[ale] Netgear wireless router as hub

H. A. Story adrin at bellsouth.net
Sun Mar 5 09:14:19 EST 2006 

Sounds like you are trying to over work this.  First you can have a DMZ 
on the LAN if you want and it can be on the same subnet. You just 
forward all ports to that machine.  You truly don't have a DMZ unless 
your ISP is providing you with more than one WAN IP address.  Next I 
wouldn't put anything in the DMZ unless I was wanting to watch log files 
grow, since I don't' have a green thumb.
You should read Bob's box. :)  I really would NEVER suggest anyone 
putting a server in the DMZ.

Trey Sizemore wrote:

>My current home network consists of several PC connected to a Netgear
>wireless router (using its default factory IP of 192.168.0.1).  It also
>serves DHCP address to machines that need it.  It, in turn, is
>connected to my DSL modem.
>
>I will be adding a firewall to the mix and plan to use the Netgear
>wireless router solely as a hub and WAP.  I will disable it's DHCP
>serving functionality.  
>
>My questions are:
>
>a) Given it's new role, will it still require an IP address?  If so, it
>will be on my internal network (vs. DMZ with servers) and have an
>address of 192.168.1.1 for example.  Should this be changed now before
>I rearrange the configuration?  I assume it needs an IP as I will need
>to access the web-based admin interface to turn wireless on and off,
>etc.
>  
>
If you want to admin it the device, Yes.  If You configure it on the LAN 
one way you may need to still have DHCP configured.  you can change it 
at anytime.  Just remember to not to do it from a wireless device.

>b)  I would assume the WAN port would not be used and all machines
>using the "hub" would just plug into one of the four LAN ports.
>  
>
If you configure the device and not use the WAN port it will  work.  
Turn off DHCP and configure your firewall to give out IPs on that eth?? 
device for that subnet.  Just remember not to give out the ip of the device

>c)  I have a "true" hub that will be used in the DMZ consisting of
>machines with addresses like 192.168.0.x.  Here I assume the hub would
>*not* have an IP assigned to it.
>  
>
Again, unless your ISP is giving you more than one WAN IP you can truly 
have only one machine in the DMZ.  And that really is the firewall.  You 
are simply forwarding ports to a device on 192.168.0.XXX.   So if you 
think you are going to have a few web servers on 192.168.0.XXX you are 
mistaken. Unless you are going to running them on different ports.

>Just to be clear, the firewall box has 3 NICs.  One will have an IP
>(dynamic) assigned by my ISP.  The second will serve the DMZ and have
>an IP of 192.168.0.1 and the third will serve the internal network and
>have an address of 192.168.1.1.
>
>Just trying to clear some conceptual errors I seem to be having.
>Thanks for any input, clarifications, and/or corrections.
>
>
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://www.ale.org/mailman/listinfo/ale
>
You really have some options here.  And your/my biggest question is 
weather or not you want the servers and your wireless on different 
networks.  If this is so then your design should be fine.  Keep in mind 
that if you want access from 192.168.1.### to 192.168.0.### or vice 
versa you will have to set up iptables to do so.   Or your other option 
is to setup the servers on your current network forward only the ports 
you need from the WAN to the LAN to those servers.  You will then be 
able to access it from the LAN to do admin work.

Now I have seen setups where the netgear/linksys wireless router used 
the WAN port on the LAN and then had a separate subnet from the LAN of 
the router.  You sometimes have to configure the hops on them are you 
can't get to the web.

More information about the Ale mailing list