1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problems with bridging and connecting to the internet

Discussion in 'DD-WRT Firmware' started by schembo2000, Dec 1, 2005.

  1. schembo2000

    schembo2000 Network Guru Member

    I have 2 WRT54G V4.0 with the DD-WRT v23 beta1 firmware. Best way to describe my problem is with the picture i have attached. Everything on the left works as it should. However, on the right, none of the computers can access the internet. I can ping 192.168.1.1 from the DHCP enabled computer on the right, but i can't ping past that router (not even an IP.) anybody have any ideas? Thanks :)

    [​IMG]
     
  2. 4Access

    4Access Network Guru Member

    A couple questions to start with:

    1. Internet is coming in via the wired Linksys router in the top left of your diagram, right?

    2. If I interpret your diagram correctly there are no wireless clients associating with the WRT's. The only reason you have wireless enabled on the WRT's is to bridge between them, right? (The 2 wireless clients appear to be connecting only to the WAP11.)

    3. Do you want/need to have two different subnets? 192.168.1.x for the top left devices and 192.168.2.x for everything else? If so then what I'm going to suggest won't work...

    Frankly I'm surprised things are working as well as you say they are. The WRT on the left is where the problems start. You can't use the WAN port on a WRT if it's in Client Bridge mode... at least not to route between two different subnets... (well not unless you want to do a lot of command line configuration)

    Based on your current configuration I'd recommend the following:

    1. Disable the DHCP server in the WRT on the left

    2. Put the WRT on the left into AP mode.

    3. Set the LAN IP address for the WRT on the left to 192.168.1.2 netmask 255.255.255.0

    4. Disable the WAN/Internet port on the Setup page for the WRT on the left.

    5. Connect the cable from the 5 port switch the a LAN port on the left WRT.

    6. Disable the DHCP server in the WRT on the right

    7. Configure the LAN IP address of the WRT on the right to 192.168.1.3 netmask 255.255.255.0

    8. Put the WRT on the right into Client Bridge mode using the same wireless channel, security, SSID, etc as the WRT on the Left

    9. Make sure all computers that are not using DHCP are configured with a 192.168.1.x IP address. (All DHCP clients will get their IP directly from the wired Linksys router in the top left of your diagram.)

    :thumb:
     
  3. schembo2000

    schembo2000 Network Guru Member

    Thanks very much for the reply! Sorry, i should have been more clear. Yes, the wired router is connected to a DSL connection and is the only DHCP server on the network. Both WRT's are set to DHCP forward. The reason i have different IP's is because i don't want the computers on the right to talk to the computers on the left unless i specifically give them access. also, i don't want any outsiders connecting to the network on the left (yes i do have WEP enabled, but i can be cracked and i don't feel like taking that chance). maybe i am doing something backwards here?
     
  4. 4Access

    4Access Network Guru Member

    So just to confirm:

    1. The 7 computers on the left should be allowed to communice with each other and access the internet.

    2. The 4 computers on the right need internet access which is provided by the wired Linksys router in the top left of your diagram, but...

    3. The 4 computers on the right should NOT be allowed to communicate with ANY of the 7 computers on the left.

    4. The 4 computers on the right should be allowed to communicate with each other.

    5. There are no wireless clients associating with the WRT's.

    If that's what you're trying to accomplish my first impression is that it could probably be done but not easily. Would require a lot of command line work.

    Also, if the 7 computers on the left need to be able to contact any of the systems on the right it increases the complexity... do they?

    Lastly, and maybe most importantly, is the only reason that you are trying to keep the right & left sides seperated is due to the WEP security issue? If so is there any possibility of running WPA instead?
     
  5. schembo2000

    schembo2000 Network Guru Member

    Thanks again for the reply!
    Answers to your statements:
    1: correct
    2: correct
    3: I may want some of the comupters on the right to talk to one or two of the computers on the left.
    4: correct
    5: I would like to eliminate the WAP11 on the right and have the 2 wireless computers access the wrt if possible, but if not, the way it is now is ok.

    Why would so much command work be required? Why can't i just set the default gateway to 192.168.1.1 on the all the computers and then maybe put the computers on the right in a different workgroup than the computers on the left?

    i could use WPA, but i haven't messed with that yet. I'll probably set that up once i get it working with wep.
     
  6. 4Access

    4Access Network Guru Member

    Sure, this is possible with WDS.

    Workgroups have nothing to do with security. Workgroups are simply a means of logically grouping computers. You can access computers in other workgroups just as easily as computers in your own workgroup.

    I've been thinking this over for the last few days and the only real secure solution I could come up with is placing the computers on the right into their own dedicated subnet.

    All the computers on the left would be kept in the 192.168.1.x subnet and then the systems on the right would be placed in the 192.168.2.x subnet. This looks like what you have tried to do but it requires seperating the LAN ports from the WLAN (wireless) interface in the WRT on the left. This can be done as shown here. Your situation would require some different firewall rules but that's not that big of a deal.

    Additionally you'd have to make some adjustments to the WRT on the right but nothing that required entering any commands. I've actually been sketching out a few rough diagrams and am convniced what you want can be accomplished.

    If you're interested in pursuing this let me know and I'll try to find some time to get more detailed instructions.

    I'd highly recommend WPA over WEP if all your devices support it. :thumb:
     
  7. schembo2000

    schembo2000 Network Guru Member

    If you could hook me up with those scripts, that would be awesome! I really need to get this working! thanks a lot :)
     
  8. 4Access

    4Access Network Guru Member

    Sorry for the delay, don't have time right this minute but will try to get to it tomorrow.
     
  9. schembo2000

    schembo2000 Network Guru Member

    hey man, thanks a lot. that would be awesome... btw, sorry for the slow responces as well. for some reason, i don't get an e-mail telling me that there was a reply.
     
  10. 4Access

    4Access Network Guru Member

    Opps, I have to apologize too cuz I forgot about following up on this like I said I would! I'll do it tonight!
     
  11. schembo2000

    schembo2000 Network Guru Member

    That would be very helpful :)
     
  12. schembo2000

    schembo2000 Network Guru Member

    Any luck finding that info for me? Thanks for all your help, btw! :)
     

Share This Page