Vlan isolation, inside and outside for simplest of terms.  Vlan 1 is inside, Vlan 2 is outside.  By nature, one cannot reach another, thus Virtual LAN's.

In the middle sits a bridge, and iptables mangles packets between them.  This is your nat, firewall, application inspection, etc.

A process on the wan grabs a dhcp address, adds it outside, and a default route to the upstream dslam or cmts.  It also registers it as the external address to nat your internal traffic as to the world, effectively hiding your internal routable subnets.

The inside vlan uses a private address, usually 192.168.1.1/24 by default.  This gives you 253 usable address, and gives out a subset of that via dhcp.  When clients come up wired or wireless, they get an address from the dhcp server when they broadcast for an address.

Routers usually bridge the wireless 802.11 radio(s) to this vlan as well, bringing them all into the 192.168.1.0/24 subnet on that vlan.  The DHCP server gives wired or wireless clients a local 192.168.1.0/24 address out of the subset it hands out, including the gateway for the subnet (itself, 192.168.1.1), and dns servers for it, again itself.

They get a local dns server that is usually dnsmasq running on the router, caching and forwarding to the upstream provider dns servers given externally to the router when it gets its WAN address.  It forwards your requests on mostly.

Wireless does some form of security, hopefully, letting client onto the ssid with a pre-share key or some other.  No wpa1, only wpa2+aes.  Tkip is exploitable, so is wps pin registration (easily crackable without mitigation routines).

Most routers these days use dd-wrt, or some variant, usually some oem abomination hack of linux.  Your wrt54g is like the granddaddy of dd-wrt routers, see what generation it is and see if it's upgradable.  Probably doing yourself a favor upgrading the 10yr old firmware to something secure anyways, keeping some foreign entity from redirecting your dns for bank servers to snatch your credentials.

Clear as mud?  Google lots of those words.

-mb


On 10/19/2014 12:31 AM, Michael Havens wrote:
so the port I'm wondering about is an input port then. I thought I read that it is also a wan part.  How does that work? Like I know the internet is a wan but how does it work in this case?


:-)~MIKE~(-:

On Fri, Oct 17, 2014 at 10:27 PM, koder <iscreamkid@gmail.com> wrote:
Mike,

I have the same device in my networking system. My answer may not be 100% correct, but here is my SWAG:

The device was designed to serve as a router with DHCP server capabilities, in other words it hands out IP addresses to requests that come from one of the output ports.

You can access the device using its web page and turn that feature off, it then acts as a bridge router and the DHCP functioning will come from further upsteam, from your other router.

The network will not function correctly if you have two different devices trying to pass out IP addresses using DHCP. Everything pretty much quits talking to each other.

While I have never tried using the device by plugging everything only into the output ports, I am guessing that connection setup would use the device as a bare dumb switch. No more double DHCP, only happy connectivity.

I am reasonably sure my explanation is not technically correct, but is functional. I was quite loose with input, output, upstream, and  downstream analogies, but that is the way I think of them.

By the way on a separate item, it is my understanding that most of these devices are hacked and infected and should be either upgraded, or replaced. I have yet to do either, but I think that is the case.

HM



On 10/17/2014 03:08 PM, Michael Havens wrote:
That is the router I have. On the back there are 4 LAN ports and another port labled Internet. My setup had the cable from the modem feeding into that port and everything worked until a couple of days ago. Today I switched that cable to a LAN port and everything worked again. I asked in another thread the purpose of the internet port and MR Butash gave me an answer but it is still a lot hazy. In my research to answer the question myself I found a wikipedia article that states:

The original WRT54G was first released in December 2002. It has a 4+1 port network switch (the Internet/WAN port is part of the same internal network switch, but on a different VLAN).

My questions: What is that port for if not to be an input port for the internet
and
Why was it working as an input port for the internet and why did it stop working as such?
:-)~MIKE~(-:


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss



---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss