That makes sense thanks.  The only problem I have is that I cannot
figure out how to turn the router into bridge mode.  The model of the
router is wrt54g it's the 4-port switch, router, wap. The linksys
website has nothing that I can find on it. Found some conversations on
google groups, but it was only of people saying it couldnt be done. 



>>> "John T. Hoffoss" <john.t.hoffoss at gmail.com> 01/12/05 10:36AM >>>
On Tue, 11 Jan 2005 15:02:34 -0600, Dan Rue <drue at therub.org> wrote:
> Ok, here's your problem.  You wireless access point isn't configured
> correctly.  Your "router", which i'll refer to as your wireless
access
> point from now on, or WAP, is NATing.  So is your firewall.  Only
NAT
> once!  Also, both devices are handling DHCP - it's a mess.

The bigger problem, I think, is that you've tried to assign both the
internal and external sides of the Wireless router the same subnet. So
when you ping 192.168.1.2, it's looking for that host on the  Wireless
side.

> You should look for a 'bridge mode' option in your WAP.  If I were
at
> home i'd look at mine and tell you exactly what it's called.
> 
> Turn off NAT, turn off DHCP.  That's the job of your firebox.  Then
the
> wireless devices will use 192.168.1.2 as their default gateway (the
> firebox).  Think of the WAP as simply a wireless switch - that's all
you
> want it to do.

Keep in mind here, by having an unfirewalled wireless connection, you
provide mediocre protection (at best) to your internal network. If
this is a non-critical network (which it probably isn't, considering
you invested in a Firebox) no biggie.

Were I in your shoes, I would instead connect the Wireless router to
the firebox in bridged mode, and then set up a separate zone on the
firebox, segmented from anything on the wired side.

Sorta like this:
                                     _---[wlan]-192.168.1.x/24
-net---[rtr]--[firebox]--|
                                     |_---[lan]-192.168.2.x/24

(That's gonna be f***ed up with a fixed font...)

It sounds like this may be what you're trying. What you actually use
for subnet addresses (192.168.1.x/24, say) doesn't matter, so long as
they're different. Otherwise, your firewall doesn't actually know
which subnet to look to.

What's happening instead, is something like this:
--net--[rtr]--[24.123.x.x--firebox--192.168.1.2]--[192.168.1.4--wlan--192.168.1.1]----[PCs]

Hopefully this makes sense...I'll try to explain this some so you
understand what's up a bit better.

Dan said your firebox is doing NAT, (Network Address Translation)
which it is. This is evidenced by the fact that the firebox has two IP
addresses in different subnets.

The wireless router is trying to do the same thing, only both sides
are in the same subnet. The wireless router can't decide where to go
with 192.168.1.x traffic, so it's going to stay inside by default,
which is why you can't ping your firebox.

As Dan said, you should put the wireless router into bridged mode
(think: hub) which will make your network (at least the wireless
portion) look like this:

--net--[rtr]--[24.123.x.x--firebox--192.168.1.2]--[wap]--[192.168.1.x--PCs]

The wireless router is now doing nothing but taking traffic from the
wired side and passing it to the wireless, and vice-versa.

Long winded, and not very coherent, (not enough coffee) but I hope
this helps some.

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
Help beta test TCLUG's potential new home: http://plone.mn-linux.org 
Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery 
tclug-list at mn-linux.org 
https://mailman.real-time.com/mailman/listinfo/tclug-list

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
Help beta test TCLUG's potential new home: http://plone.mn-linux.org
Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery
tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list