Sign in with
Sign up | Sign in
Your question

WatchGuard and Linksys hookup

Last response: in Networking
Share
Anonymous
a b 8 Security
May 27, 2004 3:16:17 PM

Archived from groups: comp.security.firewalls (More info?)

Forgetting about different subnets for now, what I would like to be able to
do for now if possible is share resources between machines connected to the
Linksys with machines connected to the WG. I am kind leaning towards this
cannot be done.

Duane :) 
Anonymous
a b 8 Security
May 27, 2004 4:23:01 PM

Archived from groups: comp.security.firewalls (More info?)

In article <Xns94F63FCBBCB77notmenotmecoml@204.127.199.17>,
notme@notme.com says...
> Forgetting about different subnets for now, what I would like to be able to
> do for now if possible is share resources between machines connected to the
> Linksys with machines connected to the WG. I am kind leaning towards this
> cannot be done.

Duane, I need to better understand this:

Do you mean you want a Linksys unit to VPN to a SOHO?

Do you mean you want a SOHO to be the first device and have a wan port
of the Linksys attached to one of it's ports and have systems on both
the SOHO Lan and the Linksys LAN?

If you want the VPN ability, both LAN's need to be different subnets,
then you setup a VPN between the units - the SOHO6TC does VPN real
quickly as does the Linksys BEFVP and BEFSX units.

If you want to have a border LAN (SOHO) and a second LAN behind the SOHO
using the Linksys as the second zone, then you are going to have a 1 way
path out of the linksys to the systems in the SOHO LAN, but the SOHO LAN
can only enter the Linksys LAN by means of a port-forward.


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
a b 8 Security
May 27, 2004 8:53:47 PM

Archived from groups: comp.security.firewalls (More info?)

Leythos <void@nowhere.com> wrote in
news:MPG.1b1fa95073baea1b98a58b@news-server.columbus.rr.com:

> In article <Xns94F63FCBBCB77notmenotmecoml@204.127.199.17>,
> notme@notme.com says...
>> Forgetting about different subnets for now, what I would like to be
>> able to do for now if possible is share resources between machines
>> connected to the Linksys with machines connected to the WG. I am kind
>> leaning towards this cannot be done.
>
> Duane, I need to better understand this:
>
> Do you mean you want a Linksys unit to VPN to a SOHO?
>
> Do you mean you want a SOHO to be the first device and have a wan port
> of the Linksys attached to one of it's ports and have systems on both
> the SOHO Lan and the Linksys LAN?
>
> If you want the VPN ability, both LAN's need to be different subnets,
> then you setup a VPN between the units - the SOHO6TC does VPN real
> quickly as does the Linksys BEFVP and BEFSX units.
>
> If you want to have a border LAN (SOHO) and a second LAN behind the
> SOHO using the Linksys as the second zone, then you are going to have
> a 1 way path out of the linksys to the systems in the SOHO LAN, but
> the SOHO LAN can only enter the Linksys LAN by means of a
> port-forward.
>
>

What I would like to do is to be able to print to the networked printer
that is on the machine that's connected to the WG at 192.168.111.2, if
possible from a machine that's connected to the Linksys.

Yes, the Linksys is connected to the WG on one of the WG ports using a
static IP of 192.168.111.13. The machines connected the Linksys are
getting a DHCP IP from the Linksys starting at 192.168.1.100.

Yes, the WG reports all traffic on 192.168.111.13 and that's on any
device from the Linksys from 192.168.1.100-192.168.1.110. But the WG log
only shows activity on 192.168.111.13 not that it is 192.168.1.100 (I
know it cannot report on 192.168.1.100). I only have one machine
connected at this time on the Linksys.

I got a feeling that I cannot share resources with this setup. Of course,
I know I can share resources with any machines connected to the same
router.

The subnet for all of it is 255.255.255.0.

I am not looking to do any VPN things right now. I am just curious as to
what I can and cannot do with the Linksys/WG setup.

On another topic, I was playing around with creating service rules and I
ran in to the Protocol Number from 1-255 that must be given in the rules.
I kind of glanced at this Protocol number thing out on Google. I also
went back and looked it what IPsec on the XP O/S was doing when creating
a rule selecting the UDP protocol and it selected protocol number 17-UDP.

What's the deal with this protocol number thing and can more than one
protocol number be given for a single rule created on any rule based FW
that deals with protocols?

Duane :) 
Related resources
Anonymous
a b 8 Security
May 27, 2004 11:14:19 PM

Archived from groups: comp.security.firewalls (More info?)

