# Configuring a wireless router -- SOLVED

## Fred Krogh

```
                 eth0 (216.x.x.x)   => DSL modem (works)

Gentoo System => eth1 (192.168.0.3) => switch => other computers (works)

                 eth2 (192.168.1.1) => wireless router at (WAN = 192.168.1.3)
```

The Lan for the wireless router has an IP address of 192.168.2.1 while the WAN is at 192.168.1.3.  The gateway for the wireless router is given as 192.168.1.1.

A laptop is connected with wireless to the router.  From the laptop I can ping 192.168.1.3, 192.168.2.1 and 192.168.1.1.  However there is no response on the Gentoo system with a ping to 192.168.1.3, and no repsonse on the laptop from a ping to 192.168.0.3.  I have this line in /etc/shoerwall.masq

```
eth0                    192.168.0.0/24,192.168.1.0/24  216.86.203.11
```

.

  I'm guessing there is something I don't understand here.  Can you help?  Thanks,

   FredLast edited by Fred Krogh on Sat Sep 10, 2011 4:00 pm; edited 1 time in total

----------

## Fred Krogh

I've muddled about.  I don't know what has changed, but from my laptop I can now reach google.com through the wireless router.  From my main machine, I can't ping the router.  Maybe this is not a problem, but it seems to me that this should be possible.

----------

## Bones McCracker

The firewall on the wireless router is probably blocking inbound ping packets (packets coming from what it considers to be the "WAN" destined for the 192.168.2.0 network.

You might want to simply put that wireless router into "Access Point" mode, which means it will stop functioning as a router (having a firewall and having its own sub-network) and function more like a switch (being instead simply a wireless connection to the 192.168.1.0 network.

Alternatively, you might want to see if there is a way to disable the firewall functionality of the wireless router.  If anything, you would want to filter wireless connections to your lan, not filter lan connections to your wireless network, so that firewall isn't really doing you much good.

What you probably want is a wirless access point connected to eth2, and some firewall rules on the Gentoo system to control what wireless systems can access inside your LAN (the eth1:192.168.0.0 network).  Given the history of wireless security and the fact you have no physical access control over a wireless network, it is a good practice to assume wireless networks to be unsecure or at least less secure than your wired network.

But I think the bottom line here is that you should be using your wireless router as an access point and not a router, or if you continue to use it as a router, you need to either disable the firewall or open the appropriate ports to allow connections to your wireless network originating from the rest of your machines.

----------

## taho

it will be better if you show us your shorewall rules

just type in console

   iptables -nL FORWARD

   iptables -nL POSTROUTING

Basicaly shorewall can tune firewall rudely and this lead to misunderstanding.

----------

## Fred Krogh

Sorry for the delay on this, I was on vacation and am just getting caught up.  The problem was in the configuration for the wireless router.  All works as expected now.  Thanks for the inputs.

----------

