Question

Posted

Hey all.

Having a problem which I've been racking my brains over for a few days, trying to figure things out. As its a bit of a lengthy one to explain, I took the liberty of recording a video earlier to show in more detail the problem I'm having. It involves try to share a wireless internet connection through a server and then through a router.

Here's the YouTube link:

[media]http://www.youtube.com/watch?v=S7gxnaO4A-c[/media]

As promised in the video, here are a few screen shots of some details.

ipconfig with ICS disabled: [url="https://www.dropbox.com/s/fbia0vuswljaka8/icsdisabled.jpg"]https://www.dropbox....icsdisabled.jpg[/url]
ipconfig with ICS enabled: [url="https://www.dropbox.com/s/e8gghm7kmt29rop/icsenabled.jpg"]https://www.dropbox..../icsenabled.jpg[/url]

LAN info pane: [url="https://www.dropbox.com/s/yftlyebkcybtiwp/lan.jpg"]https://www.dropbox....cybtiwp/lan.jpg[/url]
Wireless info pane: [url="https://www.dropbox.com/s/moxuapfcdbj0d03/wireless.jpg"]https://www.dropbox....03/wireless.jpg[/url]

I forgot to take anything showing any settings of the router. If there's anything I haven't included which could help, please do let me know as I'm not entirely sure what information to include. Any help on this would be greatly appreciated.

Many thanks!

Andrew.

Share this post


Link to post
Share on other sites

29 answers to this question

  • 0

Posted

Why don't you just use a wireless router? It there some specific reason, it's like you are trying to find a solution to a problem which doesn't exist...

Share this post


Link to post
Share on other sites
  • 0

Posted

after watching the video, you are trying to access 2 different networks through 1 connection using the subnet mask of 255.255.255.0, this limits the connections to say the routers range of 192.168.1.x and the other network wont be reached.

You need to change the subnet mask to 255.255.0.0 if memory serves me correctly so as it is shared between the 2 different ranges (it been a while since done anything like this so I might be wrong here, but I think that is all you need to change)

**Edit**

Upon watching video again, I think you need to do ICS through the other network connection so as the network you are trying to share to is able to access the internet through the server then, and the router it is connected to acts as a switch for the connections through the server.

Share this post


Link to post
Share on other sites
  • 0

Posted

Xendrome, the router there is a wireless one but to my knowledge, I can't connect to the wireless internet connection provided by the IT department AND allow computers to access our own little network for the likes of file sharing. What I don't want on the other client computers is to have to connect to the internet or our own private network. I want both of them to be available at the same time and have the internet run through the small network we have in place. I hope we're thinking along the same lines.

Thanks, YouWhat. So I think if I enable ICS on the wifi connection, I can no longer access the server from any of the other clients and the internet certainly doesn't get shared to any of them regardless if they're connected by wire or wirelessly. I can check in to this tomorrow though just to be sure.

Thanks so far :)

Andrew.

Share this post


Link to post
Share on other sites
  • 0

Posted

From the screen shots and the videos, what I saw was server to router was wired connection, and the wireless connection for internet on server, hence 2 seperate networks, but the subnet mask on server for the "shared" connection should be changed as I mentioned above to bridge the 2 networks as they on 2 different subnets.

Share this post


Link to post
Share on other sites
  • 0

Posted

You would use ICS if the WAN IP was on your PC NIC and by the looks of it you ICS the wireless to the NIC and not ICS on the NIC to the wireless (unless your wireless to the NAT) since you have a NAT in place you just need to bridge the NIC & wireless.

Share this post


Link to post
Share on other sites
  • 0

Posted

So you have two networks your internal network for your lan and the external network for your wan which in your case happens to be a usb connection.

You need some kind of routing between the two and different subnets.

Since you have it connected to the server you can use routing and remote access to do nat (or TMG) then you can simply add the router on the internal lan and relay on the dhcp,dns etc you have in place already.

ie connect the router to the switch and give it a LAN ip.

ICS is best avoided on servers it only works on 192.168.1.x or you have to modify the registry or your ip addressing scheme.

