On Tue, 11 Jan 2005 15:02:34 -0600, Dan Rue <drue at therub.org> wrote: > Ok, here's your problem. You wireless access point isn't configured > correctly. Your "router", which i'll refer to as your wireless access > point from now on, or WAP, is NATing. So is your firewall. Only NAT > once! Also, both devices are handling DHCP - it's a mess. The bigger problem, I think, is that you've tried to assign both the internal and external sides of the Wireless router the same subnet. So when you ping 192.168.1.2, it's looking for that host on the Wireless side. > You should look for a 'bridge mode' option in your WAP. If I were at > home i'd look at mine and tell you exactly what it's called. > > Turn off NAT, turn off DHCP. That's the job of your firebox. Then the > wireless devices will use 192.168.1.2 as their default gateway (the > firebox). Think of the WAP as simply a wireless switch - that's all you > want it to do. Keep in mind here, by having an unfirewalled wireless connection, you provide mediocre protection (at best) to your internal network. If this is a non-critical network (which it probably isn't, considering you invested in a Firebox) no biggie. Were I in your shoes, I would instead connect the Wireless router to the firebox in bridged mode, and then set up a separate zone on the firebox, segmented from anything on the wired side. Sorta like this: _---[wlan]-192.168.1.x/24 -net---[rtr]--[firebox]--| |_---[lan]-192.168.2.x/24 (That's gonna be f***ed up with a fixed font...) It sounds like this may be what you're trying. What you actually use for subnet addresses (192.168.1.x/24, say) doesn't matter, so long as they're different. Otherwise, your firewall doesn't actually know which subnet to look to. What's happening instead, is something like this: --net--[rtr]--[24.123.x.x--firebox--192.168.1.2]--[192.168.1.4--wlan--192.168.1.1]----[PCs] Hopefully this makes sense...I'll try to explain this some so you understand what's up a bit better. Dan said your firebox is doing NAT, (Network Address Translation) which it is. This is evidenced by the fact that the firebox has two IP addresses in different subnets. The wireless router is trying to do the same thing, only both sides are in the same subnet. The wireless router can't decide where to go with 192.168.1.x traffic, so it's going to stay inside by default, which is why you can't ping your firebox. As Dan said, you should put the wireless router into bridged mode (think: hub) which will make your network (at least the wireless portion) look like this: --net--[rtr]--[24.123.x.x--firebox--192.168.1.2]--[wap]--[192.168.1.x--PCs] The wireless router is now doing nothing but taking traffic from the wired side and passing it to the wireless, and vice-versa. Long winded, and not very coherent, (not enough coffee) but I hope this helps some. _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list