DNS server, NAT and static routes with Smoothwall

Hi, I have setup Smoothwall Express 3 behind my linksys home router thats connects to the internet.
(I prefer not to use Smoothwall forums as you get flamed for anything).

First a few settings to help explain:
-Linksys router - 192.168.1.1
-Smoothwall (SW) red interface that connects to linksys - 192.168.1.103
-SW gateway is set to 192.168.1.1 and primary DNS is 127.0.0.1
-SW interface of green network - 192.168.70.1
-SW interface of purple (wireless) network - 192.168.71.1
-Netgear access point (AP) for wireless clients - 192.168.71.200

If my SW interface that connects to the linksys router has a static IP and the linksys is using NAT then I am not double NAT'ing?

Hosts on the green network have DNS set to the address of the linksys router - 192.168.1.1 and they can access the internet fine. The main problem is that clients on purple cannot get internet due to no DNS.

Purple clients can ping the purple SW interface and the netgear AP but not the linksys router.

Forgive me if the following sounds dumb:
There is a static DNS entry in the linksys router to SW red interface - could I not just make SW a DNS server so that green and purple clients use green and purple default gateways as DNS instead.


Summary:
-Double NAT'ing or not?
-Purple clients need internet - how to get DNS?
-Better idea to make SW a DNS server - if so how?


Anymore information needed then please say.
I am not a network expert so go steady please.
Look forward to any help.
Johny_Brav0Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Justin EllenbeckerIT DirectorCommented:
For your first question, you may be double NATing.  Since your networks are the different then there either needs to eb a route in the smoothwall telling it the next hop is the linksys or it will NAT the traffic and then it will get NAT'ed again at teh linksys.  It soundes like there is no route for traffic from the 71.x network to the linksys, can you post the results of a tracert to 192.168.1.1.  The SW should forward DNS queries out to the Linksys making no changes needed.  I am not too familiar with the SW but it sounds like it does routing is there a need for the linksys at all?
0
Johny_Brav0Author Commented:
Im not sure about the NAT, but I do need the linksys router as my Dad runs his business and home PC off of it.

I just realised I can remove the static DNS setting in the linksys router (going to the SW red). The SW red was out of DHCP range (now changed).  

The green network gets DNS so clients on this network can get on the internet.
The purple network is setup the same as green accept for the netgear AP, so it should work (kind of points to the AP being the problem).
Maybe a static route in the AP and would purple clients have DNS of 192.168.1.1?

Tracert results:
From client on purple - timeout
From client on green:
C:\>tracert 192.168.1.1

Tracing route to 192.168.1.1 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  192.168.70.1
  2    <1 ms    <1 ms    <1 ms  192.168.1.1

Trace complete.

From Smoothwall itself:
1  192.168.1.1  0.793 ms  0.563 ms  0.560 ms

Thanks for reply
0
Justin EllenbeckerIT DirectorCommented:
OK, the clients that are on the AP should have the purple interface set as their gateway.  The AP after it gets the packet basically acts like a switch and send the traffic back to the SW.  From here it should all be tied together and know that its next hop is the 192.168.1.x address for red.  Can you log into the SW and trace from the purple interface does it know where it is supposed to go?  Also can you ping 192.168.71.1 from a wireless client?  Can you ping a PC from a wireless client.  These things should help us to figure out if there is a route missing on the purple interface.  Can you check the settings in the SW to see if it is doing NAT with a lot network gear like this it needs pools for the NAT if the SW is doing NAT then it sounds as though the purple network is not being allowed to the nat.

Using something i know well, which is cisco gear if you have multiple "inside" interfaces that will be subject to nat you have to create a rule that says these IPs are allowed to NAT.  Its very possible depening on the order things were setup that the SW does not know that it is allowed into the NAT pool.  Now if you can ping a PC on the 70.x from the 71.x there is routing between them because the traffic has to hop to a new network.  If you cannot then there is a broken route there and you will need to specify on the SW that 192.168.70.x traffic from purple that green is the next hop and for the all other traffic red is the next hop.  On cisco gear and again without an SW box here thats all i can go off of we use terms like default route, or last resort.  I am going to get an admin guide for the SW and see what I find because this looks interesting but hopefully I can get you headed the right direction.  One other thing to try may be to put the AP into the same network as the 70.x and see if clients can get to the internet behind the AP then, if they do again it leads to routing from the 71.x network.

HTH,
StrifeJester
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Justin EllenbeckerIT DirectorCommented:
Can you hard wire into the purple network with a device other than the AP that will tell if you there is something messed up with the AP right away.
0
Johny_Brav0Author Commented:
"OK, the clients that are on the AP should have the purple interface set as their gateway."

As simple as that - changed the default gateway on my iphone and browsed to BBC news through the WLAN! I admit I should have thought of this - duh.

NAT is off on the netgear and it all seems to work now.


Ill hopefully use my other linksys (repeater) flashed with new firmware to get signal outside house but till then youve been a great help.

Many thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.