Server (on or off? What range of IPs?):
SSID and Router Name:
Set up as (AP / Client / Ad Hoc?):
Anything else?

Guy


On 5/5/05 9:57 AM, "David Ashburner" <d_ashburner at hotmail.com> wrote:

> Short answer:
> Try connect the existing LAN into one of the LAN ports of WRT (main),
then
> you don't have any issue with routing and NAT. Don't run DHCP on the
Wrt
> (main) and make sure your DHCP servers serve different subsets of the
> available address range.
> 
> long explanation follows...
> 
>> im pretty sure u ither use the 4 ports or the wan and not both?
>> 
> 
> As Ric says, you can connect to either the WAN port or one of the LAN
ports
> but don't connect both to the same segment.  I'm not sure exactly what
you
> are trying to do with this set up  but you have two basic choices,
either
> bridging  or routing.  Bridging means you have one big LAN that is
> physically segmented but your wireless devices are bridging the
segments
> together.  Routeing means that each physical locatio is it's own
address
> space and the wireless devices are routing between the segments - only
> packets specifically addressed will be forwarded across a link.
> 
> It sounds like you want a bridged network, something like this?
> 
> existing LAN  192.168.2.0  WRT (main) ---< bridge >--- WRT (second)
--- new
> LAN  192.168.2.0
> 
> All machines are sharing an address space. The WRT's are both in WDS
mode
> and create a lbridge between the two physical segments. The added
advantage
> of WDS here is that it allows wireless clients at either location to
connect
> up to your LAN, but with the side effect that messages from one of
those
> wireless clients go through the radio twice.
> 
> ** in this case the existing LAN should be connected to one of the LAN
ports
> on the WTR (main) - effectively you would not be needing or using the
> routing part of the wrt.
> 
> Routed would look like this:
> 
> existing LAN 192.268.2.0 --- (WAN port) WRT (main) ---< link >-- WRT
> (second) --- new LAN
> 
> The new LAN would have a different address range. WRT(main) would be
in AP
> mode and WRT (second ) in client mode. WRT (second) would need to run
> OpenWRT because you don't want it bridging between the Wlan and the
LAN, you
> want it to Route between the two.
> 
> if you are routing you can choose to connect the WRT (main) to the
existing
> LAN via either the WAN or LAN port depending on how you want to split
the
> segments and if yu are trying to create a firewall between the
existing LAN
> and the wireless  LAN.
> 
> Here you are saying WTF? this is too hard. and you would be right!!
> Routing is more complicated and requires custom firmware. This is why
these
> units are consumer grade not Telco grade. A telco grade device allows
you to
> frig with these things in a well defined management framework - but
the cost
> 10x the price.
> 
> 
>>>> 
>>> 
>>> I don't quite get that, but what's the alternative?
>>> 
> as above :)
> 
> The wrt is a combination device. It is a router, switch and wireless
all in
> one.  How it is connected  with standard firmware ( including
sveasoft) is
> that the LAN ports and the Wlan are bridges together and the bridge is
> routed to the WAN port.
> 
> Bridging means the LAN and the Wlan all sharer a common address space.
The
> routing to the WAN means that the Wrt and all the bridged devices
behind it
> appear as a single device to anything else on the WAN.  As far as your
ISP
> is concerned it looks like a single machine.  Part of the routing
set-up is
> NAT, NAT performs address translation on the packets sent from the LAN
and
> Wlan to make it look like they came from the WRT (hence anything else
on the
> WAN  thinks it is a single device).  When return messages come back
the NAT
> software keeps track of where the requests cane from and re-translates
the
> address and forwards the packets onto the correct device.
> 
> 
> 
>>>> You could have DHCP on at both ends and serve different address
ranges (
>>>> like 50-100 at main and 101-150 at second)
>>>> 
>>>> 
>>> 
>>> Well I could but any workstations will connect to the "Main" Linksys
via
>>> wireless or one of the 4 ports, but ultimately get an IP from the
existing
>>> DHCP server on the existing network (which is connected to the WAN
port on
>>> the "Main" linksys). So why would I want DHCP on the Linksys as
well?
>>> 
> Depends on how the WRT is connected to the existing LAN.
> 
> If your WRT (main) is connected to the existing network via the WAN
port I
> don't think anything on the LAN or Wlan would be able to get any
messages
> back from the DHCP server on the existing network. By using the WAN
port you
> are using NAT and to the DHCP server it thinks it has already served
an
> address. Also any reply coming back would stop at the WRT unless you
have
> port forwarding for that port and then you can only forward to one
device -
> not going to work!!
> 
> But, if you have  the existing LAN connected to the LAN port it will
be OK.
> ( make sure the DNS servers in each location only serve a subset of
the
> address range for that segment to avoid duplicate addresses).
> 
> 
>>> Yeh, file sharing works fine without security. But with WEP or WPA,
if I
>>> connect directly to the "Main" linksys or via the existing network
which
>>> is
>>> connected to the "Main linksys, I can't file share with a
workstation
>>> wirelessly or directly connected to the "Second" linksys.
>>> 
> WEP and WPA are always probematic. I think what a lot of people end up
doing
> is using some sort of encrypted tunned between locations. I use SSH
tunnels
> across the internet ( between UNIX/Linux machines). The problem with
these
> is that you either need support for them (VPN support) in the router
> firmware or need to run the tunnel endpoints on other machines.
> 
> 
> 
>>> Yeh, I've tested that and it does work. It's not really a big issue
>>> because
>>> if I connect to the existing network, I get the right IP and default
>>> gateway
>>> and I don't really intend on connecting any workstations directly
into the
>>> "Main" linksys anyway... It's just a problem if you want to connect
>>> directly
>>> to administer the router and while you're there reference something
on the
>>> internet - you can't. So, I guess DHCP on both routers would solve
this.
>>> 
> Again, you won't need it if you connect the Wrt (main) via the LAN
port.
> 
> 
>>> I can't get it to work without WDS. How can I set it up without
using WDS?
> 
> Without WDS you need cusom firmware on the wrt's at the remote
locations.
> The Main is acting as an AP and the remotes run in client mode.  They
need
> to be configured to route between their Wireless interfaces and their
LAn
> interfaces (not bridge) and would not be able to support local
wireless
> clinets (as they would not be in AP mode).
> 
> gee, it should be easy right??
> 
> 
> 
> To unsubscribe: send mail to majordomo at wireless.org.au
> with "unsubscribe melbwireless" in the body of the message
> 




To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message

-- 
Message protected by MailGuard: e-mail anti-virus, anti-spam and content
filtering.
http://www.mailguard.com.au/mg



To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message

More information about the Melbwireless mailing list