I have a little problem with my network config...
I have a server which runs Windows Server 2008 R2 SP1 updated. This server
runs a routing software nammed Kerio Control v7.2.2 (the most recent). This server
acts as a router for my clients with user management for Internet access with a
Captive Portal and everything runs for perfection.
My server network config is the following:
WAN: 192.168.1.2/255.255.255.252 gateway/DNS192.168.1.1
I have a wireless router that is which to secure at a maximum level
but but keeping WPA/WPA2 PSK (no EAP or other enterprise..) because i want a maximum
compatibility, so i got idea to isolate it form the network by adding a third NIC to my
server, and connect the only RJ45 cable from a LAN plug on to router to this NIC. This
router is a Linksys e2000 which has the 192.168.10.2/255.255.255.0 IP. On my server, there
is a virtual machine which is a router linux with captive portal (As kerio, but free).
This VM has 2 NIC: the first, the WAN is bridged to my NIC LAN1 and has the 10.0.1.3/
255.0.0.0 with gateway/DNS at 10.0.0.1 (I have an entry in Kerio which bypass the
captive portal for this IP). This config is static. My second virtual network card which
is the LAN is bridged to LAN2 and has the IP 192.168.10.1/255.255.255.0. it is the gateway
of my small isolated network, and is static too.
My router e2000 has DHCP off because it is the 192.168.10.1's job. it distribute
between 192.168.10.100 to 192.168.10.200, a lease of one day and gatewy/DNS at 192.168.10.1
The goal is that my wireless clients can't access the entire LAN until they login to
192.168.10.1. So, even if they know the PSK key, or if it is pirated, they must
auth to the virtual server which links to the LAN (and Internet).
Kerio has already a Captive Portal, but it is for the Internet access for the LAN1 computers.
I wanted a captive portal on the wireless to restrict access to the 10.0.0.0/255.0.0.0 network.
A small schema (not pretty):
Wireless client (192.168.10.100-200) --- e2000 (192.168.10.2) --- linux router (192.168.10.1) ---
router/server keio (10.0.0.1) --- adsl router (192.168.1.1) --- internet (www.xxx.yyy.zzz)
My LAN1 computers can access to Internet and interact with other computers and the server which
has SMB shares has the DHCP config:
IP = 10.x.x.x
mask = 255.0.0.0
gateway = 10.0.0.1
DNS = 10.0.0.1
Lease 1 day
My problem is below:
On my server I can access and ping everyone on LAN1 and LAN2
If I ping a LAN1 IP since my server it works and vice versa.
If I ping the e2000's IP since server it works.
However, if I ping my e2000 since any computer in LAN1 network it doesn't work...
I can't ping anything which is in 192.168.10.x, not even the LAN2 NIC itself (192.168.10.254).
The main problem is that i can't access e2000 webmin since a LAN1 host, or the linux server...
Note: The problem was here before i install the linux router, so its firewall can't be the cause.
Also, the ingoing firewall is unused because i never have to access it directly.
But, since the wireless isolated, when the user is authentified, it has access to Internet,
to 10.0.0.1 and can ping everyone on its network (192.168.10.x) and on my network (10.x.x.x).
The pings and traceroutes to google.com works.
My linux server can also ping everyone and access Internet.
I think it is a route problem, but by default, Kerio (and any server) make them...
Here is them anyway:
Network | Mask | Gateway | Interface | Metric
0.0.0.0 | 0.0.0.0 | 192.168.1.1 | WAN | 276
10.0.0.0 | 255.0.0.0 | (no) | LAN1 | 266
192.168.1.0 | 255.255.255.252 | (no) | WAN | 276
192.168.10.0 | 255.255.255.0 | (no) | LAN2 | 266
For me, i should be correct, but it isn't...
I tried to create a bridge between LAN1 and LAN2, but it is not its goal and it bugged everything
so I deleted it.
Did i did an error (stupid but that i don't see)?
Does it has enough details on my network config/topology?
As i remind, everything work, the only trouble is that I cannot administer my e2000 or my server:
I must have to go on my network server because it doesn't work anywhere. However I bypassed
the problem to configure the linux: created a port forward for webmin and SSH on it (10.0.1.3).
Thanks in advance for your reponses
- ICT and Me
Be sure that the Kerio Control is the GATEWAY. Otherwise no GO.
And be sure that the subnetmask of the WAN in control match with subnetmask of your router.
ICT and Me
it is already the case.
Kerio discussion forums are intended for open communication between forum
members and may contain information and material posted by members which may
be useful in learning about Kerio products. The discussion forums are not
intended to provide technical support for any specific product. Any
information implied or expressed in the discussion forums is that of the
posting member. Kerio is in no way responsible for the information posted in
the forums, or its accuracy. Kerio employees may participate in the
discussions, but their postings do not represent an offical position of the
company on any issues raised or discussed. Kerio reserves the right to
monitor and maintain the forums to promote free and accurate exchange of