Share this post


Link to post
Share on other sites
  • 0

Posted

OK thanks YouWhat. That's something I'll be sure to try! Do I change the routers subnet or the servers subnet under xp's tcp/ip settings? Also, do I not just change it to match the wireless connections subnet which ends in 252.0? I'm guessing the 0s in 255.255.0.0 correspond to xxx of the IP addresses? Confusing myself really now!

Andrew.

Share this post


Link to post
Share on other sites
  • 0

Posted

"allow computers to access our own little network for the likes of file sharing."

How many computers/servers do you have in your little network? And where are they wired too to allow your file sharing?

You mention you "zero" out the gateway of your lan interface when you connect the wireless dongle - do you need that gateway to access anything. Where are you getting your wired IP from? Are you setting them static?

I don't understand why you don't just wire you machines to the wireless router and let it give you an IP and use it as you gateway.

If all you have is handful of computers, **** even if it was hundreds.. If they are just a isolated network, with no other networks to connect to.. I don't really understand the issue - why did your IT dept hand out those dongles, you mention you have quite a few of them? When they could just wire your existing boxes to that router.

edit: So this is a hospital radio station - so its not tied to the actual hospital network at ALL?? I sure hope not if your just using wireless without any encryption.

So just noticed your lan setting did get an IP from dhcp.. What is acting as your dhcp server, is that something you control, or IT dept and you have access when not connected to wireless to other computers, domain? etc.. Trying to understand who controls that your computers are on a 192.l68.1.0/24 network? And if you get to other networks like 192.168.2.0/24 when using the normal wired interface and its gateway?

Share this post


Link to post
Share on other sites
  • 0

Posted

There are 3 computers wired to the router, the server and 2 others. There are 3 more which are connected to the router wirelessly. The network is mainly used for file sharing really as the stations music collection is spread out a bit amongst a few of the computers (something we're working on sorting).

If I don't zero out the gateway on the routers settings page, only the wireless internet connection on the server will work and access to the LAN won't or visa versa depending on what adaptor you disable. I can't answer your question about if we need it to access anything as I'm not sure. As far as I'm concerned when I zero that out, both the Internet and LAN are accessible on the server.

The wired IP comes from DHCP on the router 192.168.1.100, 192.168.1.101, 192.168.1.102 and so on. I'd love it if I could just plug things in and have it all work! I wouldn't be having this issue to start with if it did. I can only wish.

We're all volunteers at the hospital radio station and our computers are not provided by the hospital trust or IT department. They've kindly provided us with the means of accessing the internet through wifi over a guest network for patients and clinical use. So really, we're on our own with it. They have no links or responsibility for us. I hope this helps clear up a few things.

Cheers!

Andrew.

Share this post


Link to post
Share on other sites
  • 0

Posted

Hello
I see what you are doing and why it is failing.
First of all when you enable internet sharing, windows will set its IP Address to 192.168.0.1 which is why you lose access to the file share after you enable ICS.
My suggestion is:
Server
====
WiFi adapter: Static IP (valid for what your IT team has configured for their network)
Ethernet adapter: Static IP which is different to the wifi adapters. E.g 172.19.1.1, 255.255.255.0
Install the following roles/components: Routing and Remote Access, DNS, DHCP
Configure the DHCP and DNS servers for your own little network there
Configure NAT from the wifi adapter to the Ethernet

Router
====
Get rid of it and replace it with a switch where all PCs will connect to.

So the overall network architectureis that your server assigns IP Addresses (DHCP) and provides name resolution in that scope (DNS). The server also performs NAT between the two networks that have totally different IP addresses. The DHCP server also advertises the NAT server as a router so that any machine that obtains an IP address from that server will also retrieve info about the NAT server.

Please ensure your DHCP and DNS services only listen to the Ethernet ip address to avoid bringing your companies network down :D

Share this post


Link to post
Share on other sites
  • 0

Posted

Thanks for your feedback, Riva. So the IP address that we get given by the trust's wifi network is assigned by DHCP so we can't set a static IP as its out of our control (I think this right?). The server is always on and therefor should never go past its lease time. I'll try the other steps you suggested regarding the ethernet adaptor.

The problem with a switch is that there are other computers that we can't run network cable to. Its a PFI hospital as well which means we can go putting holes in walls or even securing cable with clips to walls etc. Running network cable to the other computers is sadly out of the question.

Andrew.

