The 4-port router connects to a 24-port, 1GB switch via a single cable. LTwo cables go from the switch to the proxy server, one to each NIC ("inside" and "outside").

As I understand routers, the only routing that takes place is between the LAN ports and the WAN port, right? So only traffic headed for the internet would be routed. Local traffic is switched by the router between the LAN ports. Since all the PC devices are on the 10.0.0.x subnet, it should just be switched from one of the router's LAN ports to another. In the case of internet traffic from a PC device (whose gateway is 10.0.0.1) that is connected to the router's LAN port, it should end up at the proxy server's "inside" NIC. Other PC devices are connected directly to the 1GB switch and don't go through the router. All of these devices work fine.

The two that do not work fine connect to the AP wirelessly, and the AP in turn is connected to a router LAN port, which seems to me like other PC devices that are connected to one of the router's LAN ports.

Tom Jedrzejewicz wrote:
On Jan 20, 2008 12:35 PM, Peter Dow (ML) <maillist@xxxxxxxxxxxxxxx> wrote:

My initial idea was #2, but would've required stringing another cable
from the router to the 1GB switch, which I was trying to avoid.

I am confused .. the router connects only to the "outside" NIC on the
proxy server, and the switch connects to the "inside" NIC of the proxy
server.

If I can figure out how to do #1, that sounds like the best solution.
Looks like I can "Block Services" for all IP addresses except one; I'll
give that a try. I'd still like to understand why the AP doesn't work,
but at this point I want to get it working.

I am pretty sure that it doesn't work because neither the Netgear nor
the switch will properly route the traffic between the various
subnets.

Regarding your soapbox comments, I'll look into it. From my limited
understanding, firewalls protect against incoming attacks; and in this
situation the intent is to be able to log who visits what websites, and
to block certain websites, which is what the proxy server is doing.

Firewalls are for controlling traffic, in both directions, not just
for preventing intrusions.

Although recently the Netgear router has been logging DOS attacks in the
form of ACK scans from Akamai Technologies, ... <<snip>>

Once the proxy server is working and is the only outbound device
allowed, you will be able to definitively deal with this.

Good luck.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.