Access Point Wireless to Green Zone (maybe simple to solve for who know endian)

[Guest]

[S.Dedo]

Hello Guys,

Im here for ask you one question.

I have some practice about network, but not so much for configure the adress Ip (i read about Classes of adress now for the first time).

My problem are this: I have on my company Endian firewall 2.4 (upgraded from 2.2rc3), configured the red zone and the green zone.

The Green Zone are configured:

Star Adress: 192.168.9.3
Finish Adress: 192.168.9.254
Primary DNS: 192.168.9.2
Gateway: Blank
Network Mask: /24 255.255.255.0

I have mounted another network port, with this, i want to attacch an access point wireless. I configured the blue zone with:
Adress IP: 10.0.0.2
Network Mask: /24 255.255.255.0


Now i have a domain and the blue zone can surf the net, but can't access to the window domain. I have check from the dashboard the green zone and the red zone have traffic, but not the blue zone, so i suspect the blue zone can't access to the green zone (and is logic, because the ip adress is different from 192.168.9.any)
Now, if i try to tell to the dhcp service of endian firewall to change the start ip 10.0.0.3 to 192.168.9.200 endian tell me the ip adress is not valid and seems to accept only the ip 10.0.0.3.

How i can resolve this block? I need one of my client connect to the domain with the wireless usb from the access point.

Very thanks for your attention and thanks for who can help me. I hope people read this post can understand my problem (im italian, not english )

Ps. I read the post "Blue zone can't access green zone, but i don't understand how to resolve the problem and how to set up the configurazion. Is not clear for me)

[alvaroarb]

Hi
Your problem is quite simple to resolve, default gateway, that's it, first of all in your LAN zone you need to configure in the DHCP as default gateway the ip address that belongs to the endian machine's green ip address, same with the blue zone, the concept for the default gateway is this: when a machine  needs to comunicate with and ip address that is not in his own address space (ie. an ip address 192.168.9.x needs to comunicate with and ip 10.0.0.x) then all those packets will go trough the default gateway, that machine has to know what to do with those packages an in this case that's the endian firewall.

Now, with the DHCP problem, if you green ip is 192.168.9.3 then you need to tell DHCP to start and to end with ip addresses in that same range, equally in you blue zone, if the endian's blue ip is 10.0.0.2 the dhcp for that zone has to be 10.0.0.x to 10.0.0.y you can't mix different types of ip addresses for a single zone in DHCP

In the end you should have something like the image i attached

If you experience slow web browsing try changing the DNS addresses given by the DHCP for public DNS like opendns, google's ( 8.8.8.8 ) or your ISP's DNS

[xsidx]

Hi
Your problem is quite simple to resolve, default gateway, that's it, first of all in your LAN zone you need to configure in the DHCP as default gateway the ip address that belongs to the endian machine's green ip address, same with the blue zone, the concept for the default gateway is this: when a machine  needs to comunicate with and ip address that is not in his own address space (ie. an ip address 192.168.9.x needs to comunicate with and ip 10.0.0.x) then all those packets will go trough the default gateway, that machine has to know what to do with those packages an in this case that's the endian firewall.

Now, with the DHCP problem, if you green ip is 192.168.9.3 then you need to tell DHCP to start and to end with ip addresses in that same range, equally in you blue zone, if the endian's blue ip is 10.0.0.2 the dhcp for that zone has to be 10.0.0.x to 10.0.0.y you can't mix different types of ip addresses for a single zone in DHCP

In the end you should have something like the image i attached

If you experience slow web browsing try changing the DNS addresses given by the DHCP for public DNS like opendns, google's ( 8.8.8.8 ) or your ISP's DNS

^^Agree 100%

Just a reminder, you can't have 2 networks on the same Network ID on the same router(routers work on a network layer using IP's to route packets, two of the same on each side will confuse it, or make the routing impossible to determine where packets have to go).

 when you use 192.168.9.0/24 (Network ID/Mask) your next available network is 192.168.10.0/24. So you can have your green as 192.168.9.0 and your blue as 192.168.10.0, both with a 255.255.255.0 subnet. Endian should allow you to have blue network with that scheme.

[S.Dedo]

Very thanks guys, im proud to join to the endian firewall community and to use Endian Firewall server Firewall.

For Alvaroarb:

Thanks for your image, with this, i understand better what you said to me with your replay. I Tried to set up the configuration you give to me, but the client can't see again the other clients into the domain, but he can surf to the internet (like before).

