2013-03-31 - Re: [GRASE-Hotspot] two networks on the internal network adaptor?

Header Data

From: Tim White <ti***8@gmail.com>
Message Hash: 3b89757956fd7948148569be4d95feb62ffa6ab30f01fba9971b43b6d7a4336e
Message ID: <5158D04B.1000309@gmail.com>
Reply To: <1364764166.90745.YahooMailNeo@web140601.mail.bf1.yahoo.com>
UTC Datetime: 2013-03-31 17:09:47 UTC
Raw Date: Mon, 01 Apr 2013 10:09:47 +1000

Raw message 

Hi Steve

I only get to work on Grase in my spare time, and recently haven't had 
much spare time due to a building move at work.

 From the sounds of things, in transparent mode, you probably won't be 
getting the captive portal that grase provides? Or is Untangles 
transparent mode actually just a normal routing mode without NAT?

I believe what you want to do, probably needs Layer 3 routing on Grase, 
not layer 2. I've not had any time to implement the option for layer 3 
routing in Coova Chilli in the Grase interface. The main reason is for 
most people, they don't want complicated routing, and so Layer 2 is 
fine. For you, Layer 3 is needed. (Technically you can do what you want 
in Layer 2, with a larger ip range, and a dynip range for the first 
subnet, and a statip range for the other subnet).

Anyway, I believe what you want to do can be done in Grase, its just 
going to need a lot of working out initially as it's so not standard. 
Perhaps contact me off list with more information about the non-profit 
organisation and I can see if we can work out some cheap support so I 
can put some time into making this work?

As nice as untangle is, it does make you pay through the nose for things 
that shouldn't cost much. I have good networking knowledge and have 
studied it at Uni, it's just a matter of setting up a test environment 
to test it all.

Tim

On 01/04/13 07:09, Psteve wrote:
> Hi All
>
> I'm guessing as no-one's been able to reply to me on this one that 
> it's not possible.  I've been doing some extensive playing around and 
> whilst my findings are rather basic, I'm letting people know in case 
> it helps someone else.  Because of this problem where Grase can only 
> support one internal subnet, Grase isn't scalable for me, so I've had 
> to reject it in favour of a different product, namely untangle.
>
> Untangle has two modes, either NAT or Transparent.  In NAT mode, it 
> exhibits exactly the same problem that Grase does, even though the 
> routing is easily configurable in Untangle and everything is 
> most definitely set up correctly.  However, in transparent mode, it 
> works!  So I'm guessing it's more of a problem to do with the server 
> NATting between the two interfaces regardless of the server.  Grase's 
> webpages do seem to suggest something about working in transparent 
> mode but, probably due to my lack of experience with Linux, it doesn't 
> mean much to me.
>
> If anyone else has found a way of running Grase in transparent mode 
> that a noob like me can understand, I'd really love to hear from you, 
> especially as Grase offers functionality that Untangle makes you pay 
> through the nose for.  As I work for a non-profit organisation, these 
> are just facilities I'll have to do without.
>
> All the best
> Steve
>
>     ------------------------------------------------------------------------
>     *From:* Tim White <ti***8@gmail.com>
>     *To:* GRASE Hotspot General Discussions
>     <gr***t@lists.sourceforge.net>
>     *Sent:* Tuesday, 12 March 2013, 2:22
>     *Subject:* Re: [GRASE-Hotspot] two networks on the internal
>     network adaptor?
>
>     On 10/03/13 02:44, Psteve wrote:
>>     Hello All
>>     I'm sure this is a really simple thing to do but I just can't
>>     figure out how to do it. I've been running grase for some time
>>     now really sucessfully at the company I work for (an emergency
>>     service).  So sucessful that I've had a request to put it in on
>>     another site.  The two sites are linked together. Let's say siteA
>>     is 10.1.0.X and siteB is 10.1.1.X.  The routers internally are
>>     10.1.0.254 and 10.1.1.254.  Network traffic passes between them
>>     just fine, although computers on site B can't ping the grase
>>     server, although they can ping other PCs on siteA.
>>     I suspect this is something to do with the internal routing table
>>     in ubuntu but I've added a route into the grase server for
>>     10.1.1.0 with a gateway of 10.1.0.254 and it still doesn't seem
>>     to want to play.
>>     Has anyone achieved this?
>
>     Maybe some more details as to how it is setup.
>
>     In a normal Grase setup, Grase handles the DHCP for the network.
>     It sounds to me as if you have the Grase server (say 10.1.0.1) at
>     Site A, and it's the default gateway for the Site A network, and
>     handles DHCP for the Site A network? Then you have a router at
>     Site A that is somehow connected to Site B (assuming a PTP like?).
>     Site B doesn't have an "internet" connection, just the connection
>     to Router A at Site A.
>
>     What I don't get about this setup, which probably means I
>     misunderstood your setup, is how do the Site A client computers
>     know how to connect to the Site B client computers. Unless they
>     all have static routes in them pointing them to the 10.1.0.254
>     router for 10.1.1.0, they'll be trying to use 10.1.0.1 as the
>     route for all unknown networks. Adding static routes to lots of
>     computers is silly and annoying.
>
>
>     Maybe a digram of how it's all connected, and what routes are in
>     place (including default routes) and what the links are, would
>     help. It also sounds like you probably need Grase setup in Layer 3
>     routing, not Layer 2, and so it wouldn't be handling DHCP, just
>     captive portal.
>
>     Tim
>
>     ------------------------------------------------------------------------------
>     Symantec Endpoint Protection 12 positioned as A LEADER in The
>     Forrester
>     Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice"
>     in the
>     endpoint security space. For insight on selecting the right
>     partner to
>     tackle endpoint security challenges, access the full report.
>     http://p.sf.net/sfu/symantec-dev2dev
>     _______________________________________________
>     Grase-hotspot mailing list
>     Gr***t@lists.sourceforge.net
>     <mailto:Gr***t@lists.sourceforge.net>
>     https://lists.sourceforge.net/lists/listinfo/grase-hotspot
>
>
>
>
> ------------------------------------------------------------------------------
> Own the Future-Intel(R) Level Up Game Demo Contest 2013
> Rise to greatness in Intel's independent game demo contest. Compete
> for recognition, cash, and the chance to get your game on Steam.
> $5K grand prize plus 10 genre and skill prizes. Submit your demo
> by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
>
>
> _______________________________________________
> Grase-hotspot mailing list
> Gr***t@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/grase-hotspot

Thread