Zentyal Forum, Linux Small Business Server
Zentyal Server => Installation and Upgrades => Topic started by: kmax9981 on July 20, 2012, 09:00:26 pm
-
I have been reading through the posts and the Zentyal Documentation but I have not found a solution to the setup I hope to use.
Cable Modem (ISP) > eth0:::Zentyal:::eth1 > Cisco E4200 Wiress Router > Switch > Lan
Basically I want to use the Zentyal server as a Firewall and VPN Server. I use a wireless Router and wish to continue to use it rather than buy a second AP.
I think what I need to do is set eth0 as External WAN with DHCP from the modem
eth1 should be static, let's say 192.168.1.1
The router's default address is 192.168.1.1, to me this would be a conflict, should I change the router ip or change eth1 and set up a default route pointing to eth1. Since the Cisco Router has DHCP I would not need to configure that in the Zentyal Server.
I have Zentyal 2.2 installed on a stand alone box
If anyone else has set up something similar or can help with this I would be so very tremendously grateful.
Kevin
-
Kevin,
Keeping DHCP on your wireless access point is not mandatory.
You have 2 choices (plus some other solutions that are slightly more complex and not useful)
1 - set up one segment (192.168.1.0) between Zentyal internal interface and Cisco wireless access point and configure another segment (e.g. 192.168.2.0) for devices attaches to Cisco access point. DHCP on Zentyal for one single device (Cisco here) is not very useful.
2 - use on Zentyal as DHCP server: activate "DHCP relay" feature on Cisco (btw are you using Cisco's or Linksys standard firmaware?)
I would vote for the second solution because all devices will get Zentyal as default gateway ;)
-
christian,
Thanks for the suggestion. I am running the default cisco firmware on the Wireless Router. I am a little confused in regards to the 1st option, you said 2 segments, 1 to the internal interface and the cisco wireless router and the 2nd segment for devices connecting to the router?? Not sure what you mean there, I have 2 NIC's in the Zentyal Box. Is the topology I shown correct? I am worried that if I put the Zentyal box after the Router then the wireless clients would bypass the firewall.
-
Sorry if I was not clear. what I meant is this:
Internet - ISP <---> cable modem <---> Zentyal ext. NIC <--> Zentyal <--> Zentyal internal NIC <-- 192.168.1.0 --> Cisco access point <-- 192.168.2.0 --> your devices here
There is no way Zentyal can be bypassed 8)
-
Yes, that is much clearer now thank you!! so would I leave the DHCP service turned on on the Cisco Router? and how would I tell the router to point to the Zentyal Box as the Default Gateway?
-
Yes, that is much clearer now thank you!! so would I leave the DHCP service turned on on the Cisco Router? and how would I tell the router to point to the Zentyal Box as the Default Gateway?
Yes if you go for solution 1 with 2 networks segments.
At Cisco level, connect "WAN" interface to Zentyal,,, that's almost it. If defined as "external", Zentyal will be the default gateway. I don't use Cisco firmware but for what I remember, with Cisco firmware, you can even manually defined your gateway.
-
There seems to be a problem.
I have the following
ISP <-> eth0 (DHCP, External WAN Checked) <-> Zentyal <-> eth1 (Static 192.168.0.1, Ext WAN Unchecked) <-> WAN Port Cisco Wireless Router
Zentyal Settings
Network
Gateway automatically added eth0 192.168.1.1 as default and will not let me change it
DNS I have 2 8.8.8.8 and 8.8.4.4
However I loose internet connectivity this way, when I goto a webpage I get a dns failure
I'm, sure I am missing something here
I am not sure what to set my router as, I have the option of a static ip for internet configuration it asks for
Internet IP
Subnet mask
Default Gateway
DNS
DNS2 (optional)
DNS3(optional)
Would I put my external ip address from my ISP
I am assuming the Default Gateway would be the 192.168.0.1 of my eth1 NIC?
-
OK let's see...
Zentyal's external interface gets the IP by DHCP. So the default gateway is set automatically, that's ok.
But if the default gateway is 192.168.1.1, that means that your cablemodem is NOT only a modem but also router.
Lets call it the first router.
Zentyal has an external interface and an internal interface. That is the second router.
