The macosxhints Forums
Page 2 of 2 1 2
Show 100 post(s) from this thread on one page

The macosxhints Forums (http://hintsforums.macworld.com/index.php)
-   Networking (http://hintsforums.macworld.com/forumdisplay.php?f=14)
-   -   How do I set up a dual-band Airport network? (http://hintsforums.macworld.com/showthread.php?t=75952)

NovaScotian 08-07-2007 12:47 PM
Alas, one of the machines is a PC.:(

tlarkin 08-07-2007 04:17 PM
Quote:
Originally Posted by NovaScotian (Post 399237)
Alas, one of the machines is a PC.:(
what OS is on the PC?

displaced 08-07-2007 04:55 PM
Quote:
Originally Posted by displaced (Post 399152)
If I figure anything out, I'll post back!
Getting there!

I've been messing with natd and ipfw on the Mac Mini. Here's the config so far...

192.168.0.x network
- AirPort Express at 192.168.0.1 - gateway to internet
- Mac Mini connected using AirPort

192.168.10.x network
- Mac Mini using Ethernet at 192.168.10.1
- D-Link connected using Ethernet to Mac Mini at 192.168.10.254
- PSP, Nintendo DS, etc. connecting to D-Link, getting a 192.168.10.x IP via DHCP from the D-Link.

The Mac Mini's set up as so:

- ip.forwarding sysctl enabled
- ipfw rule added to send incoming packets from the ethernet card to the natd service
- natd configured to translate 192.168.10.x-sourced packets to appear to come from 192.168.0.x network.

This means that devices on the 192.168.10.x network can talk to the 0.x network. If those devices have their gateway set to the AirPort's address (192.168.0.1), then they can talk to the internet.

Now, I need to insert some ipfw rules before the natd rule. These need to look at all packets arriving on the ethernet port and check where they're headed to. If they're headed to any 192.168.0.x IP other than the AirPort, it should reject them.

Cool!

(by the way, I think I'll alert a moderator to this thread -- I think maybe its a candidate for splitting out some posts into another thread!)

(edit: no I won't! Just read on the 'alert' page that it's for reporting spam or abuse only. I guess I'm used to the macrumors forums where 'alert' is also used for housekeeping!)

(edit again: it's working!

My ipfw ruleset on the mini looks like:

00500 divert 8668 ip from any to any via en1
00501 allow ip from 192.168.10.0/24 to 192.168.0.1
00502 deny ip from 192.168.10.0/24 to 192.168.0.0/24
00503 deny ip from 192.168.10.0/24 to me
65535 allow ip from any to any

The first rule passes incoming packets through natd.
The second checks if the packet's destined for the router and if so, lets it go.
-- if it matches that rule, no further matching is done --
The third drops the packet if it's destined for any machines on my secure network
The fourth prevents any direct connections from the insecure network to the mini itself
The final rule simply catches all other traffic which doesn't match the earlier rules.

I've had a few games of Mario Kart DS online and it's working great. I might need to investigate to see if there's any additional rules/options I need to add to guard against spoofed source IPs or such.)

NovaScotian 08-07-2007 05:11 PM
Quote:
Originally Posted by tlarkin (Post 399309)
what OS is on the PC?
I'm pretty sure it's XP. He has it to be compatible with a job.

tlarkin 08-07-2007 05:57 PM
Quote:
Originally Posted by NovaScotian (Post 399322)
I'm pretty sure it's XP. He has it to be compatible with a job.
then all you need is windows file sharing enabled on the Mac, if it is XP home you may need to have the guest account enabled.

Tell him to use sharepoints for OS X since it will modify your samba config file for you and allow other drives to be shared.

NovaScotian 08-07-2007 06:23 PM
Thanks, TL.

epstewart 08-27-2007 08:15 AM
Quote:
Originally Posted by chabig (Post 398812)
The two devices must have separate network names (SSIDs) but don't use separate subnets! If you use separate network addresses, devices on one network won't be able to talk to devices on the other network. You want all of your devices to be on the same network. Turn off the DHCP server on the N base station, like this:

Internet
|
|-----B/G Base Station (distribute IP addresses)
|
|-----N Base Station (don't distribute IP addresses)

Chris
I want to do something like this, but I have some questions.

1. Apple's "Designing AirPort Extreme 802.11n Networks" document seems to say the Internet modem should connect via Ethernet to the N Base Station's WAN port, which connects via Ethernet to the G Base Station's (WAN or LAN?) port. You connected your base stations in the opposite order, with the modem connecting directly to the G Base Station, not the N Base Station ... how come?

2. Is "don't distribute IP addresses" in your post equivalent to setting up the base station as a "bridge" base station? Put another way, which of your base stations (if either one) is set up with "Off (Bridge Mode)" as its method of Connection Sharing?

3. I gather that whichever base station does not connect directly to the Internet modem needs to be a bridge base station, while the one that hooks directly to the modem (I'll call it the "main" base station) must "Share a public IP address" using DHCP and NAT, correct?

4. If I use my G Base Station as the bridge base station, which Ethernet port on it should the cable from the main base station go into: the WAN port, or the LAN port? (I gather that the Internet modem connects to the WAN port on the main base station, so a (or the only) LAN port on the main base station is cabled to the bridge base station, right?)

Thanks in advance for your help.

chabig 08-27-2007 06:57 PM
Quote:
Originally Posted by epstewart (Post 404214)
1. Apple's "Designing AirPort Extreme 802.11n Networks" document seems to say the Internet modem should connect via Ethernet to the N Base Station's WAN port, which connects via Ethernet to the G Base Station's (WAN or LAN?) port. You connected your base stations in the opposite order, with the modem connecting directly to the G Base Station, not the N Base Station ... how come?
Because I'm not using the N Base Station as a router. I want the N Base station and all of the wireless clients on it to be on the same side.

Quote:
2. Is "don't distribute IP addresses" in your post equivalent to setting up the base station as a "bridge" base station? Put another way, which of your base stations (if either one) is set up with "Off (Bridge Mode)" as its method of Connection Sharing?
I have the G Base Station operating as a router (distributing IP addresses) and the N Base Station operating as a bridge (not distributing IP addresses).

Quote:
3. I gather that whichever base station does not connect directly to the Internet modem needs to be a bridge base station, while the one that hooks directly to the modem (I'll call it the "main" base station) must "Share a public IP address" using DHCP and NAT, correct?
Yes. That's exactly right.

Quote:
4. If I use my G Base Station as the bridge base station, which Ethernet port on it should the cable from the main base station go into: the WAN port, or the LAN port? (I gather that the Internet modem connects to the WAN port on the main base station, so a (or the only) LAN port on the main base station is cabled to the bridge base station, right?)
On the bridge base station (the one farthest from the internet modem, you should use the LAN port.


All times are GMT -5. The time now is 08:37 PM.
Page 2 of 2 1 2
Show 100 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.