LAN and WAN interfaces on the same network (DMZ)

Got problems with your B2 or B3? Share and get helped!
Post Reply
victor
Posts: 9
Joined: 01 Feb 2011, 07:04

LAN and WAN interfaces on the same network (DMZ)

Post by victor » 01 Feb 2011, 07:15

Hi,

I am a new happy owner of a B3 and I am facing my first network configuration question.

My network has this very simple topology:

Code: Select all

net --- router --- lan
For now, I plugged my b3 on the lan port on the lan of the network, next to all the other computers plugged by ethernet or by wifi.

I have the opportunity to configure a "DMZ IP" on my router, that will forward all the incoming traffic to this particular IP. This IP has to be on the lan network.
Now my question is the following:
Can I plug at the b3 both on his LAN and WAN port on the lan network, and have it behave the same as if I was using it as a router.
Of course without routing, but I am more talking in term of security and open ports and the way it handle requests from inside and outside… !

If yes, is there some specific configuration to check before?

Thank you!

Victor

Binkem
Posts: 388
Joined: 10 Jul 2008, 02:26

Re: LAN and WAN interfaces on the same network (DMZ)

Post by Binkem » 01 Feb 2011, 09:40

And connecting your Bubba directly to the net, in front of the router isn't an option?:

Internet <=> Bubba <=> Router <=> LAN

That would forego having top route all network traffic through your router to Bubba.

victor
Posts: 9
Joined: 01 Feb 2011, 07:04

Re: LAN and WAN interfaces on the same network (DMZ)

Post by victor » 01 Feb 2011, 09:47

Sadly no, the router is a modem/router that handle also my phone line, tv, wifi, etc…
So the only thing I can do is to plug it behind.

I think I will just try to see if it works and check firewalling, I was hoping someone had some insight about it and ideas of where to check if there was some tweaking to do :)

Thanks!

Cheeseboy
Posts: 789
Joined: 08 Apr 2007, 12:16

Re: LAN and WAN interfaces on the same network (DMZ)

Post by Cheeseboy » 01 Feb 2011, 14:25

Yes you can:

Code: Select all

net --- router --- b3 WAN port [b3] b3 LAN port --- lan
But if you plug both the wan and the LAN ports into the switch, that isn't what you are doing...

Binkem
Posts: 388
Joined: 10 Jul 2008, 02:26

Re: LAN and WAN interfaces on the same network (DMZ)

Post by Binkem » 01 Feb 2011, 15:07

The problem may be that victor also wants to use his router as a switch. I think the problem may be that bubba's wan and lan ports may not be on the same subnet.

victor
Posts: 9
Joined: 01 Feb 2011, 07:04

Re: LAN and WAN interfaces on the same network (DMZ)

Post by victor » 01 Feb 2011, 16:03

Binkem wrote:The problem may be that victor also wants to use his router as a switch. I think the problem may be that bubba's wan and lan ports may not be on the same subnet.
Yes, it is exactly that?

For now, what I did is that I configured the B3 as Router/Server/Firewall and then I changed the configuration of the lan interface so that it gets its address by dhcp (I first needed to change the conf by hand in /etc/network/interfaces to be able to have the good ip address to be able login in the web interface with admin).

And it seems to work quite well, from outside it seems to behave as it should with respect to the firewall configuration and from inside all the activated services are visible!

victor
Posts: 9
Joined: 01 Feb 2011, 07:04

Re: LAN and WAN interfaces on the same network (DMZ)

Post by victor » 13 Aug 2011, 18:14

Hi,

For the record I finally found a solution for this problem.

Short answer is that ARP is answering for all IP on all interfaces, so other computers are confused, this should be set in syctl to prevent it:

Code: Select all

net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
More explanations there: http://serverfault.com/questions/22253/ ... 0648#30648

Cheeseboy
Posts: 789
Joined: 08 Apr 2007, 12:16

Re: LAN and WAN interfaces on the same network (DMZ)

Post by Cheeseboy » 14 Aug 2011, 06:10

Thanks a bunch for letting us know!

"Who has 192.168.10.1?
I do!
I do!"

pcrene
Posts: 305
Joined: 17 May 2008, 15:49

Re: LAN and WAN interfaces on the same network (DMZ)

Post by pcrene » 14 Aug 2011, 10:52

Hello

I did this too

Both ports of the b3 connect to the router. Wan port of the b3 is connected through port forwarding in the router to the outer world (email, web, download, ..) the lzn port is used by the media players as i need al the bandwidth the lan port for hd streaming. Works fine.

Rene
B3 1T + B-Stor 2T, B2 1T as backup
40 users active....
Opensat4all.Com

Post Reply