Bridged Networks with Netgear DG814+ and friends

Intro

Most people would be content with getting their ADSL router, plugging it in, bung some settings into it and off you go. I'm not most people, though.

Your average home network will look something like this

			,_____________
			| ADSL MODEM  | PUBLIC INTERFACE (ppp0)
			`-------------'
			      |
			,_____________ 
			| ROUTER/NAT | 
			`------------' INTERNAL INTERFACE (eth0)
				  |       \
			,____________  \
			| SWITCH     |  WIRELESS BRIDGE (br0)
			`------------'
			  |  |  |  |
			| WORKSTATIONS |

It should be noted that all 3 of the network devices are usually combined into one, easy to use, unit.

Which works perfectly for the average Joe who just wants to get his desktop, and his kid's laptops online.

My Plan

I have a block of 8 IPs that I got assigned to me (for free, all that's required is a RIPE request form and some "justification"), and I want to make some use of them. I want to be able to have a couple of machines (namely servers) which I want to be able to have unrestricted access to from the Internet. I still want to be able to have more than 8 general workstations to be online without running out of IPs to give them.

The solution is to NAT on one IP and to use the public IPs on a seperate network. So the plan is to use one NAT device to route traffic from the wired and wireless networks which serve the workstations, and then have another switch which is bridged with the external interface directly to connect servers to. Here's a diagram

			,_____________
			| ADSL MODEM  | PUBLIC INTERFACE (ppp0)
			`-------------'
			      |
			,_____________ 
			| ROUTER      |  ( Routing traffic only )
			`------------' 
				  |       
			,____________  
			| SWITCH     |  
			`------------'
			|			\	 ____________
		| SERVERS |			| NAT/ROUTER |
							`------------
								|
							| WORKSTATIONS |

Hardware

The stuff is pretty unremakrable, but here's a list if you're interested

• Main Router: Netgear DG814+ (ADSL)
• NATing Router: Netgear WGT624 (wireless, Ethernet external port)
• Switch: Some noname 8-port switch
• Network Cards
  • 3Com OfficeConnect
  • Belkin NIC
  • OnBoard NICs on Abit and EliteGroup machines

To be fair, I could achieve all of this and more if I simply had a single *nix box with a PCI ADSL modem but I don't have an PCI ADSL modem or the money to buy it, so I just went with what I've got!

Config

First the Main Router needs to have it's "LAN" address set to the same as it's external IP (the NAT won't route it properly otherwise). Whilst you're doing this, disable NAT. I got a bit confused doing this, as it will still respond to it's internal IP with NAT off.

Then, you connect that to the "public" switch. Connect the server NICs to this switch, as well as the external port on the NATing router

Set the external IP on the NATing Router, plug workstations into it

Set public IPs on the servers to external IPs

Extra bits

If I really wanted to, I could set up a DHCP server for the external switch as well, but really I don't have enough IPs available to justify it

Also, I've written some scripts that grab the bandwidth stats from these devices for graphing with MRTG. Take a look on my MRTG Page