Static IP's, Two Subnets and Linksys Routers

So, say you sign up for a DSL plan that comes with five static IP addresses. Let's also say you want most of your systems behind a NAT (Network Address Translation) system, nice and safe away from the internet, but you want a few systems to use those static IP addresses so that they can be easily accessed online. That's the scenario my church has at the moment.

In January, when we moved the offices back to the main building, I configured the network using two Linksys WRT54G routers. We only needed one wireless router, but for the small difference in price, it seemed advantageous to me to stick to one model for everything. We'll be deploying more WRT54G's as access points around the building eventually.

At any rate, I installed the first router directly connected to the DSL modem. I set it up to do PPPoE authentication. I tried to match the IP's and subnet on this unit to what the AT&T installer gave to me. The second router I assigned a static IP address to and told it act like a normal SMB router does — it assigned NAT IP addresses (in the 192.168.1.1-254 range). The majority of computers in the office connect to this second router either by wire or wireless. The second router is connected to a 16-port switch that helps fill in our wired needs.

At any rate, this worked fine for the NAT'ed computers, but for the one machine (other than the second router) that was hooked to the first router, things were amiss. This second computer is supposed to be accessible remotely for various reasons, and I assigned it one of our static IP's. It wouldn't connect from outside. Some other problems took over my time, and I only returned to this recently when it became more important. I reworked much of the network trying to figure out what was wrong. I ended up with the second router performing PPPoE and the first router acting merely as a switch. I thought maybe the Linksys router simply wouldn't work with static IP's (in fact, I was told by some that I was trying to do the impossible).

Well, I talked to AT&T support and found out at the install time I had been given the wrong subnet mask. I went in and tried the new subnet mask, but it didn't seem to work either. As it turned out, the problem once I had the right subnet was that I no longer had the routers setup like I originally had them. Once I returned the routers to my original configuration and entered the new subnet, everything sprang to life. It was frustrating that many, many hours were wasted because I was given the wrong subnet mask, but at least things finally work!

This is a far cry from the original network that was in place when I first started administering our systems in 1997. The network was not connected to the internet (everyone fought over getting a turn on using the fourth phone line to dial-up to Juno), was merely four computers hooked up to a switch, and the “wiring” was a multi-line phone cord that had been made to work as an ethernet line. We now have almost twenty systems running through the two routers and connecting via either 802.11g or high quality CAT-6 lines (in preparation for a future Gig-E upgrade); these systems run three different operating systems (Windows XP, Mac OS X and GNU/Linux). And, hopefully in the next few months, I'll be able to bring online some kind of GNU/Linux network authentication server that will allow granular access to the access points that will cover the building in connectivity.

Exciting times!