Wireless LAN under W2k?

Hi everybody. I'm having a little difficulty setting up a wireless
network and am wondering if anybody might be able to point out what
I'm doing wrong, or possible workarounds.

I have a server at work, currently with this configuration - ADSL
Internet, going into one ethernet card on a system running Windows 2k
server, and a second ethernet card which I then run out to a 20 port
hub. Basically :

INTERNET ---> SERVER ---> 20 PORT HUB

Everybody plugging into the hub has access to the network domain on
the server, as well as the Internet. My boss came to me yesterday and
asked me to put a wireless router in, so it would be :

INTERNET ---> SERVER ---> WIRELESS ROUTER

It's a Linksys WRT54G I believe. When I plug the router into the 2nd
ethernet port, it gets an IP address just fine from the DHCP server
running on the server. I am able to wirelessly connect to the router
on a laptop I have with no problem, getting an IP address from the
router's internal DHCP server. But there doesn't seem to be any
communication coming out of the router. I can ping the router from
the laptop with no problem, but not the server. From the server, I
can ping the router but of course not the connected laptop. The
communication stops there at the router. I have tried with the
router's DHCP server both on and off, as well as giving the wireless
router a static IP. I suspect the problem is some sort of routing
issue, but I'm not sure if it's on the server I need to make the
change, or the router itself.

I do realize I could probably put the router inbetween the Internet
connection and the server and avoid most of these problems, but I
would prefer that the communication goes through the server and not
directly out to the Internet (file sharing is disabled on the incoming
ethernet port, but enabled on the LAN port). Is this a reasonable
expectation? Or am I trying to do something completely stupid here?
Any help you can provide would be greatly appreciated!

And I am *not* a certified MCSE professional, so please take that into
consideration if you are going to try to give me any instructions on
doing any serious router or server settings

Mtty

Mtty

In news:,
Mtty <> typed:
> Hi everybody. I'm having a little difficulty setting up a wireless
> network and am wondering if anybody might be able to point out what
> I'm doing wrong, or possible workarounds.
>
> I have a server at work, currently with this configuration - ADSL
> Internet, going into one ethernet card on a system running Windows 2k
> server, and a second ethernet card which I then run out to a 20 port
> hub. Basically :
>
> INTERNET ---> SERVER ---> 20 PORT HUB

I wouldn't use this config - it's dangerous and I think a bit clumsy. NAT
alone is not enough, and even a simple consumer-grade router/firewall would
help protect your network - they're inexpensive enough.
>
> Everybody plugging into the hub has access to the network domain on
> the server, as well as the Internet. My boss came to me yesterday and
> asked me to put a wireless router in, so it would be :
>
> INTERNET ---> SERVER ---> WIRELESS ROUTER
>
> It's a Linksys WRT54G I believe. When I plug the router into the 2nd
> ethernet port, it gets an IP address just fine from the DHCP server
> running on the server. I am able to wirelessly connect to the router
> on a laptop I have with no problem, getting an IP address from the
> router's internal DHCP server. But there doesn't seem to be any
> communication coming out of the router. I can ping the router from
> the laptop with no problem, but not the server. From the server, I
> can ping the router but of course not the connected laptop. The
> communication stops there at the router. I have tried with the
> router's DHCP server both on and off, as well as giving the wireless
> router a static IP. I suspect the problem is some sort of routing
> issue, but I'm not sure if it's on the server I need to make the
> change, or the router itself.
>
> I do realize I could probably put the router inbetween the Internet
> connection and the server and avoid most of these problems, but I
> would prefer that the communication goes through the server and not
> directly out to the Internet

Why? Unless you're running some kind of proxy server on this box, you aren't
really gaining anything by this config.

> (file sharing is disabled on the incoming
> ethernet port, but enabled on the LAN port). Is this a reasonable
> expectation? Or am I trying to do something completely stupid here?
> Any help you can provide would be greatly appreciated!

