[Semibug] Router / Routing questions

Anthony Cascianelli acascianelli at icloud.com
Thu Jan 21 16:43:02 EST 2021 

Can you run your access point in bridged mode, or are you looking to keep your wireless devices on a separate network segment?

You could try flashing something like DD-WRT onto the Linksys for more features.  It looks like it’s compatible. 

Anthony Cascianelli

> On Jan 21, 2021, at 4:34 PM, Josh Grosse <josh at jggimi.net> wrote:
> 
> Mark wrote:
> 
>> at home, I have a two networks, a wired network, which is on 192.168.1.0 
>> and a wireless network on 192.168.2.0, which is handled by a Linksys 
>> WRT1900ACS.
>> [snip]
>> I want to be able to set firewall rules for specific devices on the 
>> wireless network.  The Linksys has three modes, NAT, Dynamic Routing 
>> (RIP) , and Static Routing.  I know NAT doesn't work but should I try to 
>> set up RIP on the Firewall (OpenBSD based), or just try and use Static 
>> Routing?
> 
> 1. NAT *should* work, but you may not want to use it even if it does,
>   as you'd be double-NATting your wireless devices.  Simply, if the 
>   Linksys WRT provides NAT the way any SOHO router does, all devices on
>   the wireless network would share a single address on your wired
>   network, and the WRT would keep its own state tables for that
>   shared address.  Running any wireless services reachable by the
>   wired network would require port forwarding, and with double-NAT,
>   serial port forwarding in sequence to expose services to the Internet.
>   Double-NAT could cause problems for any IoT devices on the wireless
>   subnet if they expect incoming packets to create state, such as for
>   a "pushed" firmware update from a vendor. 
> 
> 2. Static routing is easy to set up.  Every device on the wired network
>   already knows its 192.168.1/24 subnet, and today any other addresses
>   route through your gateway router to the Internet.  For any wired
>   network device that needs to talk to wireless devices -- including
>   the gateway router for any incoming packets from the Internet -- add a 
>   route to its table that directs packets to the wireless network
>   192.168.2/24 through the wired address of the WRT router.
> 
>   If you neglect to add a static route to the 192.168.2/24 subnet from
>   a device on the 192.168.1/24 subnet, the outbound packets will be 
>   sent to your gateway router.  As long as *it* has the static route
>   for 192.168.2/24, it will redirect those packets to the WRT router
>   for processing.  Giving each device on the wired network a direct
>   route to the wireless network eliminates those duplicate packets
>   and the performance degradation they introduce.
> 
> 3. RIP or any other routing protocol is likely overkill, because you
>   don't have a need to reroute failed links through alternate routers,
>   you have no backup routing to provision.  Yes, you could provision
>   RIP, but it won't add any benefit.  
> 
> _______________________________________________
> Semibug mailing list
> Semibug at lists.nycbug.org
> http://lists.nycbug.org:8080/mailman/listinfo/semibug

More information about the Semibug mailing list