Zentyal as gateway Toplogy

[zenashi]

Hi all:

I would like someone to supply simple answer how to configure Zentyal toplogy:

As i assume:

-1 nic to my modem
-2 nic to internal simple hub.

But if i want my wifi (today it supply from my router) to continue work ? what should i do?

Do i need my current Dlink router, at the Zentyal topology ?

Best and thanks in advance,

[robb]

I am unsure what exactly you mean...

if it is like this:

internet----- modem/router/AP--------zentyal-----LAN

Then I would advice against the use of the AP since all connections with that AP will bypass Zentyal. Better would be disable the WiFi in the router and add another AP behind Zentyal.

[zenashi]

Ok that sound as good advice.

So Zentyal is act as a router thats mean:

internet --> modem (no router) -->Zentyal (as a router) -->switch (LAN) --> AP (for Wifi)

Is that correct?

[Escorpiom]

Seems OK to me.

Cheers.

[zenashi]

Thank you all (-:

[gnuskool]

Actually I started out with your setup and it didn't work for the reasons pointed out, so I added a router to the 'external' side of the network.

modem --->router---->eth0>>>|SERVER|>>>>eth1 -----> AP ----> wireless clients

[memilanuk]

Hello there,

I hope its not a problem if I jump in here with a similar question...

Right now I have a wireless AP plugged into the jack from the local provider.  It connects to the WAN via PPPOE, acts as a firewall and provides static and dynamic DHCP, DNS cache, NTP and other simple services both to wireless clients as well as wired machines that connect to the built-in four-port switch.  It also maintains security for the wifi clients via WPA2 and MAC address authentication.

I'd like to take an older desktop PC and set it up as a Zentyal gateway to provide more or less the same services - at least initially, and later expanding to allow external access to certain services and/or machines (I do have a static IP from my provider, as part of my 10 up / 100 down fiber package).

I presume I'll have to put the Zentyal gateway directly between the fiber provider jack and the wireless AP... guess my only hang-up is not being sure that if I should plug the cable from the gateway server into the WAN port on the wifi AP or into one of the switched ports to make things so that the Zentyal gateway is providing services like DHCP, DNS, NTP, etc. to the downstream client machines (after turning off the built-in servers on the wifi AP)?

[christian]

Everything work here, including the opposite! Really   

You can have:
internet <-> Zentyal <-> AP <-> clients
or
Internet <-> AP <-> Zentyal <-> wired clients
or even anything else you may imagine.
What is really important is to understand what are services you need to provide, what are components providing it and how all of this may conflict, overlap or create holes. You have also to pay attention to features offered by each component: in case some filtering or routing is not possible, this could impact your choices.
Once this is (technically) understood, you have to decide on best strategy which will depend on what really matters for you. If having one single HTTP proxy with filtering is a must, internet <-> Zentyal might be the right choice.
From my personal standpoint, this design is the more efficient and I'm even not using WAN features of various AP deployed in my own network: almost all wired or wireless clients connect to same network and same segment.

[memilanuk]

If having one single HTTP proxy with filtering is a must, internet <-> Zentyal might be the right choice.  From my personal standpoint, this design is the more efficient and I'm even not using WAN features of various AP deployed in my own network: almost all wired or wireless clients connect to same network and same segment.

That sounds pretty much like where I (think I) want to end up.  Are you running the ethernet cable from the Zentyal gateway to the WAN port on the AP, or one of the switched ports?

[christian]

The easiest design is NOT to use AP WAN port 

However, here again, you can, technically, do both depending of what your AP firmware permits as long as you understand that using WAN port means that IP addresses for Wifi clients are not in the same range.
Well, it's a bit trickier in fact because the accurate answer depends on your firmware 

Let's make it simple: do not use WAN port, rely on Zentyal's DHCP server (be sure you relay DHCP requests on Wifi) et voila.

[gnuskool]

Memilanunk,

here is  my setup as example

ext. router 192.168.0.1
eth0 192.168.0.10
eth1 192.168.1.1 configured to be DHCP server in range 192.168.1.15 -192.168.1.95 - connect on LAN, not WAN port
AP 192.168.1.2