Your wireless Cisco is the third router. I do not recommend this setup, it will be problematic but possible if you insist.
Please explore other setups, my opinion:
- Set the cablemodem as bridge to eliminate the router
- Zentyal's external interface gets a public IP. It can be a firewall and VPN server as you requested
- Think about what you want the Cisco to do. If it is merely used for the wireless capability, use DD-WRT firmware and set it up as an AP.
- If you want it to be a router, no problem.
Cheers.
-
+1 with Escorpiom ;)
If I may add some explanations:
- you can (most likely) set up your cable-modem as a bridge and get public IP on external Zentyal NIC. If you don't do this, outgoing services (like web browsing) will work but incoming services (mail, web server, VPN server) will not unless you set up manually redirection at modem (router) level. A bit more difficult but much more secure. This is what I use 8)
- I fully share the DD-WRT advice (I'm running it too) but if you're not confident with this firmware change, Cisco/Linksys permits to set up you access point as an access point without routing. This is much simpler for everything, trust Escorpiom ;)
-
Thanks Guys for your help, I will give this a try and let you know. I greatly appreciate the quick and information responses!!
-
I anm trying to access my modem
It is a Scientific Atlanta Webstar DPC 2100 series
I did some searching and found that the access for the modem is 192.168.100.1
When I go there in Firefox I get the following message
The image at "Http://192.168.100.1/" can not be displayed because it contains errors
If I use IE I get
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN">
<HTML><HEAD><TITLE>Scientific-Altanta WebStar Cable Modem</TITLE>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1400" name=GENERATOR></HEAD>
<FRAMESET border=0 frameSpacing=0 rows=150,* frameBorder=0>
<FRAME name=banner src="webstar.html" noResize scrolling=no target="contents">
<FRAME name=main src="system.asp">
<NOFRAMES>
<body>
<p>This page uses frames, but your browser doesn't support them.</p>
</body>
</NOFRAMES>
</FRAMESET>
</HTML>
Is this Cable modem also a router??
-
multiple points here:
- what you write about IP for administration being 192.168.100.1 seems not aligned with what you wrote earlier about Zentyal default gateway (using DHCP). Assuming DHCP server here is your Webstar DPC cable modem, then admin IP is most likely your default gateway...
- what is even stranger is that you get an answer while access 192.168.100.1... is default gateway on Zentyal wrong ?
I suggest you connect you cable/modem/router to internet (ISP) and connect your PC directly to it, configured as DHCP client and look at what you get as IP address and default gateway. once connected, try to access to http://defaultgatewayIP/ (http://defaultgatewayIP/)
You may face problem with frame support but this depends on your browser (are you running very old Firefox or IE version?)
For what I read so far, I'm not sure you can deactivate router feature on this cable modem. You may have better time configuring port forwarding... but documentation I found so far focuses on how to configure workstations to be connected directly to this modem ::)
I case nothing works, think about resetting to default (factory) settings.
-
Sorry, I guess I should elaborate, I disconnected the Zentyal box from the network since I needed to be able to access the internet to post, at this time. In fact I have just started a reinstall of Zentyal to start fresh. I will let you know what I come across after I give it another try, but this is the general idea I am getting.
ISP (Static IP address x.x.x.60) <-> eth0 (DHCP, External WAN checked) <-> Zentyal (Firewall, VPN, Gateway, DHCP) <-> eth1 (static 192.168.1.1, External WAN unchecked) <-> Non WAN Port Cisco E4200 Wireless Router (DHCP Turned Off)
Does this sound right?
-
I'm sorry but I understand nothing about what you describe compared to what you told us already.
There is no more cable modem in your description :o vanished ?
It also looks like you defined internal Zentyal interface as external while external (ISP side) is not defined as external ::)
Well, I'm totally lost...
Therefore I'll make some assumptions:
- you do not mention your cable modem because you successfully disabled "router" feature
- you decided not to operate E2400 as a router, meaning you want devices attached to E2400 to access directly Zentyal internal interface (meaning on same network)
If above is correct, then you should have something like this:
ISP <-> cable modem <-> eth0 (DHCP 69.14.151.60), External WAN checked) <-> Zentyal <-> eth1 (static 192.168.1.1, External WAN UNchecked, DHCP service configured for this interface) <-> Cisco E4200 Wireless Router (DHCP Turned Off) connected to Zentyal via LAN port.
