Wireless Routing

I have a business wireless network and wired network. The wireless AP
provides IP ranges in the 172.168.0.x range. The wired network runs on
the 10.0.0.x range. I need to be able to allow certain or all clients
on the 172.168.0.x range to access files and printers on the 10.0.0.x
range. I have two options, one is a USR 8054 router, the other is the
main SonicWall firewall/router.

The final object is to be able to let a client laptop, like a visitor,
access the printer and a few selec files on the network server. Any
help on this would be greatly appreciated.

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
>I have a business wireless network and wired network. The wireless AP
> provides IP ranges in the 172.168.0.x range. The wired network runs on
> the 10.0.0.x range. I need to be able to allow certain or all clients
> on the 172.168.0.x range to access files and printers on the 10.0.0.x
> range. I have two options, one is a USR 8054 router, the other is the
> main SonicWall firewall/router.
>
> The final object is to be able to let a client laptop, like a visitor,
> access the printer and a few selec files on the network server. Any
> help on this would be greatly appreciated.
>

I think you cannot do it. You must have the IP(s) in the same range like
172.168.0.x and the same Subnet Mask like 255.255.255.0 for them to share
resources. For more control of your network, I go with that Sonic Wall. The
second thing if it were me is that I would never have a wireless solution in
the trusted zone not in a business situation.

Duane

> I think you cannot do it. You must have the IP(s) in the same range like
> 172.168.0.x and the same Subnet Mask like 255.255.255.0 for them to share
> resources. For more control of your network, I go with that Sonic Wall. The

Sure it can work, just needs to be able to route IP traffic between the
two networks. There's no restriction on IP addressing as long as you
can route the SMB packets between the machines. This is no different
from any other subnetted network sharing files.

> second thing if it were me is that I would never have a wireless solution in
> the trusted zone not in a business situation.

Nothing wrong with that if it's secured properly. Plenty of people do
it securely, granted lots don't.

David.

David Taylor wrote:

>> I think you cannot do it. You must have the IP(s) in the same range like
>> 172.168.0.x and the same Subnet Mask like 255.255.255.0 for them to
>> share resources. For more control of your network, I go with that Sonic
>> Wall. The
>
> Sure it can work, just needs to be able to route IP traffic between the
> two networks. There's no restriction on IP addressing as long as you
> can route the SMB packets between the machines. This is no different
> from any other subnetted network sharing files.

One suspects that the first IP range is really 192.168.0.x, and neither that
nor 10.x.x.x are supposed to be routeable addresses. It is _possible_ to
route them but most routers won't, and they certainly shouldn't be routed
on the open Internet.
--
derek

Thanks for your input. I haven't yet been able to get it to work. I
have changed the wireless ip range to 10.0.1.x to make it a little
easier, and dropped the subnet mask to 255.255.254.0, but I am still
having problems. Anyone have a suggestion on how to set up the routing
using a USR 8054 A/P Router? Or on what the subnet should be?

David, any suggestions on further security? I currently have the access
point set with WEP encription, 128 bit, as the clients won't always
handle 256, open system, MAC address control, and for when the WL isn't
used, the AP doesn't broadcast the SID. Any suggestions for further
security would be welcome.

Thanks!

> One suspects that the first IP range is really 192.168.0.x, and neither that
> nor 10.x.x.x are supposed to be routeable addresses. It is _possible_ to
> route them but most routers won't, and they certainly shouldn't be routed

Internally, within an organisation, there should be no problem
whatsoever. Remember, many organisations have been using the RFC1918
address ranges internally and they aren't all on the same subnet!

> David, any suggestions on further security? I currently have the access
> point set with WEP encription, 128 bit, as the clients won't always
> handle 256, open system, MAC address control, and for when the WL isn't
> used, the AP doesn't broadcast the SID. Any suggestions for further
> security would be welcome.

How much money do you want to spend, what's the nature of the security
requirement?

Feel free to PM me offline

David.

David Taylor wrote:

>> One suspects that the first IP range is really 192.168.0.x, and neither
>> that
>> nor 10.x.x.x are supposed to be routeable addresses. It is _possible_ to
>> route them but most routers won't, and they certainly shouldn't be routed
>
> Internally, within an organisation, there should be no problem
> whatsoever. Remember, many organisations have been using the RFC1918
> address ranges internally and they aren't all on the same subnet!

That works as long as their routers will route those IPs to the WAN [1].
Afaict, Linksys either default or with Sveasoft firmware _won't_. I don't
know about Ben's routers, but it's quite likely that if they can route
private addresses, they're not configured to do so.

[1] Suddenly methinks there's the answer - the wired network does not _have_
to connect to the WAN side of the wireless router.
--
derek

On 13 Dec 2005 14:11:43 -0800, (E-Mail Removed) wrote:

>I have a business wireless network and wired network. The wireless AP
>provides IP ranges in the 172.168.0.x range. The wired network runs on
>the 10.0.0.x range. I need to be able to allow certain or all clients
>on the 172.168.0.x range to access files and printers on the 10.0.0.x
>range. I have two options, one is a USR 8054 router, the other is the
>main SonicWall firewall/router.
>
>The final object is to be able to let a client laptop, like a visitor,
>access the printer and a few selec files on the network server. Any
>help on this would be greatly appreciated.

It's a common issue with Sonicwall products, which offers isolated
wired and wireless "zones". I've done it with a TZ170 wireless router
by tweaking the wireless zones configuration with static routes to the
printers. The static route should have given the wireless users a
small block of IP address in the 172.168.0.xxx range that will map to
equivalent addresses in the 10.0.0.xxx range. All the experts I
talked with, plus Sonicwall support, indicated that it should work. I
never could get it to work. This was about 2 years ago, so you might
wanna call Sonicwall to see if they now have a working setup.

I then kludged it by setting up a VPN between the wireless side and
wired side. The client computer runs an IPSec VPN client (available
from Sonicwall). The TZ170 terminates the VPN connection on the wired
size (using zones again). That worked. Nobody liked that solution
(too much work to click the VPN connection icon and setup the
authentication).

So, I implimented another abomination. I plugged the shared printers
into a Freesco Linux router with multiple WAN side interfaces. One
card was a wireless client (WAP54G) while the other was wired
ethernet. The printers were plugged into the parallel ports and one
network port. I tinkered with the routeing rules until I had
everything isolated and working. The clients used LPR/LPD for
printing, which turned into somewhat of an ordeal for visitors wanting
to print.

Then, they re-organize and the printers had to be moved to a
non-central location. I gave up and setup seperate printers on the
wired and wireless LAN's. It was cheaper to buy a new laser printer
than to pay my exhorbitant consulting fees to make another kludge
work.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558