2013-03-31 - Re: [GRASE-Hotspot] two networks on the internal network adaptor?

Header Data

From: Psteve <ps***k@yahoo.com>
Message Hash: 1f3925d6c7bb1129f32059f6b2639edd9e1908900951e1f927f3e36359099be8
Message ID: <1364764166.90745.YahooMailNeo@web140601.mail.bf1.yahoo.com>
Reply To: <513E916D.2030501@gmail.com>
UTC Datetime: 2013-03-31 14:09:26 UTC
Raw Date: Sun, 31 Mar 2013 14:09:26 -0700

Raw message

Hi All

I'm guessing as no-one's been able to reply to me on this one that it's not possible.  I've been doing some extensive playing around and whilst my findings are rather basic, I'm letting people know in case it helps someone else.  Because of this problem where Grase can only support one internal subnet, Grase isn't scalable for me, so I've had to reject it in favour of a different product, namely untangle.  

Untangle has two modes, either NAT or Transparent.  In NAT mode, it exhibits exactly the same problem that Grase does, even though the routing is easily configurable in Untangle and everything is most definitely set up correctly.  However, in transparent mode, it works!  So I'm guessing it's more of a problem to do with the server NATting between the two interfaces regardless of the server.  Grase's webpages do seem to suggest something about working in transparent mode but, probably due to my lack of experience with Linux, it doesn't mean much to me.

If anyone else has found a way of running Grase in transparent mode that a noob like me can understand, I'd really love to hear from you, especially as Grase offers functionality that Untangle makes you pay through the nose for.  As I work for a non-profit organisation, these are just facilities I'll have to do without.

All the best
Steve



>________________________________
> From: Tim White <ti***8@gmail.com>
>To: GRASE Hotspot General Discussions <gr***t@lists.sourceforge.net> 
>Sent: Tuesday, 12 March 2013, 2:22
>Subject: Re: [GRASE-Hotspot] two networks on the internal network adaptor?
> 
>
>On 10/03/13 02:44, Psteve wrote:
>
>Hello All
>> 
>>I'm sure this is a really simple thing to do but I just can't figure out how to do it.  I've been running grase for some time now really sucessfully at the company I work for (an emergency service).  So sucessful that I've had a request to put it in on another site.  The two sites are linked together.  Let's say siteA is 10.1.0.X and siteB is 10.1.1.X.  The routers internally are 10.1.0.254 and 10.1.1.254.  Network traffic passes between them just fine, although computers on site B can't ping the grase server, although they can ping other PCs on siteA.
>> 
>>I suspect this is something to do with the internal routing table in ubuntu but I've added a route into the grase server for 10.1.1.0 with a gateway of 10.1.0.254 and it still doesn't seem to want to play.
>> 
>>Has anyone achieved this?
>Maybe some more details as to how it is setup.
>
>In a normal Grase setup, Grase handles the DHCP for the network. It
    sounds to me as if you have the Grase server (say 10.1.0.1) at Site
    A, and it's the default gateway for the Site A network, and handles
    DHCP for the Site A network? Then you have a router at Site A that
    is somehow connected to Site B (assuming a PTP like?). Site B
    doesn't have an "internet" connection, just the connection to Router
    A at Site A.
>
>What I don't get about this setup, which probably means I
    misunderstood your setup, is how do the Site A client computers know
    how to connect to the Site B client computers. Unless they all have
    static routes in them pointing them to the 10.1.0.254 router for
    10.1.1.0, they'll be trying to use 10.1.0.1 as the route for all
    unknown networks. Adding static routes to lots of computers is silly
    and annoying.
>
>
>Maybe a digram of how it's all connected, and what routes are in
    place (including default routes) and what the links are, would help.
    It also sounds like you probably need Grase setup in Layer 3
    routing, not Layer 2, and so it wouldn't be handling DHCP, just
    captive portal.
>
>Tim
>
>------------------------------------------------------------------------------
>Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
>Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
>endpoint security space. For insight on selecting the right partner to 
>tackle endpoint security challenges, access the full report. 
>http://p.sf.net/sfu/symantec-dev2dev
>_______________________________________________
>Grase-hotspot mailing list
>Gr***t@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/grase-hotspot
>
>
>

Thread