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='Andrew Smith' timestamp='1361925686' post='595546006']
Thanks for your feedback, Riva. So the IP address that we get given by the trust's wifi network is assigned by DHCP so we can't set a static IP as its out of our control (I think this right?). The server is always on and therefor should never go past its lease time. I'll try the other steps you suggested regarding the ethernet adaptor.
[/quote]
simply set the values that DHCP has set for you, as statics

[quote name='Andrew Smith' timestamp='1361925686' post='595546006']
The problem with a switch is that there are other computers that we can't run network cable to. Its a PFI hospital as well which means we can go putting holes in walls or even securing cable with clips to walls etc. Running network cable to the other computers is sadly out of the question.
[/quote]
Keep the router but turn off DHCP on that router.

Share this post


Link to post
Share on other sites
  • 0

Posted

There are 3 computers wired to the router"

What router??? That router you show in the video that gives you internet via wireless? Or that is your router that does not have internet?? You say you get internet via a tplink wireless, and then show a tplink router -- I assumed you got your internet from that router.. But that is not the case??

Draw out your network please -- your making this WAY too complicated!!! See that wireless network you on 192.168.216 /22 -- who in the world wold setup a /22 on a wireless network?? There is no freaking way that little tplink is going to be able to handle up to 1022 hosts.

So the wireless network that gives you internet is NOT the tplink in your video?

You mention some machine are wireless - so they are wireless to your router, and not the internet wireless?

What is the ssid of your wireless network, the one you show is uhguest and its not encrypted and has a /22 mask.

Share this post


Link to post
Share on other sites
  • 0

Posted

Ok this is how I understand your network - is this correct. Once we are clear on your setup, then we can work out how to share that internet connection while allowing your computers to still share stuff

[attachment=328822:yournetwork.jpg]

You might have switch connect to your router as well? Not clear on that - but in general this is your setup correct?

Here's the thing if you use ics on your server -- yes its going to change your lan network to 192.168.0.0/24 and give itself a 192.168.0.1 address. Your other computers would now either get dhcp from your router, or your ics dhcp server that gets turned on when you enable ics.

Quick easy thing if that is your correct setup. Is to just turn off dhcp on your router. Set its IP to be on the 192.168.0.0/24 network - say .254 so you can still manage its wireless. You would want to verify what the ics dhcp server uses as its scope so you don't conflict..

Now let all your boxes get dhcp from your ics box - and they will all be on the 192.168.0.0/24 network and use that ics box as their gateway to the internet.

Please verify this is your setup and we can walk you through setting this up.

Share this post


Link to post
Share on other sites
  • 0

Posted

Well I'm pleased to say that thanks to your help BudMan, everything is working as we wanted! This was achieved by disabling DCHP on the router and setting its IP address to 192.168.0.254. The subnet mask was left as 255.255.255.0.

On the server, under TCP/IP properties I used 192.168.0.1 as the IP address and the same subnet mask as above. I then enabled ICS on the wireless network and enabled the following services:

DHCP (67)
DHCP (68)
DNS

Do I actually even need to enable these?

Also BudMan, your diagram was correct and there is no switch connected to the router anywhere. I'm really impressed this all works seamlessly and we're able to access files stored across the network as well!

Thanks very much once again!

Andrew.

Share this post


Link to post
Share on other sites
  • 0

Posted

This is one of the FEW scenarios that use of ICS actually makes sense to use ;)

Yes your going to need to allow dhcp to your ics box from your other boxes and dns as well if your going to use the dns forwarder feature of ICS.

Now one thing I would suggest is on your wireless network interface you unbind it from file and print sharing, windows network, etc. Your not going to want people on that guest network to access your servers file shares or even talk to it with windows networking from a security standpoint.

On your wireless card you connecting to the uhguest network with uncheck file and print sharing - I can't get a picture showing both since I have a few extra bindings. But there is also one called file and print sharing for microsoft networks - uncheck that as well.

[attachment=328834:wirelessbindings.jpg]

I would also double check what the dhcp scope of ICS is -- make sure it doesn't have the ability to hand out 192.168.0.254... Now it shouldn't since there should be a check to make sure its not in use before it hands out a lease.. but I would double check what IPs by default ICS dhcp can hand out.. For all I know it can use the full .2 to .254 range?? Or maybe its just .100 to .150?? Your free to use any static IPs that fall outside this scope. Just point them to the 192.168.0.1 for gateway and dns with /24 as mask.

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='BudMan' timestamp='1361978537' post='595547178']
I would also double check what the dhcp scope of ICS is -- make sure it doesn't have the ability to hand out 192.168.0.254...
[/quote]
That is what the OP has done ICS is handing out IP's with a gateway IP to ICS double NAT with wireless.

Share this post


Link to post
Share on other sites
  • 0

Posted

I know exactly what the OP did ;) I told him what to do ;)

But my point is - it might be possible that the ICS dhcp server might hand out that 192.168.0.254 that he setup on his router as its lan IP falls inside the ICS dhcp server scope?

I don't know off the top what it defaults too it might be the whole subnet .2 to .254?? And since he is setting a static of .254 there COULD be a conflict at somepoint.

Here is article I dug up for windows 7, might be the same reg keys for 2k3

http://support.microsoft.com/kb/230148
How to Change the IP Range for the Internet Connection Sharing DHCP service

I suggest he look in the registry for what range of IP the ics dhcp server could hand out.. And if there is any STATICS (like he did on his routers lan IP) he wants to set to adjust the dhcp range to relect that and to not overlap.

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='BudMan' timestamp='1361994046' post='595547742']
I know exactly what the OP did ;) I told him what to do ;)
[/quote]
Except in your diagram you use 192.168.1.0/24 the OP used 192.168.0.0/24 plus you list DHCP from your router in your diagram the OP disabled the DHCP on the router.
[url="http://www.neowin.net/forum/topic/1138762-sharing-a-wireless-internet-connection-through-a-server-router/page__p__595547032#entry595547032"]http://www.neowin.net/forum/topic/1138762-sharing-a-wireless-internet-connection-through-a-server-router/page__p__595547032#entry595547032[/url]

Share this post


Link to post
Share on other sites
  • 0

Posted

Yeah I did use 192.168.1 -- because that is what HE WAS USING!! Look at the image he posted of icsdisabled

https://www.dropbox.com/s/fbia0vuswljaka8/icsdisabled.jpg

That drawing was his current setup, not a setup AFTER he setup ICS. Then I clearly stated

"yes its going to change your lan network to 192.168.0.0/24 and give itself a 192.168.0.1 address."

Then read what I told him to do.. Disable dhcp on his router NOT connected to the internet. And give it a 192.168.0.254 address.

I was very CLEAR that was his current setup BEFORE he did anything with ICS -- look at it again!

Do I really need to draw it how it is working now that he did what I told him.. Which by the way he stated is working and thanked me for.

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='BudMan' timestamp='1361996869' post='595547842']
Yeah I did use 192.168.1 -- because that is what HE WAS USING!! Look at the image he posted of icsdisabled

[url="https://www.dropbox.com/s/fbia0vuswljaka8/icsdisabled.jpg"]https://www.dropbox....icsdisabled.jpg[/url]
[/quote]
Yes ICS was disabled guess where 192.168.1.x came from? The router when its DHCP was enabled.

Share this post


Link to post
Share on other sites
  • 0

Posted

^ duh!!! no **** dude.. I clearly stated that in the drawing where I list the other machines as dhcp from "your" router. Again that drawing was before he enabled ICS.

What is the point your trying to make?

If he would of followed your advice

"since you have a NAT in place you just need to bridge the NIC & wireless. "

he would of placed all of his boxes on the 192.168.216 network that is shared with god knows who and is opened without any encryption.. That is NOT his wireless network that has internet, its the hospitals and is open to ANYONE at the hospital I would assume, if you notice the settings he posted about that network, there is no encryption being used.

Look at the drawing I did - there are 2 routers in use here.. One that was his that had nothing on the wan interface and just provided a lan and wlan for his boxes. And then the GUEST hospital network.

Why would he want to share all his files with a guest network?? So yes it is currently a double nat, but since he does not control that internet router, and he had an isolated network before - this double nat protects his network from the guests, and still allows all his machines to get internet.

Which is again why I brought up to unbind microsoft networks and file and print sharing from the wireless interface he has on his server he enabled ICS with.