In article <Xns94F67903BAF16notmenotmecoml@204.127.199.17>,
notme@notme.com says...
> Leythos <void@nowhere.com> wrote in
> news:MPG.1b1fa95073baea1b98a58b@news-server.columbus.rr.com:
>
> > In article <Xns94F63FCBBCB77notmenotmecoml@204.127.199.17>,
> > notme@notme.com says...
> >> Forgetting about different subnets for now, what I would like to be
> >> able to do for now if possible is share resources between machines
> >> connected to the Linksys with machines connected to the WG. I am kind
> >> leaning towards this cannot be done.
> >
> > Duane, I need to better understand this:
> >
> > Do you mean you want a Linksys unit to VPN to a SOHO?
> >
> > Do you mean you want a SOHO to be the first device and have a wan port
> > of the Linksys attached to one of it's ports and have systems on both
> > the SOHO Lan and the Linksys LAN?
> >
> > If you want the VPN ability, both LAN's need to be different subnets,
> > then you setup a VPN between the units - the SOHO6TC does VPN real
> > quickly as does the Linksys BEFVP and BEFSX units.
> >
> > If you want to have a border LAN (SOHO) and a second LAN behind the
> > SOHO using the Linksys as the second zone, then you are going to have
> > a 1 way path out of the linksys to the systems in the SOHO LAN, but
> > the SOHO LAN can only enter the Linksys LAN by means of a
> > port-forward.
> >
> >
>
> What I would like to do is to be able to print to the networked printer
> that is on the machine that's connected to the WG at 192.168.111.2, if
> possible from a machine that's connected to the Linksys.
>
> Yes, the Linksys is connected to the WG on one of the WG ports using a
> static IP of 192.168.111.13. The machines connected the Linksys are
> getting a DHCP IP from the Linksys starting at 192.168.1.100.

If you want to print from inside the Linksys LAN to the SOHO LAN, then
it's strictly a Linksys issue and not a SOHO issue. At the point where
something on the Linksys side wants to connect to something on the
SOHO's LAN side, there are no firewall rules to deal with, only the
Linksys rules.

First things to try - if the printer is connected to a computer, from
the Linksys side try and PING the computer by name. If this fails you
need to take a look at what the Linksys is blocking outbound or what
you've configured for DNS on the Linksys WAN port. Once you can ping by
name you can then use the systems in the SOHO LAN from the Linksys LAN.

> Yes, the WG reports all traffic on 192.168.111.13 and that's on any
> device from the Linksys from 192.168.1.100-192.168.1.110. But the WG log
> only shows activity on 192.168.111.13 not that it is 192.168.1.100 (I
> know it cannot report on 192.168.1.100). I only have one machine
> connected at this time on the Linksys.

The log will only show traffic from the SOHO IP addresses - meaning
that if the Linksys is on 111.13, then anything that passes to/from the
Linksys WAN port will show as 111.13 in the logs. It may also show a
spoofed IP address for those in the Linksys LAN side.

> I got a feeling that I cannot share resources with this setup. Of course,
> I know I can share resources with any machines connected to the same
> router.

Sure you can, you just have to have good DNS information or a HOSTS file
that shows the name/ip of the device you want to use. If you can't ping
by name, try pinging by IP. If both fail then we've got a different
problem.


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
a b 8 Security
May 28, 2004 4:20:12 AM

Archived from groups: comp.security.firewalls (More info?)

Leythos wrote:

>If you want to print from inside the Linksys LAN to the SOHO LAN, then
>it's strictly a Linksys issue and not a SOHO issue. At the point where
>something on the Linksys side wants to connect to something on the
>SOHO's LAN side, there are no firewall rules to deal with, only the
>Linksys rules.

Sounds like a routing issue between the SOHO's interfaces to me,
assuming the Linksys and LAN are on different ones. Routing between
them, of course, would nullify the VLAN benefits, but depending on the
capabilities of the SOHO, should be doable.
Anonymous
a b 8 Security
May 29, 2004 4:38:57 PM

Archived from groups: comp.security.firewalls (More info?)

Thanks to everyone for this information, including *he's an adult today*
with a post that's worth something. You go boy and stay off the screen! :) 

I know it can be done. I'll have to get back on the phone with WG which is
on holiday until Monday at 12:00 hrs, otherwise $150 a shot. I don't think
so! Unlike Linksys, WG seems to have information on how to(s) that's hard
to find, or I don't know how to find it. :) 

Duane :) 
Anonymous
a b 8 Security
June 3, 2004 2:18:17 PM

Archived from groups: comp.security.firewalls (More info?)

Well,

My resolution wound up being Linksys connected to the WatchGuard LAN port to
LAN port, DHCP disabled on the Linksys turning it into WAP a (switch), and
all machines connected to the Linksys using the WG's DHCP server to obtain
an IP. It works and machines can see each other no matter what device they
are connected to.



WG had me into trying to route 192.168.1.0/24 - Linksys in the WG Route
screen. With the current setup, I don't think I even need to setup the
Linksys and give it any IP(s) pointing to the WG as gateway wasting
192.168.111.13 as a static IP on the WG.



I am thinking about switching this and letting the Linksys be the gateway
and DHCP server. I am looking for suggestions to improve this.



Duane :) 
!