From owner-freebsd-questions@freebsd.org Wed Feb 15 03:53:34 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 721FFCDF973 for ; Wed, 15 Feb 2017 03:53:34 +0000 (UTC) (envelope-from Olivier.Nicole@cs.ait.ac.th) Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EA880127 for ; Wed, 15 Feb 2017 03:53:33 +0000 (UTC) (envelope-from Olivier.Nicole@cs.ait.ac.th) Received: from mail.cs.ait.ac.th (localhost [127.0.0.1]) by mail.cs.ait.ac.th (Postfix) with ESMTP id 2113CD7882; Wed, 15 Feb 2017 10:53:23 +0700 (ICT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.ait.ac.th; h= content-type:content-type:mime-version:message-id:date:date :in-reply-to:subject:subject:from:from:received:received :received; s=selector1; t=1487130802; x=1488945203; bh=s/Q1riTai 1rm5AFjMLrECU70DV/pRI68l0QP4+wr/jk=; b=AnylDidrRoImDpcM4riLmXu82 UX4YSzZEesbdbEabVlwCucv1A1ttpsE1CmpJJqdrw5H9S46eMk0NIqQjrjjjoc+9 oqaPihSHadfDMW6p3imJodRLOukVCrPvY8cXIdq2awJI/pb6IY3Je40eJ01MQE8A pDPPaRDOZYmyP9pnCc= X-Virus-Scanned: amavisd-new at cs.ait.ac.th Received: from mail.cs.ait.ac.th ([127.0.0.1]) by mail.cs.ait.ac.th (mail.cs.ait.ac.th [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 5RZbhfeBIWOd; Wed, 15 Feb 2017 10:53:22 +0700 (ICT) Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.cs.ait.ac.th (Postfix) with ESMTPS id A4F02D7881; Wed, 15 Feb 2017 10:53:22 +0700 (ICT) Received: (from on@localhost) by banyan.cs.ait.ac.th (8.15.2/8.15.2/Submit) id v1F3rMEj033902; Wed, 15 Feb 2017 10:53:22 +0700 (ICT) (envelope-from on@banyan.cs.ait.ac.th) From: Olivier To: Ernie Luzar Cc: freebsd-questions@freebsd.org Subject: Re: linksys router behind gateway not working In-Reply-To: <58A3185B.7020606@gmail.com> (message from Ernie Luzar on Tue, 14 Feb 2017 09:46:51 -0500) Date: Wed, 15 Feb 2017 10:53:22 +0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Feb 2017 03:53:34 -0000 Ernie, > I am running 11.0 on my gateway system. It has a small LAN behind it. > This gateway host has ipfilter firewall and a dhcp server. The LAN is > cabled from the host to a switch and from the switch to each PC on the > LAN. I added a cable from the switch to a linksys wifi router. I can get > wifi and cable connection to the router but no connection to the public > internet through the LAN. The dhcp server lease file shoes a lease for > the router. I can see this ip address in the router's internal > configuration. > > Is the problem because the router NATs it's issued ip address and then > the host gateway system NAT's it again? As others said, you give too few details. >From what I guess, you do NAT behind NAT. While it works in theory, it is not the best or fastest solution, you have to make sure your two NAT subnets are disjoints, etc. It is also better to use a static IP address for your WiFi router. As it was mentioned, you should be able to configure your WiFi router as a router or as a bridge. if the device has one yellow Ethernet port and several blue ports, use a blue port to connect to the main switch, disable DHCP and you are in. If your device has only one Ethernet port, you must make that choice at configuration level. Advantages of using bridge mode are that you only have one NAT level, all the clients on your network are equivalent, being on the LAN or on the WiFi, they show the same at the gateway (would you need some kind of authentication, debugging, whatelse), they get the same IP address range, etc. You only have to maintain one DHCP server at the gateway... Think the bridge mode like a WiFi switch. Best regards, Olivier