Wireless Access point needs subnet?

I have two laptops thinkpad and dell latitude running knoppix 3.2.
These work just fine with a borrowed orinoco 802.11b 11MBs card with
the access point of a local internet cafe.
And they work just fine behind a RH 8.0 iptables monmotha firewall to
do the 196.168.1.x /24 connection to the Internet via ethernet on the
motherboards.
And they connect just fine by radio to the EDIMAX Ew-7205APL Wireless
Acccess Point.
Can connect to the management of the AP with http://192.168.2.1 and
change the IP config (netmask is fixed tho at 24 bits) if I want.
And also enable the DHCP server.
Cannot connect to the Internet via wireless cos there is no connection
between 192.168.2.x and 192.168.1.x.
Laptops are normally manually set to 192.168.1.2, 192.168.1.3 etc.
Do I need to change the AP IP to say 196.168.1.128 and configure the
AP DHCP to give wireless clients 196.168.1.129, 130, etc?

TIA

Wayne

wayne wrote:

> I have two laptops thinkpad and dell latitude running knoppix 3.2.
> These work just fine with a borrowed orinoco 802.11b 11MBs card with
> the access point of a local internet cafe.
> And they work just fine behind a RH 8.0 iptables monmotha firewall to
> do the 196.168.1.x /24 connection to the Internet via ethernet on the
> motherboards.
> And they connect just fine by radio to the EDIMAX Ew-7205APL Wireless
> Acccess Point.
> Can connect to the management of the AP with http://192.168.2.1 and
> change the IP config (netmask is fixed tho at 24 bits) if I want.
> And also enable the DHCP server.
> Cannot connect to the Internet via wireless cos there is no connection
> between 192.168.2.x and 192.168.1.x.
> Laptops are normally manually set to 192.168.1.2, 192.168.1.3 etc.
> Do I need to change the AP IP to say 196.168.1.128 and configure the
> AP DHCP to give wireless clients 196.168.1.129, 130, etc?

Have you configured the firewall to pass the wireless IP?

--

Fundamentalism is fundamentally wrong.

To reply to this message, replace everything to the left of "@" with
james.knott.

(E-Mail Removed) (Bill Unruh) wrote in message news:<bf77tc$7kl$(E-Mail Removed)>...
> (E-Mail Removed) (wayne) writes:
>
> ]I have two laptops thinkpad and dell latitude running knoppix 3.2.
> ]These work just fine with a borrowed orinoco 802.11b 11MBs card with
> ]the access point of a local internet cafe.
> ]And they work just fine behind a RH 8.0 iptables monmotha firewall to
> ]do the 196.168.1.x /24 connection to the Internet via ethernet on the
> ]motherboards.
> ]And they connect just fine by radio to the EDIMAX Ew-7205APL Wireless
> ]Acccess Point.
> ]Can connect to the management of the AP with http://192.168.2.1 and
> ]change the IP config (netmask is fixed tho at 24 bits) if I want.
> ]And also enable the DHCP server.
> ]Cannot connect to the Internet via wireless cos there is no connection
> ]between 192.168.2.x and 192.168.1.x.
> ]Laptops are normally manually set to 192.168.1.2, 192.168.1.3 etc.
> ]Do I need to change the AP IP to say 196.168.1.128 and configure the
>
>
> Almost certainly because the main machine does not do IP masquarading.
> 192.168 cannot get to the internet. Those are illegal addresses on the
> net. Thus they must be masquaraded (ie a machine which has a legitimate
> address on the net, sends out packets as though they came from it. It
> uses port numbers to distinguish which packets come from which internal
> machine and thus to translate those packets back and send them to the
> appropriate machine.)
> Also the routing must be set properly.
> See the commands
> route
> ip
My description was rather vague in parts, but the firewall already
does masqing for 196.168.1.0/24. The accesspoint has a default address
of 192.168.2.1. If it was changed to say 192.168.1.128, then the AP
has a connection to the Internet, can i arrange for the clients to
have a connection to the internet also?

wayne wrote:

> Er no. I should explain the firewall connects to the ISP (eth0) and
> offers masqed 192.168.1.1-255 (eth1) with 192.168.1.1 as the def
> gateway.
> I was wondering if I could give the access point an IP in this range
> and somehow hang the clients of there as well.
> I do not know how to configure eth1 to support maqd subnets.
> Suppose could add 3rd NIC and do 2 masqd subnets?
>

I had a similar situation, when I was setting up my VPN. The VPN could not
be in the same subnet as the local network and so I gave it an IP that
wasn't. I then had to allow the firewall to pass only VPN packets from
that address to the internet. The VPN has full access to my local network.
Now, as for your situation, I'm not sure about specifically how things are
set up, but I'd suspect it also may have to be on another subnet, since it
is another "NIC" in your firewall. For greatest security, you may want to
have the firewall block access from wireless to your local network and only
allow a VPN through. You'd also likely want the firewall to be between the
AP and internet.

--

Fundamentalism is fundamentally wrong.

To reply to this message, replace everything to the left of "@" with
james.knott.

Bill Unruh wrote:

> Almost certainly because the main machine does not do IP masquarading.
> 192.168 cannot get to the internet. Those are illegal addresses on the
> net. Thus they must be masquaraded (ie a machine which has a legitimate
> address on the net, sends out packets as though they came from it.

The impression I got from the original message, was that the localnetwork
could access the internet, but the wireless user couldn't. This would
indicate NAT is being used and the problem lay in either routing or
firewall rules. In my experience with a similar problem, in setting up a
VPN, showed the problem to be caused by the firewall rules.

--

Fundamentalism is fundamentally wrong.

To reply to this message, replace everything to the left of "@" with
james.knott.