cloning static IP address possible?

[kausikdatta]

Hi! At work, we get to the intra- and internet using a single broadband LAN connection; the jack (with a static IP) connects to a wireless router, which dynamically allocates IPs (starting with 192.168.x.x) to all machines (wireless laptops) when connected. When I check the network connection using IPCONFIG /all or the DNS status, the report always identifies the router - even if the command call was made from any of the connected machine.

My question is:
Is it possible to clone the static IP of the router onto one or more of the wirelessly connected machines, so that they may be identified at the server as connected to that router when a request is sent out from any of them? Or does this pose a security risk?

Please let me know if any clarification or elaboration is needed.

 

[Grenage]

Sorry, I am a little hazy on exactly why you would want to duplicate the IP address on any of the machines? This would simply cause massive problems, or most likely, stop one/both working at all.

If the IP addresses are the same, the packets won't knows where to go.


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.

 

[lgarner]

Grenage is right, you can't have an external address assigned to an internal device. That device won't work.

The static IP of the router is what every external site should see. Visit "whatismyip.com" to check.

When you issue "ipconfig /all" on an internal device, you should see:
IP address: 192.168.x.x (unique Ip address)
Subnet mask: whatever
Default gateway: 192.168.x.1 (probably, router's inside address)
And whatever the router assigned for DNS, WINS, etc.

When an internal computer communicates to another internal computer, both will see the real address (192.168.x.x) of the other. I'm not sure this is clear, but I'm also not sure what you're trying to do.

 

[kausikdatta]

I am so sorry for all the confusion!! Here, let me make my situation a little clearer (hopefully!!). I am trying to access a username/password-protected folder on a webserver using WebDAV (the username/password is unique to me). This server does not allow FTP, only WebDAV.

Now, we have several computers connected to separate LAN jacks, each computer having its own IP address (129.98.x.x). One of these desktop computers acts as a kind of wireless base, in that for this computer, the LAN jack goes into a wireless router, and this router is hard-wired to this computer. All the wireless machines connect through this router. Therefore, this particular desktop - as well as all the wireless machines - is given a dynamically allocated IP, that goes like 192.168.x.x (with 192.168.2.1 being the routers own IP). Are you guys with me till here?

Okay, now the problem is this. When I access the above-mentioned webserver from any of the direcly-linked desktops (with IPs as 129.98.x.x), I can - without any problem. However, if I want to access the webserver from any of the laptops, I get HTTP 403 errors, 'server does not exist' error and a bunch of other errors.

I was given to understand that this is because the webserver is rejecting any access call other than ones originating from an IP starting with 129.98.x.x. This is quite possible, because I expect that the laptops and the desktop connected to the router will project an IP of 192.168.x.x.

My question pertains to this situation. Is it possible technically, to mask the dynamic IP of the connected computers and use the original static IP, for the purpose of accessing the webserver?

I can perhaps ask the web admin to allow 192.168.x.x IPs on the intra-net (and restrict it for access through internet). But will that pose a security threat to the server?

I hope I am much more lucid this time. Please let me know if I am making a mistake somewhere.

 

[Grenage]

Your problem is routing, because your laptops are on a different network they cannot see the router. Would it not be possible to simply change the DHCP scope to 192.168.2.*?


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.

 

[kausikdatta]

Would you kindly care to elaborate a little bit on that? For example, do you mean that right now the way the network is set up, the routers are not visible to the webserver? I did not understand the DHCP scope part that you meant. But since the router itself is directly connected to the webserver - with a WAN IP of 129.98.x.x - is there a way to project the outgoing request traffics (from the laptops through the router) as belonging to this IP, rather than their own WLAN IPs?

Thank you very much, Grenage, for your kind input.

 

[lgarner]

Still confused.

"... the LAN jack goes into a wireless router, and this router is hard-wired to this computer." How, exactly? Which ports on the router are connected to what?

If the router's WAN port is plugged into your 129.98.x.x LAN, then that port must have an address in your LAN range, such as 129.98.1.99. Any WLAN device connecting to the router, as well as any devices plugged into the LAN side of the router, should appear to devices on the WAN side as being 129.98.1.99.

If the router's connected to your LAN by one of it's built-in switch ports, then it's not configured correctly and can't communicate with any LAN devices since it has a different address range.

 

[rliebsch]

as far as the remote webserver is concerned, the requests are coming from your wireless router. THis is how NAT works. The wireless router tracks which internal computer made what requests to whatever external host.

I would check the configuration of the wireless router. Make certain that its WAN configuration is set up properly. If you are using linksys it should have traceroute and ping.

The logical routes would be 192.168.x.x to 192.168.x.1 (wireless access point) to 129.98.x.x (wireless WAN interface) to 129.98.x.1 (wired LAN router) to the internet.


Robert Liebsch
Stone Yamashita Partners

http://www.stoneyamashita.com/

 

[kausikdatta]

Thank you, lgarner for your comment. I wish I could draw out a schema. I shall try like this:
LAN --> (accessed through LAN outlets/jacks)-->One end of cat5 cable plugged into this jack <--> other end plugged into the modem port of the router. (I assume this is what you mean by the LAN side.)

Now, from the router...

Router --> WLAN connections through antenna --> laptops
|
|--> Wired ports--> via cat5 cable, connected to desktop.
(I assume this is what you mean by the WLAN or WAN side.)

Now, any device connected to the LAN jacks are automatically assigned static IPs of 129.98.x.x, as is indicated also with the router's WAN IP.

However, the WLAN IP of the router is 192.168.2.1, and all devices connected to the router get IPs of 192.168.2.x.

In view of this, would you please care to redefine your comment on the IPs of devices on respective side of the router? Please let me know.

