pc technician who's boss won't explain things to him ..

OK, I think it's safe to say, disregard all previous posts now .. well, to some extent anyways .. LOL

NIC 1 is connected to the public IP list as prescribed by our provider (obviously it's working, I'm on the Internet) .. so, I know this connection works

NIC 2 is connected to the switches that connect to the clients. I know this one is working to some extent because over 15 IP's have been given out to the WET 11's I had installed/configured last week (they are running DHCP, auto obtain IP)

NIC 2 =
IP address = 20.20.20.1
Sub mask = 255.255.255.0
Gateway = 10.168.161.114 (the IP addy of NIC 1) ..

DNS = 10.127.17.71 (primary DNS supplied by our provider)
= 10.127.16.68 (secondary supplied by provider)

WINS = 10.168.161.114 (NS1 IP)
= 10.168.161.120 (NS2 IP)

from this server, i can ping:

20.20.20.1 (ip of NIC2) and that's it ..

i go to the client test computer i have setup behind me which is configured properly and has obtained an IP address from NIC2 of 20.20.20.15

i can ping to the wet 11, access point, NIC2 .. but no further ..


so, i know something is misconfigured inside the server because i'm unable to "bridge" the gap between NIC 1 and NIC 2 so that the client computers can access the internet ..

i'm going to go re-read the subnetting and communications page again on the 3rd diagram and look at the IP's .. what i'm wondering though .. do i need to use DNS/WINS or will they cause a conflict with NAT?

i'm trying to use DHCP pool that will use NAT overload and assign themselves to a single public IP .. but, i've misconfigured something ..

NIC 1 to internet i have
NIC 2 to clients using DHCP i have

can't get NIC 1 to let traffic from NIC 2 through .. i'm SO SO SO CLOSE! i can feel it

Slow down. :roll:

Need to figure out what you have and how many workstations and servers are we dealing with - at the moment.

You need to look at your whole setup and see what your needs are. Forget about NAT, DNS, DHCP etc for the moment.

Why do you need to subnet? If you have only 10 - 50 workstations, you probably don't, unless you are going to have a lot of traffic. Does everyone need to access the same resources? What type of clients are you talking about that are coming over the AP (Access Point)? Are they individuals or separate companies that access your system.

You need to get a handle on NAT, before you start trying to deal with DHCP, DNS and WINS. Those are whole subjects in themselves.

Let's start with your network to the outside. You apparently have 14 outside address (even though they are private to your ISP). You really only need 1. You should only need to use NAT Overload. Obviously, you are not going to use Static (as I assume you have more than 14 accesses to the outside). Dynamic is probably going to be a little more complicated than necessary. Overload is what most people do, as it is simple to setup and handles most peoples needs.

What you have (now that you understand NAT fully), is 2 sides of router (or server acting as a router). I am going to assume the NAT is going to access the internet on one side (you can have NAT inside your local network and never going to the internet, if you want to - that is what "private interface connected to private network" is for).

One side is your WAN (Wide Area Network - Internet). The other side is your LAN ( Local Area Network).

If you put a router right after the ISPs router, the interface (NIC) that is connected directly that router (the ISPs) will be your connection to the Internet. That address would be one of the 14 addresses (and the only one you will use). Now I assume from your diagram, the address of the ISPs router is 10.168.161.113. The host address is 1 (1110 0001 where the 1st nibble is 1110 and the network address and the 2nd nibble is the host 0001).

Normally, at least this is what I have seen, the first router will be 1, the 2nd (perhaps a firewall will be 2 etc). Therefore, we will use 2 for the 2nd router (your router) and that will be 114 (or 10.168.161.114 - where 114 is 1110 0010).

Now you are connect to the internet by your router. Now you need to connect your private network. I noticed a couple of addresses you were using 10.x.x.x and 20.x.x.x. Not sure what the 20.x.x.x is, but this is a Public address. The private address you are allowed are as follows:

10.0.0.0/8 which is the subnet mask 255.0.0.0
172.16.0.0/12 which is the subnet mask 255.240.0.0
192.168.0.0/16 which is the subnet mask 255.255.0.0

This allows you any subnetting scheme you might need.

If we use 192.168.100.0/24, which gives us 254 address on this subnet. We could then use 192.168.101.0/24 as another subnet with another 254 address etc.

Let's use the first one (192.168.100.0/24) and set the other side of our router to 192.168.100.1. Now anyone on the same wire with address 192.168.100.2 - 192.168.100.254 with a gateway of 192.168.100.1 will be able to access the network.

Now I don't know what you are using for a router, but you could spend less than a $100 and get a router from your neighborhood Computer store (Linksys, Dlink,Soho etc) and solve your problem in minutes. If you need to set up multiple subnets, it will be a little more difficult.

But you need to figure out what you need, network wise, before you get into how to how to assign address. In your case, since you have so little experience, you should probably start out assigning them (or some of them) statically just to make sure you have everying set up correctly.

The mistake some people make is to set everything up at once and when they can't connect, it is difficult to figure out why - is it the wire, the NICS, the addressing scheme, the DNS, the DHCP etc. Can get pretty complicated.

I would set up the routers first and one workstation with address 192.168.100.5 and see if you can ping 192.168.100.1. If you can see if you can ping 10.168.161.14, then see if you can ping 10.168.161.113. If you can do all this, your lan is working and is connecting to the outside router. You can then try to ping 66.218.70.48 (which happens to be www.yahoo.com , at the moment). If you can, then you are accessing the internet.
Once you can do this, you can look at the other issues, IMHO.

thx .. i'll get to explaining the who/what/when/why's now ..

Urrmmmm... I sort of lost track on what's happening :lol:

I think I'll just go back to my TCP header analysis.... seems a lot simpler at the moment! :roll:

A spot of advice,
Give yourself time to absorb the basics from the material on the site.. and when you've covered your difficulties in that, then try and approach it with reference to your situation...

In other words, if you're still shaky about subnetting, you're likely to find understanding your situation difficult. Of course we're all here to help though

Tom is really outdoing himself with answers this time round..!

Cheers,

Sahir,

That's what I was thinking when I read his last response!