So I know there are other IT guys on the forum, so I cant quite figure out whats the issue. I am running Astaro Firewall & Gateway System at the house. I know its a little over kill but who cares. I currently have 3 connections running through my Astaro Box. Eth0 = LAN 10.10.2.xxx Eth1 = WAN Eth2 = wLAN 10.10.1.xxx I have DHCP servers on both wLAN and LAN. Everything works except for mapping drives across subnets. I have a Media Server on the LAN network, I have a few Wireless Media Extenders on the wLAN. They are unable to resolve the network address. NETBIOS is enabled on all devices. I am able to ping Eth0 from a wLAN device however, I am unable to ping a LAN device from wLAN and vice versa. Here is my Filter setup for the firewall, I tried it this way just to rule out the possibility of it being a filter on the firewall, basically it should be wide open... So what am I doing wrong.....
For easiest traffic routing use a subnet of 255.255.252.0. This will allow traffic across both of the two networks you have setup. Both of these will need to have a common default gateway (route) of your Astaro box...which appears to be 10.10.2.1. Hope this helps!!
lol, yes "DHCP servers on both wLAN and LAN" This system is more enterprise size, not really ment for residental use. The dhcp server section is more than complicated than just on or off. Here is the wLAN DHCP section.
wLAN has 10.10.1.1 as a default gateway, and LAN has 10.10.2.1, so you suggest i make 255.255.252.0 as the subnet? I dont know how to subnet, networking is now a hobby, no longer a career. Ill give .252.0 a try... thanks.
yes. the 10.10.1.1/22 network will allow traffic from 10.10.1.0 through 10.10.4.254 giving you plenty of play and expansion room. networking was hobby, and is now a job
Wirelessly posted (From Your Mom's House) Hey Clint...you still looking for a job? We could always use another Subaru at the office!
I ended up finding something, but I am not going back into IT. Done with the IT stress.... You know its bad if the doctor wants to put you on blood pressure meds at my age. So yeah.... thanks though... I changed the subnet over to .252.0 on both the wLAN and LAN. Now I cant even get out to the net.... AHHHH nightmare, lol.... If only I would have learned subneting. Watch it wont even be something like that, it will end up being some stupid check box I didnt check... always the little things, never a big issue....
Hmmm... I don't believe you would be able to supernet this like that. Astaro only works on layer 3 IIRC. To interconnect multiple interfaces (routing), they must be different and not withing the same broadcast domain. To connect two different networks on two different interfaces, each must have a unique gateway. A large /22 would be a 1022 host-capable single broadcast domain. He would still need another network (of any size) to host on the other internal (WLAN for instance) interface. It sounds honestly like ETH0 and ETH2 should be bridged (layer 2 linking so to speak). Is there a particular reason you are wanting to segregate your wireless network from your LAN network? You have other options rather than using a layer 3 option such as a gateway to do this particular function... like vlanning for instance. In interest of answering your specific question, look at firewall rule #2 in your first screenshot. I believe LAN "address" should be network instead. I know in the Cisco world which I flop into daily, the term "network" is considered a match to the destination mask in it's entirety (I.E.: 255.255.255.0), whereas "address" is expecting a particular or specific host address (255.255.255.255). See if you can change this and if it will, it might fix the problem. I'm not that familiar with this software. I see you also have rules for all trusted interfaces to allow access to all other trusted interfaces. Just remember, to use file sharing you need at least: TCP 139 TCP 445 UDP 137 UDP 138 These ports are considered ports of death for a Windows-based machine. Opening these between two networks pretty much invalidates any firewall between them. There isn't much more in a Micro$haft network that you'd want to block! Some SOHO devices will let you bridge interfaces. Some will actually let you configure vlans as well. Just depends on what you have/get. Any Cisco Catalyst 2950 or higher would also serve you well, but more likely not at gigabit speeds (unless you drop a K or two on it... I.E:. Catalyst 2960G). I'm just not familiar with Astaro enough to know how the bridging or other functions actually work together. Hope this helps! -Lee
Might try "Network==>Bridging" That's where others say that this option is at. Also, post a screenshot of the routing table and NAT rules if you can.
I haven't tried bridging... Ill give that a run tonight and let you know. As for the "networking" and "address", both LAN and wLAN have 3 different selections in rules when defining a NAT rule. Network = 10.10.xxx.0/24 , Address = 10.10.xxx.1 (GW), and Broadcast = 10.10.xxx.255. ETH0 connects to a Cisco 2950 actually, I know nothing of Cisco had a buddy configure it for me. Well I have done it for 9 years now, 6 different contract positions, 5 different full time positions. I am sure there are many who enjoy it, I am good at it, but dont enjoy it. I rather work for less and enjoy what I do...
You can also try not performing NAT between ETH0 and ETH1. NAT behaves differently on all platforms, so give it a try too!