I don't like turning a Windows box with other roles into anything
approaching a router, myself. I would probably invest in a better quality
firewall (Sonicwall, Watchguard, Pix, whatnot) and stick it between your
Internet modem and network. Then get a wireless *access point* (not a
router) that can handle at least WPA for security, and plug it into the hub
(although a switch would be a lot better, and they're inexpensive these days
too).
>
> And I am *not* a certified MCSE professional, so please take that into
> consideration if you are going to try to give me any instructions on
> doing any serious router or server settings
>
> Mtty

Lanwench [MVP - Exchange]

>alone is not enough, and even a simple consumer-grade router/firewall would
>help protect your network - they're inexpensive enough.

I only inherited this part of the job as I was the only one there who
seemed to have a clue about networking (or computers in general for
that matter). My actual job at the company is something completely
unrelated. It's one of those "We'd appreciate it if you could do
this, but don't expect to get paid any more for doing it" kinds of
things. When I first started at this company four years ago, there
were roughly 35 machines, and two of them were running anti-virus
software... that was two years out of date. So needless to say, I had
problems with things there right from the beginning ("Windows Update?
What's that?"). Money is not spent on hardware, until there's a
problem (and believe me, there have been some big ones). But this
router thing is a different issue that has come up, and I am just
looking for the best way to do it.

I actually did manage to convince them to let me buy a router the
other day to put in between the 'Net and the servers (we have 2), I
just haven't gotten around to installing it yet.


>Why? Unless you're running some kind of proxy server on this box, you aren't
>really gaining anything by this config.

Basically this machine is going to be used for finances, and at a
different location than it is at now. I'm just setting it up now for
us to do some training with the new accounting software that the
company is going to be using soon. This won't be a permanent
installation, at least not in this config.

When my boss first asked me to do this, I didn't think it was going to
be all that difficult. But as I was setting things up, I began to
think that I would have some problems getting the router to act just
as a hub. I was speaking to someone else about it, and he also
thought that it was probably trying to make it work in a way it wasn't
intended. But I decided I'd give it a try to see if it could be done
and if not, I'd do some searching on the 'Net for a solution (or just
toast the idea completely)


>Internet modem and network. Then get a wireless *access point* (not a
>router) that can handle at least WPA for security, and plug it into the hub

Yeah, I never really did think a router was the best thing for this
setup, I just thought I might be able to get it to work at least
temporarily. Worse comes to worse, I'll just plug the secondary
computer into the hub and say screw it. As I said, it's not the final
setup, and once it's out of our office it's someone else's
responsibility to look after, not mine I will have a look into
wireless 'access points', and suggest those to my boss as the proper
solution to this if he insists on a wireless setup. Thanks for the
reply Lanwrench!

Mtty

Mtty

(PeteCresswell) wrote:

> Per Lanwench [MVP - Exchange]:
>> Then get a wireless *access point* (not a
>>router)
>
> This tangential, but do you know if a LinkSys Access Point/Router can
> be config 'd somehow so that it's only an access point?
>
> I was unaware of the distinction when I bought this thing and already
> have a firewall/router - and spent quite a few man hours trying to
> chain the new device
> to the existing router. Finally gave up and just use the new box as
> both a router and an access point - but I'd still like to revert to
> the firewall/router and hang the new device on it as just an access
> point.

Yes. There are instructions on Linksys' support site on how to use a
router as a wireless access point. I know it works because I did this
for a client who already had a router. Here's the link:

http://tinyurl.com/7tv9p

Malke
--
MS-MVP Windows User/Shell
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic"

Malke

why dont you just use the linksys router you bought, install it between
your adsl modem and your server, (make sure you set it up with wpa
security) and that way you can take advantage of the NAT properties for
security for all of the computers behind it on the lan. and you can
continue to use the existing wired network you already have. and you
will have added an access point. just a sugestion.

