Forums > Technical

Home Network Configuration

Posts (16)

  • Mav3481

    Mav3481

    #13354332 - 9 years ago

    Hello All,

    Here's configuration as it stands:

    AT&T 3800HGV-B Gateway (TV, Phone, Internet) -> Two Switches
    One switch has some other PC's (we'll ignore that)

    The other switch is in my "Nerd Room"
    It goes to a 5 port gigabit switch. This switch has my PC, Xbox, and whatever else I need. It also has a WRT54G running DD-WRT on it.

    I've got this router configured as follows:
    Static WAN IP: 192.168.1.40

    Static LAN IP: 192.168.2.1 (Router mode).

    This allows me to talk to the router from my PC with 192.168.1.40:8080 (since it sees my network as the "Internet")

    What I'm trying to do at my house is put in a second network (192.168.2.1) so that I can be my "Lab" environment. If anyone could assist or anything, I'd much appreciate it.

    I think I've got the static routes and all that stuff messed up. I'll work with you..

  • Chalmrah

    Chalmrah FIRST Member Star(s) Indication of membership status - One star is a FIRST member, two stars is Double Gold

    #13355188 - 9 years ago

    I can beat that. I have 2 networks 1 gigbit, 1 100mbps 192.168.0 and 192.168.1 respectively. 2 internet connections are DHCP hosts at 192.168.0.254 annd 192.168.1.254.

    A server, WEB0, is connected to both networks and has a printer attached via usb. The other 2 printers are connected with JetDirect cards to both networks.

    1 Xbox 360 is on the fast network while another 2 360's are on the slow network. 2 computers on the slow network and 2 on the fast network and the whole house and garden is in wireless range of both networks thanks to a system of wireless wouters on statis IP (192.168.0.29 and 30).

    I also have a backup server that puts backups of music, shared and private drives onto tapes. this is WEB1 (web0 and web1 work on a domain system which i had someone install for me). A 3rd server, HOLYCRUSADE, is a test server and was used for an onliiine game like tribal wars, but it broke down.

    About 100 IP address are given out by both internet connections and the connections themselves run at 20mb download and 2.6 upload, which is pretty quick in the area (London).

  • papercup

    papercup

    #13355276 - 9 years ago

    So what you have is your ISP's gateway device doing nat/firewalling with most of your pcs on the first internal network, and you are hanging a second nat/firewall device off that network.

    What is the purpose of the lab setup? From what you've described, the machines not in the lab network will not be able to get to machines in the lab network unless you allow them through with translations on the wrt54g, but machines in the lab network will have access to anything in the less secure network above it (ie, your pcs). Is this what you intend? Also, the machines in that lab network will be in a double-nat scenario (they have a first network address translation at the linksys, then a second one at the home-gateway device). This could cause issues with some software (some IM clients, BT clients dont play well in double nat).

    The 3800HGV-B supports passing your public IP through to an internal device if that'd get you a network that's closer to what you want. I have a similar setup to you (using that exact home gateway) passing my ip through to cisco router/firewall that I then use to break my internal network into separate lan segments that can't talk to each other but all access the internet through my router. You can do this with DDWRT as well. This avoids the double-nat scenario and it gives 2 completely isolated network zones. The article at the dd-wrt wiki goes into details on how to set this up on the dd-wrt device.

    Does this sound closer to what you are trying to accomplish? Your pcs are safe from the lab network and vice versa, both have internet, both have a single nat. (Your tv's set tops would still be out in the old 192.168.1.x network and now separate from your pc network too . ..bonus)

  • Mav3481

    Mav3481

    #13357231 - 9 years ago

    In reply to papercup, #3:

    You've got it half right.

    I want the following:

    192.168.1.0 Network:
    2 PC's (Laptop, Desktop, NAS, IPTV)

    192.168.2.1 Network:
    1 Server (running ESXi)

    Both Networks
    My Windows 7 Ult x64 PC (Two NIC's)

    I'd like both networks to have Internet if possible.

    Draw me a picture of what I need? lol

  • Mav3481

    Mav3481

    #13357369 - 9 years ago

    In reply to Mav3481, #4:

    I've got my PC on both networks. I screwed up and put the gateway on the second NIC. Fixed that problem.

    My only problem now is that I cannot get to the internet from the 2.1 network.

