Best Practice for network / internet connection

Loboexe · March 26, 2018, 2:19pm

Does this sound like it would work?

I have a 4 port NIC with ports IF/01 to IF/04 installed in a Netserver.

I make my GREEN LAN (via a pair of Netgear switches trunked together) connected IF/04 and the LAN network to be 10.0.4.*0. All cabled computers and devices would be given either a fixed 10.0.4 IP or get a DHCP address from Nethserver. The default gateway would be set to 10.0.1.1

Connect my ISP router directly to the RED interface IF/01 on my Nethserver and configure it to be the default gateway 10.0.1.254 and set the RED interface on the card to be 10.10.1.1

I have disabled WiFi on the ISP router. I provide WiFi with a second router home TP-Link router is used for WiFi only. This way WiFi traffic does not bypass my FW, IDS and AV etc on the Nethserver.

By connecting the WAN side of this router to IF/03 on the NIC and configuring this to be a second GREEN LAN on a 10.0.3.0 network with the gateway as 10.0.1.1, WiFi devises connect to the LAN side of the TP-Link on 10.0.3.xxx and pass through the Nethserver and all the AV, IDS, FW etc to the internet just the same as the normal Ethernet LAN does

My last interface IF/02 will be for a DMZ VLAN created on my switches as 10.0.2.xxx but that will be later on when I get the rest working.

The last bit of this puzzle will be to allow devices in either GREEN LAN’s to be able to access nodes in the other LAN. I have a WiFi printer, it would be nice to be able to print to that from the main LAN, I have backup storage on the Nethserver, it would be nice for the laptops to be able to access that from the WiFi LAN

Good or bad design ?

m.traeumner · March 27, 2018, 10:40am

The gateway for your clients should be the green lan. The Internet traffic (http and https) is automaticaly routed to the red lan.

robb · March 27, 2018, 10:49am

This part is not clear.
You use a different subnet to connect your WIFI AP. This means that you need to add a DHCP scope in that subnet. If you need any combined resources (for intance a network printer) will have a problem for either your cabled clients or your wifi clients.

I would suggest to put your TP-Link router in AP mode and connect it with a LAN port (not the WAN port) to a switch on the same subnet as your cabled clients. Also disable DHCP on your TP-Link router. Then your wifi clients and your cabled clients will share the same subnet and resources and all with get their IP from NethServer DHCP.

Loboexe · March 27, 2018, 11:39am

Hi This was the bit I was not sure about,

Yes, I separated my WiFi subnet from my LAN.

As I said using my ISP router for both would allow WiFi traffic out without passing the Nethserver.

So one port of my ISP router switch is currently connected to a Netgear switch and everything else that has an ethernet cable is also on that switch, so currently, the Nethserver is bypassed.

I want to set the Nethserver between the Netgear switch and the ISP router, turn off the FW on the router and switch over to all the goodness that the Nethserver can give me.

Then I want to get the WiFi traffic working as well but I am not sure this router has an AP mode.

It seems very insistent that the gateway address of the WAN has to be on the same subnet and the LAN subnet it has to be a different subnet, OK this is normal, but you cannot give it a gateway address it will only go via the WAN and I can see nothing about an AP mode only.

It has been running as described with the WAN port of the router connected back to my switch and on the same subnet as the rest of it 192.168 1.x with it’s gateway set to the IP of the ISP router, and the WiFi subnet set as 192.168.0.x.

This work OK, but of course, the two networks are completely distinct and one cannot get to the other.

So my plan was,

1
Configure the GREEN LAN connection to the Switch and the RED LAN connect to the ISP router so the Nethserver was in the middle. Set all nodes to use the Nethserver as the gateway address. This would make all Ethernet LAN traffic pass through the Nethserver.

2
Connect the WAN from the second WiFi Router to another port on the Nethserver NIC with the gateway set as the Nethserver IP, then the router bit of Nethserver would make all WiFi traffic pass through the Nethserver and out to the ISP.

This still leaves the WiFi and the Ethernet as two separate LAN’s but was hoping that I could configure the Nethserver to allow two-way communications between the two

If this will not work I may have to end up buying just a AP device and replacing the TP-Link router.

robb · March 27, 2018, 11:42am

Then you should change your setup a bit. Connect NethServer directly to your ISP router with RED interface and connect the switch to your LAN/Green interface. Then you can connect the AP with a LAN port (not WAN port) to the switch and you are set… Make sure you configure you TP-Link router as Accesspoint and deactivate DHCP server on it.