Hi Tom,

The Netgear WGT624 router doesn't appear to have anything in its setup for VLANs unless it's under some other name. The Netgear documentation isn't the greatest in the world.

My initial idea was #2, but would've required stringing another cable from the router to the 1GB switch, which I was trying to avoid.

If I can figure out how to do #1, that sounds like the best solution. Looks like I can "Block Services" for all IP addresses except one; I'll give that a try. I'd still like to understand why the AP doesn't work, but at this point I want to get it working.

Regarding your soapbox comments, I'll look into it. From my limited understanding, firewalls protect against incoming attacks; and in this situation the intent is to be able to log who visits what websites, and to block certain websites, which is what the proxy server is doing. Although recently the Netgear router has been logging DOS attacks in the form of ACK scans from Akamai Technologies, which I've reported to the abuse email addresses listed in the DNS info, and was informed that it's legitimate traffic caused by users viewing one of their websites, and that I should tweak the logging alerts on my network. That doesn't seem reasonable given that at this moment no one is at the school, yet I'm still getting log entries saying we're getting these DOS attacks from a differnent IP address every 20 seconds, and all of the IP addresses are owned by Akamai Technologies. But that's another problem.

Thanks for your help! I'll let you know how it turns out.

*Peter Dow* /
Dow Software Services, Inc.
909 793-9050
pdow@xxxxxxxxxxxxxxx <mailto:pdow@xxxxxxxxxxxxxxx> /

Tom Jedrzejewicz wrote:
What you are trying to do is setup several "virtual" LANs (aka VLANs)
over the same physical LAN. I doubt that the Netgear "router" can
route between different ports on it's LAN switch. I suspect that it
expects all of the devices plugged into the LAN switch to be on the
same subnet. Lots of switches support VLANs, including perhaps the
one you have, but it needs to be configured. Check out the manual for
the switch.

#1 -- You may be over complicating this. What if you put all the
devices on the same subnet, and tell the Netgear router to only allow
outbound internet traffic from the proxy server? The proxy server only
needs 1 NIC and IP address, and everything is clean.
---> This is how I have our several hundred node network setup,
although we have a good firewall rather than a Netgear DSL router.

#2 -- An alternative .. don't connect anything but the proxy server to
the internet. I am kind of wondering why you didn't do this to begin
with.
DSL -> NetGear (10.1.1.1) -> (10.1.1.2) proxy server (10.0.0.1) ->
switch -> internal network

Finally ..
<SOAPBOX>
Suck it up .. if the company is big enough to have a "campus", it
should be big enough to have a good, solid firewall rather than a home
DSL router protecting it's network. SonicWall makes great products
that aren't that expensive.
</SOAPBOX>

Good luck!

On Jan 18, 2008 2:43 PM, Peter Dow (ML) <maillist@xxxxxxxxxxxxxxx> wrote:
Hi Everyone,

I'm not a network expert, and I have the following setup:

DSL modem connects to Netgear router which has a static IP address of
10.1.1.1. Three of the NG router's 4 LAN ports are connected to a 1GB
switch, a Netgear wireless access point (static IP address of 10.0.0.5)
, and a fiber optic transceiver that connects to another campus. The
proxy server PC has two network interface cards (NICs), both connected
to the 1GB switch. The proxy server NICs have static IP addresses of
10.1.1.2 and 10.0.0.1. PCs on the LAN specify the proxy server
(10.0.0.1) as their gateway, DNS server and proxy server.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.