Jump to content
Posted 27 February 2013 - 15:14
Posted 27 February 2013 - 15:22
Posted 27 February 2013 - 19:18
That is what the OP has done ICS is handing out IP's with a gateway IP to ICS double NAT with wireless.
I would also double check what the dhcp scope of ICS is -- make sure it doesn't have the ability to hand out 192.168.0.254...
Posted 27 February 2013 - 19:40
Posted 27 February 2013 - 20:27
Posted 27 February 2013 - 20:37
Posted 27 February 2013 - 20:51
Yes the wireless connection the OP has for Internet is a LAN IP which is NAT to a router for Internet so you ICS that you double NAT the connection which is why a bridge is better so you don't double NAT.
^ duh!!! no **** dude.. I clearly stated that in the drawing where I list the other machines as dhcp from "your" router. Again that drawing was before he enabled ICS.
What is the point your trying to make?
If he would of followed your advice
"since you have a NAT in place you just need to bridge the NIC & wireless. "
he would of placed all of his boxes on the 192.168.216 network that is shared with god knows who and is opened without any encryption.. That is NOT his wireless network that has internet, its the hospitals and is open to ANYONE at the hospital I would assume, if you notice the settings he posted about that network, there is no encryption being used.
Look at the drawing I did - there are 2 routers in use here.. One that was his that had nothing on the wan interface and just provided a lan and wlan for his boxes. And then the GUEST hospital network.
Why would he want to share all his files with a guest network?? So yes it is currently a double nat, but since he does not control that internet router, and he had an isolated network before - this double nat protects his network from the guests, and still allows all his machines to get internet.
Which is again why I brought up to unbind microsoft networks and file and print sharing from the wireless interface he has on his server he enabled ICS with.
Posted 27 February 2013 - 21:02
Posted 27 February 2013 - 21:42
Posted 27 February 2013 - 22:05
Posted 27 February 2013 - 23:25
Posted 28 February 2013 - 00:28
So setup a VPN on the server for access to the file shares or use a firewall or get another box to do the wireless and NIC bridge with ACL switch to block access to file shares ports or get some more bad boys so that wireless for internet wired for file shares or add another NIC in the PC's and another switch for file shares and the other NIC for internet on the other switch with the server doing the bridge with one NIC and wireless and another NIC for the file shares.
Clearly your NOT getting it, I have clearly explained the setup so I am not sure how else to go about it - yes it is a DOUBLE NAT! Because he does not control that Wireless network he is using for internet, and there are OTHER users on it!! I would have to assume a LOT, if they setup a /22 mask.
He has file shares on his SERVER that before where only shared with his boxes connected to his isolated router be it wired or wireless. So now he is leveraging the OPEN guest wireless network for internet access.. Why in the world would he want to use that network as his own via a bridge??
I agree with you double nat is normally not something you want to do.. But in this CASE, it is the best option because there could be hostiles on that 192.168.216.x/22 network. Now if he controlled that 216 network, and the clients that connected to it, and was ok with them having access to his shares, then sure bridge would be an option.
Yes if he so desired he could just bridge and let all his boxes get IPs from the UHGuest router - and now his boxes would be open to all the other possible 1000 other clients on that network.. You would hope that they atleast have Wireless Isolation on.. But if they did, then his wireless clients would not be able to talk to his other wireless clients.
This maintains his previous isolated network, while leveraging the GUEST network as path to the internet.
Posted 28 February 2013 - 06:47