Internal device network
From DD-WRT Wiki
Revision as of 15:10, 16 May 2010 (edit) Glenn (Talk | contribs) (chg) ← Previous diff |
Revision as of 04:14, 20 June 2012 (edit) (undo) Glenn (Talk | contribs) (→Examples of changed internal network - -link) Next diff → |
||
(35 intermediate revisions not shown.) | |||
Line 1: | Line 1: | ||
- | Your network device | + | Your network device (commonly referred to as a "router") has an '''internal network'''. The internal network connects the internal physical(=hardware): |
*switch | *switch | ||
*wireless access point | *wireless access point | ||
Line 5: | Line 5: | ||
*network processors [[default internal device networks|default internal device network and services]]. | *network processors [[default internal device networks|default internal device network and services]]. | ||
- | Via the user interface you can modify how the hardware is logically interconnected with your software services. It is easy to lock yourself out of your network device and if/when | + | ===Modifying internal network=== |
+ | Via the user interface you can modify how the hardware is logically interconnected with each other and with your software services. | ||
+ | |||
+ | :'''Note''': It is easy to lock yourself out of your network device and if/when this happens (use the waiting time checking the PC's ip settings - try release/renew the dhcp lease if not ok): | ||
+ | :*First: Wait some minutes - it might just be a temporary glitz. | ||
+ | :*Second: Try to restart the device, because it might just be a device service that need to be restarted. | ||
+ | :*Last resort: Restore to the firmware defaults by resetting the device. | ||
+ | |||
+ | ===Internal network services=== | ||
+ | The software services are serviced by the network processor ([[wikipedia:ARM architecture|ARM]], [[wikipedia:MIPS architecture|MIPS]]...). Please note that the possibilities are limited by the software implementation and hardware. | ||
List of non-exhaustive internal software services: | List of non-exhaustive internal software services: | ||
*Network traffic services: | *Network traffic services: | ||
- | **[[wikipedia:OSI model|OSI layer]] 2 interconnection - [[wikipedia:Ethernet|ethernet]] [[wikipedia:Ethernet address|address]] routing; '''bridge''' | + | **[[wikipedia:OSI model|OSI layer]] 2 interconnection - [[wikipedia:Ethernet|ethernet]] [[wikipedia:Ethernet address|address]] routing; a (software) '''[[wikipedia:Bridging (networking)|bridge]]''' or '''[[wikipedia:Network switch|switch]]''' - Definition: A two port switch is a bridge - a traditional [[wikipedia:Bridge|bridge]] has two ends - not three or more ;-). |
- | **OSI layer 3 interconnection - [[wikipedia:Internet_Protocol|ip]] [[wikipedia:IP address|address]] routing; a ''' | + | **OSI layer 3 interconnection - [[wikipedia:Internet_Protocol|ip]] [[wikipedia:IP address|address]] routing; a (software) '''[[wikipedia:Router|router]]''' |
- | **OSI layer 2- | + | **OSI layer 2 interconnection and 2-4 moderation, ethernet '''transparent/bridging firewall''' |
- | **OSI layer | + | **OSI layer 3 interconnection and 2-4 moderation; ip '''packet filtering firewall''' |
+ | **Please note that the (above) (DD-WRT) [[firewall]] normally inspects higher OSI layers. Iptables can refer to modules that can do that: | ||
+ | ***OSI layer 2-4 moderation; ip '''statefull firewall''' | ||
+ | ***OSI layer 2-7 moderation; '''[[wikipedia:Application_firewall#Network-based_application_firewalls|proxying/application]]/[[wikipedia:Deep packet inspection|deep packet inspection]] firewall''' | ||
**[[Quality of Service]] | **[[Quality of Service]] | ||
- | **[[:Category:NAT]] | + | **[[:Category:NAT|NAT - Network Address Translation]] |
**[[Transparent web proxy]] | **[[Transparent web proxy]] | ||
*(Inter)network client or server services: | *(Inter)network client or server services: | ||
- | **[[:Category:Tunneling]] | + | **[[:Category:Tunneling|Tunneling]] |
- | **[[:Category:PPPOE]] | + | **[[:Category:PPPOE|PPPoE]] |
*Network related server services: | *Network related server services: | ||
- | **[[:Category:DHCP]] | + | **[[:Category:DHCP|DHCP server, client]] |
- | **[[:Category:DNS]] | + | **[[:Category:DNS|DNS server]] |
*Management server services: | *Management server services: | ||
**[[Telnet/SSH and the Command Line|Telnet and SSH]] | **[[Telnet/SSH and the Command Line|Telnet and SSH]] | ||
**[[Web interface]] via the [[WEB server]] | **[[Web interface]] via the [[WEB server]] | ||
- | **[[:Category:Monitoring]] | + | **[[:Category:Monitoring|Monitoring]] |
*Other server services: | *Other server services: | ||
- | **[[:Category:FTP]] | + | **[[:Category:FTP|FTP]] |
**[[Printer Sharing]] | **[[Printer Sharing]] | ||
- | The software network services is connected by you, to physical or logical [[:Category:Interfaces|network interface]]. The interfaces might be a: | + | ===Software network interfaces=== |
+ | The software network services is connected by you, to physical or logical [[:Category:Interfaces|network interface]]s. The interfaces might be a: | ||
*physical interfaces might be labelled eth0, eth1... | *physical interfaces might be labelled eth0, eth1... | ||
