Hybrid 10Base2/Ethernet network

Topic

New Reply

I am trying to insert a hardware firewall box into a network. The existing network, which works fine, is made up of 7 computers (A-G for the purposes of this discussion). A, B and C are coax-connected (10Base2), where A is one end of the string, B and C are mid-string, and the coax network terminates in a hub that has 1 coax connector and 8 Ethernet RJ-45s. Computers D, E, F and G connect directly to this hub. A also has an Ethernet NIC which connects to a cable modem. The computers in the network run Windows 98, 98SE and XP Home. All can see each other, and all can get to the Internet. TCP/IP is used throughout. A’s internal IP address is 192.168.0.1. All the other computers are named 192.168.0.x. Computers B-G name 192.168.0.1 as the gateway in their IP properties.

Now for the problem. I have a firewall box (D-Link DI-704P) which I inserted between the cable modem and computer A. Its default IP address is 192.168.0.1, so I changed A to be 192.168.0.2, and modified B to point to 192.168.0.2 as its gateway. I powered off all systems except A and B. B was not able to get to the Internet. B was not even able to ping A (by IP address or name), but Explorer on B can see files on A. A was able to do everything.

Next, I changed the firewall’s internal IP address to be 192.168.0.20, reset A to 192.168.0.1, reset B’s gateway to 192.168.0.1 and rebooted everyone. A was still able to do everything (Internet and shared files on , and B was able to see files on A, but was still unable to ping A or get to the Internet.

I’m confused. It looks I have no choice but to use 192.168.0.1 for A, because all the others could only access the Internet when this was A’s address, but the introduction of the firewall box (named 192.168.0.20 because this address was not in use by any of the other computers) prevented everyone except A from getting to the Internet.

Help much appreciated!
Mo

Reply | Quote

Replies

WOW, a little confusing but lets see. Question, What OS is on A?? Does A have internet sharing???

If we break this down. the firewall/router should be 192.168.0.1 which is also your gateway. Internet sharing should now be going thru the router and not A. Then, make sure all IP settings are consistant. B = 192.168.0.10 C = 192.168.0.11 D = 192.168.0.12, etc. Make sure the subnet mask is 255.255.255.0 and the gateway is 192.168.0.1. Unfortunately, I haven’t worked with coax in over 15 years but I’m sure it’s not that. Lemme know if this helps or not,

Reply | Quote

Thanks, Mike. I see that you’ve suggested something so obvious that I didn’t try it (do I hear a duhh?). I was continuing to point the downstream computers at A, instead of the router. Gimme a few days to fix it up, and I’ll get back to you.

Mo

btw, I attached a network diagram showing the way it is today, and the way I think you’re suggesting. I’m using the actual names instead of A, B, C.

Reply | Quote

MWolfman is right. However, here’s a question, does your router support ‘proxy’ capabilities? I ask this because it sounds like you had two IP addresses on A. 192.168.0.1 (which is the ‘internal’ LAN address), and another IP address, since 192.168.xxx.xxx is an invalid Internet IP address (reserved for LAN use only….along with 10.10.xxx.xxx I believe). Thus, your router would need to use NAT translations to ‘represent’ your 192.168 addresses on the net. I’m not a wiz on routers, so I may be shooting at smoke here……

My concern is that if you only have 1 valid IP Address available to you on the internet, will your router/firewall actually act as a proxy for you. If what MWolfman suggested doesn’t work, try going back to your original configuration, however set A’s internet NIC to have say 192.168.2.2, and have the internal IP of the router be 192.168.2.1, with it’s external as the IP of A’s previous internet IP.

Reply | Quote

Yes, I have a single static IP address, assigned by the ISP. In the original configuration, A performs NAT as it is the ICS host. With the router, it does all the NAT work, and appears as another internal address to all the computers on the network.

Mo

Reply | Quote