  • papercup

    papercup

    #13359128 - 9 years ago

    Well, this is what I think you are describing as your current setup:
    rt_mav3481_a.png

    You have the public IP outside the home gateway, everything sits just on the other side letting the homegateway act as your router.
    You then are hanging the linksys off that first lan and creating a second lan on the other side of it; which protects the esx server from your stuff, but not your stuff from the esx server. In that scenario, the esx server would be double natted, it would use the linksys as its gateway, which the linksys in turn is using the HGV as its gateway. (this is a double-nat).

    What I was describing as a better setup that would keep both lans separate from each other as well as a single nat setup would be more like this:
    rt_mav3481_b.png
    It passes the public IP through to the linksys directly, and you put both the lans you care about behind the linksys (follow the linked doc in my first post on how to do the dual lans with the linksys). Ignore how your set tops get out, they're still going to think they are on 192.168.1.x, but the homegateway does weird stuff to let that keep working; all you care is that you've passed your public IP through to the linksys.

    You still get the network zones you wanted, they are still kept separate (even more so than before, the esx server cannot get to the other pcs on your 192.168.1.x lan), and all your internal IP's stay the same with only a single network address translation. You can still put both your nics on your win7 box in both zones if you want to let you get uninterfered access to the esxhost and esxguest boxes.


    Now, your initial setup should still work, it just has the doublenat problem and the lack of security.
    When you say you can't get to the internet from the 2.1 network, how are you testing that? Do you have a guest on the esxi box that isn't able to get out? Or are you testing ping from the esxi console locally? How do you have the management nic on the esxi system configured (ip, mask, gateway).

  • Mav3481

    Mav3481

    #13362992 - 9 years ago

    In reply to papercup, #6:

    That's exactly what I'm trying to do. I don't have the option to do the second steps (cabling in the house does not allow it.)

    Server: DL380 G3 - 2x3.2 GHZ with 8 GB RAM and 6x72GB SCSI HDD.
    iLo - 192.168.2.60

    VMWare ESXi 3.5
    Management: 192.168.2.61
    Two teamed NIC's for VMPROD connections. Both are on the 2.1 network.

    I am not able to get out to the internet from a 2K8 box, 2k3 box or an XP box.

    I cannot ping www.yahoo.com from the XP box, nor any of the others.

    It's possibly a bad DDWRT config.

    I do have my W7 box on both networks and it works fine.

  • papercup

    papercup

    #13363280 - 9 years ago

    The 3 boxes you described are client virtual machines, correct?

    Are you able to ping 192.168.2.1 from them?
    If you can, can you ping 192.168.1.1 from them?
    If you can, can you ping whatever your HGV's gateway address is?

    This would narrow down if its a routing issue on the ddwrt. If you can ping all three, maybe we are looking at a dns issue, not a network setup issue.

  • Mav3481

    Mav3481

    #13375158 - 9 years ago

    In reply to papercup, #8:

    I'll try that. Give me a little while with the Holidays and such...

    Hopefully (fingers crossed) I won't have to worry about it much longer as my bid for a house may get accepted..then I can just use the DDWRT router for everything...

  • Mav3481

    Mav3481

    #13386336 - 9 years ago

    In reply to papercup, #8:

    The 3 boxes you described are client virtual machines, correct?

    That's correct.

    Are you able to ping 192.168.2.1 from them?

    Yes I am able to

    If you can, can you ping 192.168.1.1 from them?

    No I cannot, but that is not a "real" IP. Doesn't ping from my PC either.

    If you can, can you ping whatever your HGV's gateway address is?

    - 192.168.1.254 - No I Cannot

    This would narrow down if its a routing issue on the ddwrt. If you can ping all three, maybe we are looking at a dns issue, not a network setup issue.

    So far it looks to be a DDWRT config issue.

  • papercup

    papercup

    #13386627 - 9 years ago

    Your pc cannot ping 192.168.1.1? Your PC is on the 192.168.1.x network is it not? What is the internal IP of the HGV?

  • Mav3481

    Mav3481

    #13388422 - 9 years ago

    Private Network
    Router Address: 192.168.1.254
    Subnet Mask: 255.255.255.0
    DHCP Range: 192.168.1.64 - 192.168.1.253
    Allocated: 22
    Available: 168

    That's the HGV.

    If I changed the IP scheme on the network to 172.16.0.0, would that make it easier? Thats an option on the HGV.

  • papercup

    papercup

    #13390857 - 9 years ago

    You shouldn't have to change the scheme. I'll correct the diagram:
    rt_mav3481_c.PNG .

    You still answered the question that mattered to me. You could not ping the internal IP of the other router. I'm wagering you can't ping any of the 192.168.1.x addresses. Can you ping the external interface (192.168.1.40) of the linksys from the VMware guests?

