[Leaplist] an ipcop question

[John Simpson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2008-12-12, at 1434, Bryan J Smith wrote:
> On Thu, 2008-12-11 at 21:31 -0500, Hank Lambert wrote:
>> I thought that is how the orange would work, being the DMZ, but I
>> wasn't sure. As far as the wireless, I have a router, a WRT54G that I
>> am flashing with Tomato firmware. Being it is a "ritter", I'm not  
>> sure
>> that putting it on the blue interface would really matter.
>
> 'Ritters and APs work the same on the Blue, as long as they are
> connected to the Blue via the "LAN" interface on the 'Ritter.

i own at least one device, an old linksys BEFW11S4 9the 802.11b pre- 
cursor to the WRT54G series) where this is not true. on this unit, the  
wireless segment is not bridged in with the LAN ports. unicast traffic  
between wired and wireless works normally, but layer-2 broadcast  
traffic (devices discovering each others' MAC addresses) is not passed  
transparently from wireless to LAN, or vice-versa.

this means that wireless devices can reach the internet, provided they  
have the ritter itself as their default gateway, and the ritter's WAN  
port connects to (or towards) the outside world. but if the device  
providing the gateway is connected to a LAN port on the ritter,  
wireless devices cannot find that device because the initial ARP  
process fails (i.e. it knows that "192.168.1.1" is its default  
gateway, but it doesn't know what MAC address goes with it, and the  
layer-2 broadcast packets it sends to discover the MAC address are not  
being bridged over to the LAN ports, so the real gateway device never  
sees them.)

this old ritter is the only device i've seen which exhibits this  
behaviour. the other ones i've had since then, all work as bryan  
describes- in fact i'm using a netgear WGR614v9 in this manner as we  
speak.

while bryan is "mostly" correct, you need to be aware that there are a  
few exceptions out there. if you're buying a new wireless device and  
plan to use it for an ipcop "blue" segment, go with a real AP if you  
can, or at least find one which has been verified to work in a  
"gateway on the LAN segment" configuration, such as my netgear  
WGR614v9. or get one where you can re-flash the firmware, and the  
firmware supports "true AP" operation.


- --------------------------------------------------------
| John M. Simpson  --  KG4ZOW  --  Programmer At Large |
| http://www.jms1.net/                 <jms1 at jms1.net> |
- --------------------------------------------------------
|   Hope for America  --  http://www.ronpaul2008.com/  |
- --------------------------------------------------------





-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAklC8SEACgkQj42MmpAUrRrKHQCguZTebhYFa5pY6tBWze/kczYT
V9wAmwUH+vVP4a55pgZQsH+lzgf8JWdk
=ANds
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.