Mike Roberts

Per Lanwench [MVP - Exchange]:
> Then get a wireless *access point* (not a
>router)

This tangential, but do you know if a LinkSys Access Point/Router can be config
'd somehow so that it's only an access point?

I was unaware of the distinction when I bought this thing and already have a
firewall/router - and spent quite a few man hours trying to chain the new device
to the existing router. Finally gave up and just use the new box as both a
router and an access point - but I'd still like to revert to the firewall/router
and hang the new device on it as just an access point.
--
PeteCresswell

(PeteCresswell)

Per Mike Roberts:
>why dont you just use the linksys router you bought, install it between
>your adsl modem and your server, (make sure you set it up with wpa
>security)

Thats what I am doing at this moment - unable to make Plan B work...

I know next to nothing about this stuff, but it just seemed like a good idea to
have the access point on the other side of my firewall from the PC.

Seems like with that config if somebody comes up with a usable crack for a
63-byte WPA passphrase, the PC isn't exposed - albeit I'm still exposed to the
wrath of my IP if/when somebody pumps a load of spam up the connection.
--
PeteCresswell

(PeteCresswell)

(PeteCresswell) wrote:
> Per Mike Roberts:
>
>>why dont you just use the linksys router you bought, install it between
>>your adsl modem and your server, (make sure you set it up with wpa
>>security)
>
>
> Thats what I am doing at this moment - unable to make Plan B work...
>
> I know next to nothing about this stuff, but it just seemed like a good idea to
> have the access point on the other side of my firewall from the PC.
>
> Seems like with that config if somebody comes up with a usable crack for a
> 63-byte WPA passphrase, the PC isn't exposed - albeit I'm still exposed to the
> wrath of my IP if/when somebody pumps a load of spam up the connection.

go and check out this site. ( http://www.grc.com/securitynow.htm ) it is
hosted by one of the leading internet security guys, steve gibson.
listen to episodes #11, #13 and part of #14. he will set your mind at
ease on wpa passphrase vounrability.
and as i said before, you will be better off with the router in front of
the LAN to take advantage of its own security properties. read this
article and you will see what i mean. http://www.grc.com/nat/nat.htm

One of the key benefits of NAT routers (and the main reason for their
purchase by residential and small office users) is that the router
appears to the Internet as a single machine with a single IP address.
This effectively masks the fact that many computers on the LAN side of
the router may be simultaneously sharing that single IP.

Mike Roberts

> I think my non-WiFi LinkSys BEFSX41 is a NAT router - at least it has an NAT
> Enable/Disable option on the Setup|Advanced Routing page.

Network Address Translation is how home Cable/DSL routers work, there
is no turning on and off.

Mike Roberts

Per Mike Roberts:
>go and check out this site. ( http://www.grc.com/securitynow.htm ) it is
>hosted by one of the leading internet security guys, steve gibson.
>listen to episodes #11, #13 and part of #14. he will set your mind at
>ease on wpa passphrase vounrability.

Jeff Duntemann'a "Wi-Fi Guide 2nd Edition" already did a pretty good job of that
for me, but I'm thinking 5 years down the pike...when PCs will be running
who-knows-how-many MIPs and all those really-smart-but-a-little-perverted people
out there have had some time to study the "interesting packets" phenom vis-a-vis
WPA.... and I've become so senile that I don't even remember that I *have* a
router/firewall.


>and as i said before, you will be better off with the router in front of
> the LAN to take advantage of its own security properties. read this
>article and you will see what i mean. http://www.grc.com/nat/nat.htm

That's a nicely-written page. Thanks.

I think my non-WiFi LinkSys BEFSX41 is a NAT router - at least it has an NAT
Enable/Disable option on the Setup|Advanced Routing page.

OTOH, I don't see anything specific on the WireLess LinkSys WRT54G's setup pages
- which may reaffirm my notion to put the BEF between the PC and the DSL modem
and hang the WRT off to the aide. OTOOH the WRT is touted as also having
"FireWall" capability...
--
PeteCresswell

(PeteCresswell)