For xsidx:
Whit your post i understood better how the network work. Infact, if i set up the green 192.168.9.2 i can set up the next step number 192.168.10.2 for configure the blue zone.

Now the network configuration is:

Ethernet static
Green Zone 192.168.9.2 /24
Blue Zone 192.168.10.1 /24
Domain: mydomain.local
Red Zone: 88.38.62.106 /29
Default Gateway: 88.38.62.105
DNS1: 208.67.222.222
DNS2: 208.67.220.220

Now with this configuration the client connect to the domain with access point, can't surf internet and can't see the domain users.

Now i need to set up the blue zone in system network configuration with ip: 10.0.0.2 and the the dhcp with:
Start adress 10.0.0.3
Finish Adress 10.0.0.254
Primary DNS: 10.0.0.2
Gateway: 10.0.0.2
Network Mask: /24

With this configuration, the client connect to the domain with access point, can surf internet but can't see yet the domain users and the shared folders.

I have doubt, maybe i need to set up the access point with particular configuration?

[alvaroarb]

Mmmmmmhhhhhh ... have you checked firewall -->inter-zone Traffic? you should have there a rule allowing traffic with source blue and destination green, by default that rule does not exist.
And about your AP. when you talk about an Access Point me and everyone else assume it's basically a wireless hub, that is, it doesn't make any kind of routing masking DHCP or any other inetrnetworking service, but if you are using a wireless router that's another story, those devices do routing and have their own rules, DHCP server and some even firewall ... some wireless routers allow to be configured in AP mode turning them into wireless hubs.

Glad to help

[S.Dedo]

I checked the firewall --> inter-zone Traffic. I created after you told me this, a rule from source blue and destination green but nothing, after this, i can't yet see my clients on domain. The access point is D-Link DWL-2100AP. Is a simple access point, and i set up before connect to endian firewall, only his local ip to "192.168.9.15" but after i connect the access point with ethernet cable to the endian firewall the ip for reclaim him is "10.0.0.2" and with this, enter to the web interface of endian.

I can't really understand why the blue zone, can't see my domain like green zone. How i can help to understand better my situation for try to help me better?

[alvaroarb]

Well my  ... an image is worth a thousand words can you setup a basic map about your infrastructure similar to the one sent you previously? it would be quite helpful

[S.Dedo]

There you are http : // img831 .imageshack.us/i/companynetwork.png/
You need to know, the D-link Access point is not now on the switch, but connect directly to the endian firewall pc.

[alvaroarb]

ok ... acording to this you wireless clients should be seeing your LAN ... the d-link page about your AP says it has DHCP, is it providing it? what ip addresses have your wireless clients?

[S.Dedo]

The client (is only one connect to the domain with wireless usb), can't see the lan.

The d-link page after i connect the ethernet cable to the network card of endian firewall i can't open the d-link page.

If i disconnect the AP from the endian firewall server and i connect to one port of switch, i can connect to him with adress "192.168.9.15" and he can provide an adress from his DHCP.

Actually, with the Access Point connected to endian firewall, give to this client an adress ip from "10.0.0.3" at "10.0.0.254" range, without DNS and Gateway. I set up to endian dhcp service in the blue zone, the Gateway and the DNS server, you gived to me (gateway 10.0.0.2 and Primary dns 10.0.0.2).

Maybe you want to see my configuration of the client? I attach the screen, try to check

DHCP: http ://img576.imageshack.us/img576/8233/dhcpconfiguration.jpg
Firewall Inter-zone: http: //img59.imageshack.us/img59/1610/firewallservice.jpg

[alvaroarb]

Well ... everyting seems ok to me ... maybe your problem is your AP, have you tried connecting a regular pc or laptop configured to receive ip address via dhcp directly to the blue interface and see what happens? if it works then your problem is the AP

[S.Dedo]

The DHCP in use is from the endian firewall, but i can try to do a check on AP configuration and give some try. If for you is ok, i can try a different way.

[S.Dedo]

I check the dhcp of the AP and is set to off.

I tried now, to set up on, but seems to have a problem. It's suggestable, to turn off the dhcp for the blue zone of endian and turn on the dhcp of the Access Point?

[alvaroarb]

i don't think so for the moment, from a pc in the blue zone try a traceroute to google.com and then a traceroute to a pc in the green zone, paste results here