We are only providing Internet, and thus only want layer 3 traffic to pass between routers.
On Side A, we have a public IP on Ether1 (which goes to internet) and a private 192.168.70.1/24 IP on Wan1 which is in Ap Bridge Mode.
I have Nat Rule for Masq, out port Ether1
and a static route for 0.0.0.0/0 with a default gatway of my ISPs gw. (in same subnet as my public IP) Ether1 public IP
I have a static router for 192.168.190.0/24 with a GW of 192.168.70.2
On Side B
I set a private 192.168.70.2/24 IP on Wan1 which is in station Mode. and successfully connects to Side A, I can ping 192.168.70.1 just fine.
I have Nat Rule for Masq, out port Wan1.
I have DHCP server running on port Ether1 (which is uplinked to a switch) and which hands out private IP address in the 192.168.190.100-200 range. GW: 192.168.190.1
I also have a ip of 192.168.190.1 on ether1
\
NO BRIDGES ANYWHERE
This should work right? Just to provide internet to those 192.168.190.100-200 computers-
I had all this working and i’ve messed it up some how, as one night it quit working, but the wireless link is fine, so before i do a reconfig from scratch i want to make sure my layout is right.
if this is clean enough i’ll submit to to the wiki as a layer 3 bridge as they already have a transparent WDS based bridge how to in there
whats the difference between the WDS and your case ? when should we use WDS or follow your natted setup , is there any different in throughput ? performance ?
There are certinly some advantages, and think there will be a def. preformance boost as you can do this with NO bridges, which tax the memeory, bus, and cpu of the router. (plus u will be using the radios to repeate layer 2 broadcast traffic as well, with WDS)
But more importantly i need some pro, ect.. to verifiy my config at the top and if that should work for a Layer3 IP only, internet access only wireless bridge.
i just read the jo2jo post. I’m confused all the network is routing then why are we saying bridging. Why there is natting at the first network tht network could easily be routed to final gateway and natted there. There is no need to nat it to 70.x network then to final gateway and natted again. Simply put the rout of 190.x network on the final gateway. Just saves when u r dnatting.
just a suggestion
Everything looks fine in this configuration.. One thing I believe is redundant is the multiple masquerading rules.
RouterA
WAN: public IP
LAN: 192.168.70.1/24
RouterA Routing table:
DST-NET Gateway
AS 0.0.0.0/0 ISP_GW
AS 192.168.190.0/24 192.168.70.2
DAC 192.168.70.0/24
Masquerading should be enabled on RouterA with a src-address of 192.168.0.0/16 (This will masquerade all networks including the routed ones as long as they using a 192.168.. subnet)
If you have masquerading enabled on RouterB you’re doing NAT twice, which is unnecessary, but really shouldn’t hurt anything. RouterB if the WAN interface is a wireless interface should be in “station” mode. As long as the correct routes are in place this will work fine.. Basic Networking/Routing 101.
You could do this without routing by using station-wds and transparently bridging the traffic. Whether or not that is a better idea depends on how many users you’re dealing with and a few other factors.
jo2jo:
It sounds like you may have an ARP issue, check to see that the arp entry in routerA still shows 192.168.70.2 mapped to the correct MAC address. It could be theres another device set to the same IP address. You could also create a static ARP entry on routerA so that it can’t be overridden by another user.
yes! jo2jo I don’t understand what you want because bridge=layer2 and layer3 has nothing to do with bridges. if you don’t need layer2 bridges then you do routing. please clarify your issue, nobody seems to get it.
normis, you are the only one having trouble understanding this. every other reply had no problems. and read the entire topic…bridge without WDS, and only layer 3, ok maybe its not a true bridge…thanks.
anyway, I will try eliminating the 192.168.70.0 network i made and routing the 192.168.190.0/24 to Side A, and just run the DHCP server for those IP’s on Side B.
So far IP communications worked through the night with the addition of the static ARP entries.
I’ll report back.
tks
EDIT: I was able to remove the Masquerading rule on Side B, but i still need the 192.168.70.0 private network on the wireless interfaces of each side. The reason is that Computers with 192.168.190.0/24 address, connected to SIDE B, via a swtich, must have a Gateway in their subnet, or else a bridge would be required, which im not doing. Im pretty sure that private (.70.0/24) network between the two sides is required. It could obvioulsy be much smaller like a /29 but who cares..
