Home network issues

[don2009]

Hi, I'm trying to setup a home network. I'm not a mainstream linux user but I pick things up quite quickly.

Here's my situation, I have two wireless routers, thick house walls so I'm using an old PC to act as Zentyal sever. Wired connection to both from server, router A has internet access and is marked as external in the server setup. Router B is internal, everything is setup and working fine for those connecting to router B. As a side not I'm wanting the server to act as a firewall to stop kiddies etc accessing certain sites, the new internet router's firewall is complete and utter crap but can't do much as limited funds and it has a voip phone etc.

As the house walls are thick not everyone can connect to router B so some have to connect to router A, as this is external I've left it handling DCHP people can connect fine (no need for them to access the internal network really) and have internet... for about 10 mins. They quickly start to have DNS lookup problems, not sure why a quick reconnect to the router and they are fine again for a few mins. Anything using specific IP address's seems to work fine, just the main internet browsing issues etc.

Any sugestions how this can be resolved?

I have also tried using the server as DCHP for router A as this is flagged as external I'm assuming the firewall is preventing internet access for those clients connected to this router. Can ping from server to client but not otherway round. Set rules to completely open up firewall to those clients and does not seem to change.

Is this as expected?

Is the simplest solution to setup a third router near to A as anther internal connection and disable router A's wirless etc so just a modem effectvely?

Any tips solutions etc welcome

Thanks for reading sry if this seems like a wall of text, just want to be as clear as I can

[christian]

.../...
Thanks for reading sry if this seems like a wall of text, just want to be as clear as I can

  I read it 3 times and still don't understand everything 
I'll try again...

[don2009]

hehe okay too much text

breaking down a little more.

Router A = crappy orange livebox useless firewall
Router B = belkin

setup

B -> server -> A -> internet

this technically works as it should, B is configured as an access point the server is issuing IP address and handling firewall etc
A is setup on the server as DCHP and External (wan) ticked.

this works fine and as it should.

However, due to house layout (thick walls) not everyone can use (reach via wifi) B.

In my ignorance (perhaps) I dont see any issues with them connecting to A as they do not need to have access to the server. This works in that A issues them an IP and they have internet access, for a few mins. A few mins later they get error messages in browser. Windows claims there is a dns problem, if I type in an IP for a know website there is no problem in accessing it.

Questions

1) should this error be happening?

I dont see how or why the server should interfere with clients on router A at all

2) is this a poor setup that should never be used?

3) do I just need to add another belkin router to extend the network with?

thus ignoring A from clients point of view, and have them all on the "internal" side of the network.

Hope this is a bit clearer 

[christian]

Much clearer, thank you    Orange livebox... hum... are you in France?

1 - Based on what you describe (access from internet connecting directly to A, is it a question to be raised in Zentyal forum or is there still something I miss?
2 - you should be able to use Zentyal DHCP for this AP too if configured to forward broadcast. doing so, you can stop DHCP on A router and have single point of control at Zentyal level.
3 - Same you should be able to use Zentyal DNS instead of external DNS.
4 - Using Zentyal proxy will be a bit trickier because default gateway should be A router...

This said, behaviour you describe is strange and could be due to wireless network doping from time to time.

[don2009]

thanks for the reply

Will try making the orange box use the server for dchp, gave it a go earlier but was having firewall problems so it seemed.

Not completely sure on how to configure forward broadcast, but will give it a go.

and yup I'm in France, tempory exile

French food, French wine, French women... it's a hard life, but someone has to live it 

[christian]

I'm French BTW  and agree: life is hard here 

I'm not using Orange services so I can't help livebox configuration. I'll try looking at some around.
Idea is not for livebox to use Zentyal but for clients connecting to Livebox via Wifi to use Zentyal's DHCP which mean that access point will forward DHCP requests to internal network (and DHCP on Live must be deactivated, of course).

[don2009]

I've deactivated dchp on the orange live box.

reconfigured the eth card with static IP, I have left External(wan) ticked. Assuming this is correct.

Have setup ranges in the dchp for that eth card on server. The client machines are getting IP address's okay, however.. here's the fun.

I can ping the client from the server ok

client pc can't get a reply from anything

Firewall rule I'm overlooking?

or somethin even simpler?

[christian]

because this interface on Zentyal is defined as "external" (and BTW it must be defined this way!), it may not reply to ping request... if you look at firewall rule (on Zentyal), you may see such dropped request. Then you may ave to open DNS port for source addresses in you "external" DHCP range. Be also such that such DHCP range is configured to send Livebox as default gateway for WiFi clients.

[don2009]

I've changed the dchp settings on the eth card for the orange router to specify the IP of the router as the default gateway and the primary nameserver. This seems to have given internet access via the orange box once again, with the server issuing IP address's.

I hope that is what you meant for me to do, as I think I'm getting a bit tired with this problem and did not fully understand your last post.

Seems to be working tho

so many many thanks for all your help

wonder if it's too early for a beer? 

[christian]

I've changed the dchp settings on the eth card for the orange router to specify the IP of the router as the default gateway and the primary nameserver. This seems to have given internet access via the orange box once again, with the server issuing IP address's.

I hope that is what you meant for me to do, as I think I'm getting a bit tired with this problem and did not fully understand your last post.

Do not misunderstand my points: I'm only suggesting some of the way to achieve what I understand to be your goal 
Still, be aware that such design doesn't permit to use Zentyal proxy and, if you are using Livebox DNS, to use internal services. If internet access with no control is all what you need, what we did works.
If you need a bit more (i.e. HTTP proxy, internal mail or file sharing, then other designs have to be planned.

Seems to be working tho

Cool

so many many thanks for all your help
wonder if it's too early for a beer? 

Good idea. I'll do it right now 

[don2009]

I soon realised the failings of this method, however for now it fulfills what is required.

Although it would be nice to have filesharing, printer's etc

I think I will have to have a rummage and see if I do have enother router stuffed in a box somewhere, as all my other attempts to get the clients talking to the server properly on the orange box were drawing a blank. Clearly a lack of knowledge / experience on my part I believe.

But for now all is happy... I have beer... somewhere