    Assuming the answer is 'no', then it's definitely a routing issue on the linksys. I'm assuming you *can* ping 192.168.1.40 and 192.168.1.254 from machines in the 192.168.1.x network (go ahead and verify that, since it's feasible either one could be set to deny pings).

    In the ddwrt config, basic setup tab, what do you have for the Local IP, Subnet, Gateway? In the WAN setup section, I'm assuming you have it set to Static IP, what settings do you have there for the IP/Subnet/Gateway?
    Actually, could you copy and paste the info from the Status tab - Wan subtab and Lan subtabs?

    (and if there's anything in my amazing mspaint based drawing up there that is wrong, please correct).

  • Mav3481

    Mav3481

    #13391739 - 9 years ago

    In reply to papercup, #13:

    You shouldn't have to change the scheme. I'll correct the diagram:
    rt_mav3481_c.PNG .

    You still answered the question that mattered to me. You could not ping the internal IP of the other router. I'm wagering you can't ping any of the 192.168.1.x addresses.

    I am not able to ping anything in the 1.x network from the 2.x network.

    Can you ping the external interface (192.168.1.40) of the linksys from the VMware guests?

    I *am* able to ping this:
    C:\Users\gbray2admin>ping 192.168.1.40

    Pinging 192.168.1.40 with 32 bytes of data:
    Reply from 192.168.1.40: bytes=32 time=2ms TTL=64
    Reply from 192.168.1.40: bytes=32 time=1ms TTL=64
    Reply from 192.168.1.40: bytes=32 time=1ms TTL=64
    Reply from 192.168.1.40: bytes=32 time=1ms TTL=64

    Ping statistics for 192.168.1.40:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 2ms, Average = 1ms

    Assuming the answer is 'no', then it's definitely a routing issue on the linksys. I'm assuming you *can* ping 192.168.1.40 and 192.168.1.254 from machines in the 192.168.1.x network (go ahead and verify that, since it's feasible either one could be set to deny pings).

    I can ping both from my Win 7 machine without the second LAN connection

    In the ddwrt config, basic setup tab, what do you have for the Local IP, Subnet, Gateway? In the WAN setup section, I'm assuming you have it set to Static IP, what settings do you have there for the IP/Subnet/Gateway?
    Actually, could you copy and paste the info from the Status tab - Wan subtab and Lan subtabs?


    DDWRT WAN:
    Connection Type - Static
    Login Status - Error
    Connection Uptime - 0:08:30
    IP Address - 192.168.1.40
    Subnet Mask - 255.255.255.0
    Gateway - 192.168.1.254
    DNS 1 -192.168.2.3 (Local DNS server in 2.x network)
    DNS 2 -192.168.1.254 (HGV)

    DDWRT LAN:
    IP Address - 192.168.2.1
    Subnet Mask - 255.255.255.0
    Gateway - 192.168.2.1
    Local DNS - 192.168.2.3

  • peelman

    peelman FIRST Member Star(s) Indication of membership status - One star is a FIRST member, two stars is Double Gold

    #13406102 - 9 years ago

    If you're still having problems, here is my recommendation: I would remove the VMWare server from this equation, temporarily... boil things down to basics:

    You have your Win7 box multihomed, unplug both connections. Plug in your primary NIC to a switch behind the 3800. Make JUST the one directly behind the 3800 work (it sounds like this is already true). Unplug.

    If the 3800 is providing DHCP to everything in the network, reset the WRT to be a DHCP client on the WAN interface. Make THAT work. Hang your Win7 box behind the WRT, and the WRT behind the 3800. With DHCP all the way through that should work without ANY tinkering. Once you get internet through there, unplug your Win7 box.

    With that up, NOW put the ESXi box behind the WRT. ESXi, IIRC (it has been a while since i played with it) has a console with rudimentary functionality, including at least the ping command to verify network connectivity. Get the ESXi console directly to where it can ping everything else on the network (don't worry about the VMs yet).

    Once that works THEN try your VMs. Once THOSE work, THEN go back and start setting things on the WRT to be static.

    I have seen guys return a rack of servers because they claimed the NICs were bad/incompatible with VMWare, only to later find out that it was their own screwup in configuring the virtual networking piece of ESX (this was pre-ESXi days).

    The one thing i have learned in my many years of this shit: Make it work, THEN make it pretty. Don't try to do the latter first, and don't try to do them both at the same time.

  • Mav3481

    Mav3481

    #13407600 - 9 years ago

    In reply to nick128, #15:

    Good idea. I'll try that and get back with you. Busy watching Hockey tonight :-)