I am having trouble getting my head around how to bridge my internal 192.x.x.x network with my AREDN and could use a few more brain cells from the collective.
I should start by saying I am not a newbie at this and worked in the IT industry and familiar with NATing, Bridging, Routers and Firewalls which is why this is so frustrating.
The basic setup is as follows:
1. Internal 192.... network
2. M5 Bridge to remote Network.
Remote network is bridged to the AREDN network BUT the M5 is running commercial 5GHz wifi (not that it matters)
3. Local M2 AREDN node
4. Ubiquiti EdgeRouter
The goal is to use the M2 to advertise a Winlink system hosted on the 192.... network via the M5 Bridge to the rest of the AREDN.
For the moment lets ignore that the internal box is Winlink because the issue would be the same regardless if it was a webserver or any other services.
I have looked at VLAN's, NAT's, IP Ailasiing and just about every way I can think of to make the Internal 192... device available to the M2/M5 and at the end of my rope. Any help would be appreciated.
Here is a graphic of the network which might help more than a lot of text.
Lee
You are here
Bridging Multiple Networks
Tue, 10/16/2018 - 22:04
#1
Bridging Multiple Networks
Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer
Lee,
Is there only 1 mesh node in your design (more in the future)?
Here is a possible option... If you put the mesh node's WAN interface (vlan 1) on your 192.168.0.x network, then any LAN device with the mesh assigned 10.x.x.x address can access the service on the 192.168.0.x network. The mesh node has a default route for this address looking on the WAN interface. If your home DNS server provides a hostname to the mesh node on the WAN interface, then devices on the mesh network can use this hostname too and the LAN devices can find the service with both IP and hostname.
Joe AE6XE
1. Should the switch be setup as one network (192.168.0.x) ?
2. VLAN
Are you suggesting Eth0 (192.168.0.x) and Eth1 M2 (10.2.15.x) be on VLAN1
3. M5 Link ?
What about the M5 link which connects to the MESH network ?
You asked if there were other mesh nodes in my design and the answer is yes.
The are on the other end of the M5 bridge (10.97.70.x)
Which is part of the question. Just getting the M2 to talk to the 192.x.x.x is only part of the problem. I also have to Publish the M2 node/winlink machine to the nodes on the other side of the M5 network. So I have three networks I am trying to connect together.
Lee
1. Should the switch be setup as one network (192.168.0.x) ?
Should setup to be aware of the networks involved and separate them.
2. VLAN Are you suggesting Eth0 (192.168.0.x) and Eth1 M2 (10.2.15.x) be on VLAN1
No, the mesh node is 'trunked' already. it has untagged (LAN), vlan1 (WAN), and vlan2 (dtdlink) networks when you plug the cable into the switch already. The switch port you plug the mesh node into should have vlans for all 3 networks to handle them, even if that don't go anywhere, to avoid unexpected behavior. The mesh node is configured for dhcp to pull an IP address on it's WAN interface from your home network. The, devices on the mesh (LAN networks of mesh ndoes), can all access your home network, they route though mesh nodes to get there through this WAN interface or gateway connection point.
3. M5 Link ?
What about the M5 link which connects to the MESH network ?
Need to design which networks or vlans you would need or should have over this part 15 link. 1 vlan would be for your 192.168.0.x network. Another would likely be vlan '2', so the mesh nodes on both ends can route mesh traffic to each other and see each other as part of a larger mesh network. The mesh network uses 10.x.x.x addresses, so best to avoid using this on other networks involved or you risk IP address conflicts. The M5s for this part 15 link could have admin IP addresses from multiple options, you could pull from the Vlans going over it. Could be the LAN of a given mesh node (local to the location). Could be your home network. You might have other vlans/networks going over this link not yet discussed.
I am having a little trouble picturing the physical layout of this configuration but let me draw this and give it a try and then I will have more informed (i hope) questions. :)
Thanks again,
Lee
Lee,
You didn't mention what kind of box your WinLink runs on, but is it possible to add another nic to it and put the new nic on the 10 network to talk to the node? Or, is it possible to do some magic with vlans and a vlan switch?
Mark
Winlink is running on a laptop and the radios are in a SKB gobox rack case for portability. I am also using all 3 USB ports so I would have to add a hub and a USB to ethernet adapter to add another interface.
I have heard this as a suggestion before but it brings up another question.
Winlink RMS Relay requires an IP address so the other protocol modules can talk to RMS Relay. If you have multiple interfaces (IP's) how is RMS Relay going to respond to a non-RMS address ?
Lee
We don't need the USB3 speed or Hub, so we've very succesfully used these for our "add-on" NICs (less expensive in pairs):
https://smile.amazon.com/gp/product/B017NI9MAU
(I label each one externally with its MAC address before use).
- Don - AA7AU
What I failed to mention is the Winlink Laptop is interfaced with an Icom IC-7300 (USB), a SCS Pactor Modem (USB) and a Packet TNC (USB).
So all three internal USB ports are being used to control the radio, forward high speed winlink traffic via Pactor or allow VHF packet access.
Lee
RMS Relay by default takes its address from the computer it is installed on (for example 192.168.x.x).
However it accepts incoming mail connections from any address on the computer (for example 10.x.x.x) see attached image.