It is quite possible - as you said - that the router was not configured correctly (before my time) and we have been content to let it run on the glorious principle of "if it ain't broke, don't fix it!" - because it still allows the users to connect to the internet for work.

 

[kausikdatta]

Hi, Robert! I did not receive your message before I posted a reply to lgarner. Please take a look. The schema that I tried to draw - doesn't that conform to your logical route?

We are using the Belkin 802.11G router.

 

[rliebsch]

so, everything plugged into the switch is 129.98, including the wirless access points. Subsequently, the wireless hosts get 192.168 addresses.

It still seems as if the wirless access point is misconfigured. I have analagous configurations here.

The wireless requests from 192.168.x.x would be NAT'd to 129.98.x.? (the address of the wireless access point which is plugged into your LAN). So, no external host knows/cares where the request came from...

Robert Liebsch
Stone Yamashita Partners

http://www.stoneyamashita.com/

 

[rliebsch]

Router
|
Switch LAN
| | |
walljacks computers wireless 129.82
/|\
laptops 192.168

Your map should look something like this

If anything plugged into the wall can get to the DAV then those gateways are properly configured.

Can the wireless clients hit anything on the internet?
The belkin will have 2 sets of addresses. The WAN and the LAN.
THe WAN address will be a 129.82, and it should have the gateway adddress (the router, the same gateway as the wired computers). The LAN address will be a 192.168. That address will be the gateway for the wireless clients, because it is the router for the wireless clients.

Robert Liebsch
Stone Yamashita Partners

http://www.stoneyamashita.com/

 

[kausikdatta]

Robert, I loved your schema!!
I modified it slightly to show you my configuration:
Walljack 129.98
|
Router's modem inlet
(129.98 WAN,192.168 WLAN/LAN)
|----------------------
outlet |(antenna)
| |
computers wireless 192.168
(192.168) /|\
laptops (192.168)
As I showed here, the Belkin router does have two sets of addresses, the WAN and the LAN. You are absolutely right about the rest.

The gateways properly configured, because other computers plugged into walljacks - having IPs 129.98 - can communicate easily with the DAV.

I am glad that I could make my situation clear to at least you. But I am not sure where the misconfiguration exactly lies.

 

[rliebsch]

the computers get 192.168s? what hands out those addresses?

what addresses are the wired computers getting? We need the 3rd octet now.
what addresses are the wirless computers getting?
what devices are handing out the addresses?

So, if the belkin hands out 192.168.1.x and the router hands out 192.168.1.x your problem is there. because the belkin will believe that it is 192.168.1.1 creating a loop. More fun still, if both devices are handing out addressess, you could have wired and wireless clients thinking they are 192.168.1.20 which would cause both devices to drop.

so the next question, is the router handing out IP addresses in the same range as the wireless access point? Or does the wireless access point proxy the DHCP requests from the wirless clients to the router?

Robert Liebsch
Stone Yamashita Partners

http://www.stoneyamashita.com/

 

[kausikdatta]

Er... the router and the wireless access point are one and the same entity - our 2.4 GHz 802.11g Belkin F5D7230-4 "Cable/DSL Gateway Router"? or did I get your question wrong?

Using ipconfig /all on the connected machines, I see that in this particular situation, the wired computers (through outlet) and wireless computers (through antenna) are all getting 192.168.2.x (x being a random number in the range 2-40) from the router. So the wired and the wireless computers are indeed getting the same range from the DHCP.

But, again, from the walljack, the router as such gets 129.98.x.x (its WAN IP).

Does this answer your questions, Robert?

 

[rliebsch]

it does indeed.

so, i am now stumped.
Are the wirelss clients able to get to the internet?

can you ask the admin on the remote site to see what the error logs are on his server when the client is given a 403?

what additional information are you getting on the wireless clients?

Robert Liebsch
Stone Yamashita Partners

http://www.stoneyamashita.com/

 

[kausikdatta]

The wireless clients are perfectly able to get to the Internet, one of the facts that make this situation so frustrating. I made up our group's webpage on my laptop and tested it, but to upload it to our own webserver, I found I had to use another machine (one that is physically connected to the network through a 129.98.x.x IP) - a lot of unnecessary hassle.

The admin on the remote site - well - is pretty *remote* for my purpose, being physically located on a different campus and so forth. Moreover, unfortunately, my interactions with them so far has not shown them to be the brightest of the lot. Therefore, I tried to troubleshoot at the client end.

Actually, this situation explains a lot of the networking woes we have had. The desktop computer that is connected to our router - as I mentioned earlier - serves as a hub for network access and printing for all our laptops. The office has other desktops connected directly to the network. Now, these two networks cannot see each other. At all.

From the directly-connected machines, I can browse almost any networked PCs, servers, centralized file repositories - all of which are directly connected, too, with static IPs. But I cannot see any of PCs on the network that are connected using a router-gateway. There are two funny things about it. One, both networks can individually access the same resources on the intra- and internet. Two, I can remotely access/share the desktop of any PC (from both networks) using http and the specific IP of the remote machine.

It's like, they do talk to each other and they don't... terribly frustrating!!

 

[IT247]

why do you have separate addressing schemes inside (behind your wireless router)?

 

[kausikdatta]

I am sorry, I am not quite sure I understand your question. Would you care to elaborate a bit? Did you mean the IP address schemes - the 129.98.x.x and 192.168.x.x? The former is the static IP provided to each computer through a wall jack. The latter is the IP handed out to wireless clients (laptops) from our Belkin router, which has its own static LAN IP in the 129.98 scheme and a WLAN IP in the 192.168 scheme. Did I get your question right?