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='BudMan' timestamp='1361997423' post='595547884']
^ duh!!! no **** dude.. I clearly stated that in the drawing where I list the other machines as dhcp from "your" router. Again that drawing was before he enabled ICS.

What is the point your trying to make?

If he would of followed your advice

"since you have a NAT in place you just need to bridge the NIC & wireless. "

he would of placed all of his boxes on the 192.168.216 network that is shared with god knows who and is opened without any encryption.. That is NOT his wireless network that has internet, its the hospitals and is open to ANYONE at the hospital I would assume, if you notice the settings he posted about that network, there is no encryption being used.

Look at the drawing I did - there are 2 routers in use here.. One that was his that had nothing on the wan interface and just provided a lan and wlan for his boxes. And then the GUEST hospital network.

Why would he want to share all his files with a guest network?? So yes it is currently a double nat, but since he does not control that internet router, and he had an isolated network before - this double nat protects his network from the guests, and still allows all his machines to get internet.

Which is again why I brought up to unbind microsoft networks and file and print sharing from the wireless interface he has on his server he enabled ICS with.
[/quote]
Yes the wireless connection the OP has for Internet is a LAN IP which is NAT to a router for Internet so you ICS that you double NAT the connection which is why a bridge is better so you don't double NAT.

As for no encryption by wireless that pretty much makes using the internet unsafe anyway.

Share this post


Link to post
Share on other sites
  • 0

Posted

"why a bridge is better so you don't double NAT."

Clearly your NOT getting it, I have clearly explained the setup so I am not sure how else to go about it - yes it is a DOUBLE NAT! Because he does not control that Wireless network he is using for internet, and there are OTHER users on it!! I would have to assume a LOT, if they setup a /22 mask.

He has file shares on his SERVER that before where only shared with his boxes connected to his isolated router be it wired or wireless. So now he is leveraging the OPEN guest wireless network for internet access.. Why in the world would he want to use that network as his own via a bridge??

I agree with you double nat is normally not something you want to do.. But in this CASE, it is the best option because there could be hostiles on that 192.168.216.x/22 network. Now if he controlled that 216 network, and the clients that connected to it, and was ok with them having access to his shares, then sure bridge would be an option.

Yes if he so desired he could just bridge and let all his boxes get IPs from the UHGuest router - and now his boxes would be open to all the other possible 1000 other clients on that network.. You would hope that they atleast have Wireless Isolation on.. But if they did, then his wireless clients would not be able to talk to his other wireless clients.

This maintains his previous isolated network, while leveraging the GUEST network as path to the internet.

Share this post


Link to post
Share on other sites
  • 0

Posted

[font=Helvetica][size=3]
Oh wow OK so potentially others connected to the UHGUEST network could see the computers in our own CHR Network? I've secured our own wireless network "CHR Network" with a password so only we can access that. I'll look for an option to deselect file and printer sharing. Off the top of my head I can only ever remember seeing it under the "Set up a home or small office network" wizard.[/size][/font]
[font=Helvetica][size=3]
How would I go about finding what the DHCP range is for ICS as I'm not sure? I think I've observed computers being given random IP addresses rather than sequential ones. I'll check when I'm back in tomorrow though. Also, is there a DHCP client list I can view to see what computers are connected? Just in case we get an intruder that somehow finds the hidden wireless network and guesses the password. I'd also be interested in seeing the IPs of all the PCs on our small network.[/size][/font]
[font=Helvetica][size=3]
Oh OK so I see from that KB article that I can use the registry to change or see what the IP range is for ICS then so I'll take a peek at that as well. I'm pretty sure that the UHGUEST network pretty much blankets the whole of the hospital and is used by a LOT of people and clinical use as well. In fact I think it's cause upset with the company that run the bedside entertainment units but that's a whole different thing altogether which I dare not get involved with.[/size][/font]
[font=Helvetica][size=3]
There is a disclaimer before you start using the Internet as you have to log in through a hospital trust branded web page on 1.1.1.1 advising not to use credit card details etc. I'm just leaving the server logged in to that page to save others having to do it and I don't think they'd want everyone knowing the login details anyway.[/size][/font]
[font=Helvetica][size=3]
I'll get back to you all tomorrow once I'm there again as this is quite interesting now really![/size][/font]
[font=Helvetica][size=3]
Andrew.[/size][/font]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.