If my assumptions were not correct, then you could set ip up like this:
ISP <-> (static 69.14.151.60) cable modem (static 192.168.100.1)<-> eth0 (DHCP 192.168.100.x), External WAN checked) <-> Zentyal <-> eth1 (static 192.168.1.1, External WAN UNchecked, DHCP service configured for this interface) <-> Cisco E4200 Wireless Router (DHCP Turned Off) connected to Zentyal via LAN port.
then other designs exist for E2400: either connecting to LAN ports (DHCP turned off) or connected to WAN port, in such case, you can enable DHCP...
-
Sorry I think I am overthinking this. I have not been able to access the cable modem to make any changes. When the cable modem is connected to the Router without the Zentyal box, My external IP address is x.x.x.60 this is static, it is what I get all the time
If I disconnect the modem from the router and plug the ethernet cable from the modem directly to the nic card of my netbook my interal and external ip address are the same but now it is x.x.x.10
Not really sure why the difference there. I have no idea whether my modem is a router or not, I do not think it is, but what do I know.
I have tried to interpret the suggestions here and that is why I can up with what I thought was suggested and would work in my diagram which I will append below.
ISP <-> Cable Modem <-> eth0 (DHCP, External WAN checked) <-> Zentyal (Firewall, VPN, Gateway, DHCP) <-> eth1 (static 192.168.1.1, External WAN unchecked) <-> Non WAN Port Cisco E4200 Wireless Router (DHCP Turned Off)
-
This should work like this :)
With such design, your cable modem will not act as a router and Zentyal external interface will get an IP in the 69.14.x.x range (or whatever provided by WideOpenWest)
-
Yes it seems to be working, I set the wireless router to bridge mode
Now to just configure the DHCP with reserved address.
Thank you sooo very much for your help you are awesome
-
So The network is working great, Zentyal is assigning address like a charm.
Here is where I am confused.
I set up a DHCP Range of 192.168.1.100 - 192.168.1.244
This is where I want the DHCP to work in for my guests.
Now I would like to do is set up some clients with DHCP Reserved (or fixed address) in the 192.168.1.2-192.168.1.99 range
So as I understand it...and realistically I don't ;-)
You create a network object, let's say Laptop1
and then you add members to this object, example Wifi and Lan
You can add MAC address and the IP address to these members.
And that's it?? Right??
Cause when I do this Zentyal still assigns address in the 192.168.1.100 - 192.168.1.244 range. I have restarted DHCP and done a ipconfig /release and ipconfig /renew on the laptop. Still assigned the same address in the above mention range.
Any ideas?
-
when you look at IP address associated with lease you obtain for this device, does it match what you set at object level?
BTW, your understanding of reserved IP for DHCP looks correct 8)
-
No it does not match, I created an object, Kevin Netbook, and added the wifi and lan mac address as members with the ip address 192.168.1.4 for the wifi, however when I connect to wifi, I get assigned the address 192.168.1.149. so it would seem that the DHCP Reservation does not work
-
I suppose my question was not clear, sorry.
When IP address is assigned within DHCP range, you can look at MAC address associated to this device. Is this MAC address matching what you defined in your static object?
-
Yes, the MAC Address in the DHCP Lease widget matches the MAC Address of the Network Object Member
-
Strange... are you sure you did not forget to add this "object" as the one to be associated with fixed adresses in DHCP section?
-
Yep, that was it, all fixed now!!
Dude you rock
-
yes but there is one additional step missing here (at least for what I understand from your process):
- in DHCP options section for this interface, you have to select the object describing devices that will receive such fixed addresses.
Creating and populating the object is not enough 8) if link between such object and DHCP associated to your interface is not described somewhere.
-
yes, I created the object and then added the members, then I clicked DHCP and then chose the object in the fixed address section and it worked, Thank you
-
cool 8)
does it mean you can now edit post title and stamp it as [SOLVED] ???
-
Would love to....How do I do that??
-
Read the sticky's :)
I've changed the title for you, nice everything got sorted out.
Cheers.
-
thank you