To have a second address requires a second NIC attached to your WinLink computer (example: USB/ETH - cheap)
I believe you can configure RMS Relay to accept email connections (WinLink Express or others) from users out on the mesh and then forward that mail via HF or VHF path on the 192.169.x.x side. My mesh-connected forwards via the Internet because I don't have any WinLink equipment but I can see the options are there in the RMS Relay program...
Lee,
I think I understand what you are trying to do. So, let me restate your requirements in my own words and you can tell me if I'm correct or not.
You have a portable WinLink station running on a laptop in a GoKit that you can take into the field. This WinLink station gets connectivity to the Internet through a link that you establish using Part 15 equipment on 5 GHz. I'll make the assumption that this connectivity is over the ethernet interface in the laptop. You would also like this WinLink station to be accessible over the Mesh through a 2 GHz node colocated with the WinLink station. I'm guessing that the WinLink station in the field needs inbound connectivity from other WinLink stations on the Internet. The Part 15 network uses 192.168.x.y address space on all of its devices. It is unknown if you wish to extend Internet connectivity over the Mesh network through this field station. You also have an edge router in the GoKit available for use.
Does this describe your situation?
Mark
Let me see if I can lay this out a little more clearly and state the basic goals.
- Create transparent Link via 5 GHz M5 (10.97.70.x) to remote AREDN network
- Publish local M2 (10.2.15.x) AREDN node services to remote AREDN network (via M5 link)
- Publish Internal network (192.168.0.x) Winlink services to remote AREDN network users
I have had some success using getting the M2 AREDN node to show up on the other side of the M5 link but it was using another firewall and it was basically a clugging setup. BUT, I have not had any success figuring out how to publish / expose the Winlink 192... network address to the AREDN network.This is in place and working so I am good on this setup
Hope this makes my issues a bit clearer.
Lee
Lee,
The solution could be simple due to some network support that is built into a node. So, this is what I suggest. This assumes that the WinLink box is part of the GoKit and not at a fixed location (my first sentence). What makes this work is that if Internet is provisioned on the WAN interface of a node, any device connected to a LAN interface on that node has outgoing access to the Internet. You do not need to check the Mesh Gateway box on the Basic Setup page for this to happen.
1. Move the WinLink box to the LAN side of the 5 GHz AREDN node. Assign it a fixed ip address from the LAN ip range. Reserve it in the DHCP pool in the node and advertise it to the Mesh. On the left side of the Port Forwarding, DHCP, and Services configuration screen, the left side reserves the address and the right side advertises it to the Mesh. It's your choice if you want the advertisement to be just a character string or a URL. I understand that a specially crafted WinLink advertisement will be automatically recognized by WinLink clients. I'll defer to someone more knowledgeable for the details.
2. Connect your Internet to the WAN side of the AREDN node serving WinLink. As mentioned above, this will enable WinLink outgoing traffic to the Internet. Give this a static address from your WAN address range. Configuration in the node is accomplished on the Basic Setup page.
3. Enabling incoming Internet traffic to the WinLink box will require two port forwards. The first one will be in your Internet router and will point to the ip address you just assigned in the node on the WAN interface in step 2. The second will be in the node and point to the LAN address you established in step 1. Port forwarding in the node is configured on the Port Forwarding, DHCP, and Services configuration screen, just under where you reserved the WinLink address and advertised the WinLink service.
Hope this helps.
Mark
1. Why Move to AREDN Network
I guess this is what confuses me because this is everyone's solution but I am familiar enough with networking to question why is is necessary.
Doesn't the Ubiquiti router provide NAT capability ? Why can't the edgerouter simply NAT the 192... winlink address to a 10.xxx network address so it appears on the AREDN subnet ?
NAT is how every firewall works, translating internal IP's to Public address. Why is it this technique be used in this situation?
2. It's a Networking Issue
I know you are not a Winlink gateway operator and as I mentioned it was not my intention to turn this discussion into a Winlink issue. Because in my opinion it wouldn't matter if the box on the 192... network is Winlink, a Web server or Webcam. This issue is exactly the same and that is how to expose a single device on a different network to the AREDN system. I see this as a Networking / Routing issue.
3. Winlink - Dual Interfaces
Again I know you guys are not Winlink ops but everyone misses the point I keep making... Winlink RMS Relay ONLY supports ONE IP Address.
Now unless something has changed in the RMS Relay code, as far as I know the software only allows for ONE IP address. So adding as second card with a 10.x.x.x address is useless.
I know there are people that only running a Winlink Post Office and that maybe different but that is not my situation.
Thanks for your help,
Lee
1) The diagram shows winlink connected to a firewall. Is this "firewall" a router with the DHCP server for the 192.168.1.0/24 network? If not, what device is the DHCP server for this network?
2) The diagram shows this firewall connected to the internet. This is the intended path for winlink to reach CMS servers on the internet, correct? Is there any consideration to make this internet path available to devices on the mesh network?
3) The diagram shows the part 15 device (with a dish antenna) to be a 10.97.70.x address. What network is this? Is this device a layer 3 router (like a mesh node) or a layer 2 bridge? Is this 10.x.x.x address a mesh coordinated address or intended to be on a different network altogether?
4) Is the purpose of the part 15 RF link A, B, or both?:
4A) to reach the greater area mesh network? There is a mesh node co-located with the part 15 device on the other end of this link?
4B) to have devices on the 192.168.1.0/24 network on the other side of this RF link?
Joe AE6XE