*logical might be a bridge (=[[:Category:switch|switch]]) labelled br0, br1... | *logical might be a bridge (=[[:Category:switch|switch]]) labelled br0, br1... | ||
Line 38: | Line 51: | ||
* imq0,1 - [http://lartc.org/howto/lartc.imq.html QOS device] or [http://www.linuximq.net IMQ Device] | * imq0,1 - [http://lartc.org/howto/lartc.imq.html QOS device] or [http://www.linuximq.net IMQ Device] | ||
- | [[Image:Ddwrtlogicview.jpg|thumb| | + | [[Image:Ddwrtlogicview.jpg|thumb|652px|The [[default internal device networks]] in a non-802.11n network device - specifically the [[Factory_Defaults|default]] configuration of a DD-WRT V23-SP2 firmware on a Linksys WRT54G v2. In a network device containing a 802.11n wireless access point the internal numbering of ports, bridges and vlans are different.]] |
+ | |||
+ | .<!-- do not remove point --> | ||
+ | |||
+ | ==Examples of changed internal network== | ||
+ | There are examples of how to move the wireless acces point on a separate vlan, so it can be separately firewalled: | ||
+ | *[[Separate LAN and WLAN]] (GUI) | ||
+ | *[[V24: WLAN separate from LAN, with independent DHCP]] | ||
+ | *[[WLAN separate from LAN, with independent dhcp, etc]] | ||
+ | |||
+ | There are examples of how to assign a wired LAN port to some vlan different from the rest of the LAN ports: | ||
+ | *[[VLAN Detached Networks (Separate Networks With Internet Access)]] | ||
+ | *[[VLAN Detached Networks (Separate Networks With Internet)]] | ||
+ | |||
+ | There are examples of how to have more than one ssid on the wireless acces point: | ||
+ | *[[Multiple WLANs]] | ||
+ | *[[Dual SSID isolated]] | ||
+ | |||
+ | Combinations of the above: | ||
+ | *[[VLAN Detached Networks each with Wireless and Internet]] | ||
+ | *[[Dual SSID one for public network]] | ||
[[Category:Internal device networks| ]] | [[Category:Internal device networks| ]] | ||
+ | [[Category:Documentation]] |
Revision as of 04:14, 20 June 2012
Your network device (commonly referred to as a "router") has an internal network. The internal network connects the internal physical(=hardware):
- switch
- wireless access point
with the:
- network processors default internal device network and services.
Contents |
Modifying internal network
Via the user interface you can modify how the hardware is logically interconnected with each other and with your software services.
- Note: It is easy to lock yourself out of your network device and if/when this happens (use the waiting time checking the PC's ip settings - try release/renew the dhcp lease if not ok):
- First: Wait some minutes - it might just be a temporary glitz.
- Second: Try to restart the device, because it might just be a device service that need to be restarted.
- Last resort: Restore to the firmware defaults by resetting the device.
Internal network services
The software services are serviced by the network processor (ARM, MIPS...). Please note that the possibilities are limited by the software implementation and hardware.
List of non-exhaustive internal software services:
- Network traffic services:
- OSI layer 2 interconnection - ethernet address routing; a (software) bridge or switch - Definition: A two port switch is a bridge - a traditional bridge has two ends - not three or more ;-).
- OSI layer 3 interconnection - ip address routing; a (software) router
- OSI layer 2 interconnection and 2-4 moderation, ethernet transparent/bridging firewall
- OSI layer 3 interconnection and 2-4 moderation; ip packet filtering firewall
- Please note that the (above) (DD-WRT) firewall normally inspects higher OSI layers. Iptables can refer to modules that can do that:
- OSI layer 2-4 moderation; ip statefull firewall
- OSI layer 2-7 moderation; proxying/application/deep packet inspection firewall
- Quality of Service
- NAT - Network Address Translation
- Transparent web proxy
- (Inter)network client or server services:
- Network related server services:
- Management server services:
- Other server services:
Software network interfaces
The software network services is connected by you, to physical or logical network interfaces. The interfaces might be a:
- physical interfaces might be labelled eth0, eth1...
- logical might be a bridge (=switch) labelled br0, br1...
- logical vlan labelled vlan0, vlan1....
and maybe:
- teql0 - load sharing device I believe this is used for the "Link Aggregation on Ports 3 & 4" option on the Setup/Vlans page.
- imq0,1 - QOS device or IMQ Device
.
Examples of changed internal network
There are examples of how to move the wireless acces point on a separate vlan, so it can be separately firewalled:
- Separate LAN and WLAN (GUI)
- V24: WLAN separate from LAN, with independent DHCP
- WLAN separate from LAN, with independent dhcp, etc
There are examples of how to assign a wired LAN port to some vlan different from the rest of the LAN ports:
- VLAN Detached Networks (Separate Networks With Internet Access)
- VLAN Detached Networks (Separate Networks With Internet)
There are examples of how to have more than one ssid on the wireless acces point:
Combinations of the above: