Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[MrC]

When the DIR-855 is configured to act only as an access point, the unit will not allow entry of an IP address on the LAN, but outside what it considers the LAN.

In AP mode (eg. UPNP and DHCP server disabled, no use of WAN port, static IP for unit), the system cannot know about other LAN routers or the network topology of the LAN, and therefore cannot determine which IPs are LAN vs. WAN.

In my case, I have another router that provides multiple LAN networks (eg. 192.168.10.0/24 and 192.168.20.0/24).  If the unit is on the 192.168.10 network, it will not allow configuration to log to a syslog server on the 192.168.20 network.

In LAN mode, the system allow any IP to be entered as a syslog server, and just place the packets on the wire for the other router to handle.

[Lycan]

Thats because there is no LAN mode. All you're doing is disabling the DHCP server. That router is still a router. The reason it ACTS like an AP is because the LAN interface is still on your subnet, so when your DHCP server offers itself as the gateway the switch in the 855 will pass the traffic. The 855 should be able to create LAN to LAN routes, create one to the other network, however this will allow ALL traffic to be bridged in this manner.

[MrC]

I understand there is no "LAN" mode - it was just a term I used based upon the unit's user guide terminology.   The UG indicates that if there are other routers on the LAN, it must be configured a certain way (thereby implying that it will behave accordingly, and actually pass traffic to those routers - otherwise, what's the purpose!).

The bottom line is that as a switch, the unit should not be deciding that remote networks are on/off the LAN.  It allows traffic to pass for publicly routable (eg. none RFC 1918) addresses, but is making the incorrect assumption that it controls the entire RFC 1918 space.  With no connection to the WAN port, it needs to act more like a switch (or bridge), since by definition it is not routing between interfaces on different networks.

This may also be the root of its failure to send logs via email to SMTP servers on the LAN (where it *does* accept an RFC 1918 address in its configuration but silently fails).

[Lycan]

The SYSlog is programmed to output to the subnet that the switch is set to. As for the switch passing traffic for a subnet other then it's own, this is proved when you put the switch on the 20 network as pass traffic when it's own IP is in the .10 network.

[Lycan]

syslog and email settings are TWO different things.
 Maybe I'm missing something, but the syslog is for a SYSLOG server like Kiwi. The email settings will ONLY traverse the WAN.

[MrC]

The SYSlog is programmed to output to the subnet that the switch is set to. As for the switch passing traffic for a subnet other then it's own, this is proved when you put the switch on the 20 network as pass traffic when it's own IP is in the .10 network.

As you know, switches don't know subnets!  They are layer 2 devices.

I know it can pass traffic to the 20 network - but it fails to allow configuration of a syslog server for which it can clearly pass traffic.  Perhaps the engineers were trying to prevent syslog UDP traffic onto the public Internet, and are assuming certain subnetting (incorrectly) about a 192.168.x.0/24 network.

[MrC]

syslog and email settings are TWO different things.
 Maybe I'm missing something, but the syslog is for a SYSLOG server like Kiwi. The email settings will ONLY traverse the WAN.

Understood.  I've been using syslog and SMTP mail for > 25 years.

My syslog server is a NetBSD system in my DMZ, which from the DIR-855's perspective, is just another node to be accessed via the router(gateway) connected to the DIR-855.

Why should/does the DIR-855 restrict email traffic to a WAN?  This restriction makes no sense.

[Lycan]

1) It's designed that way because it's not a business class device. It's intended for a home network to be connected to a WAN network.

2) It's not your CORE router, it's the 855, it doesn't have a route to your DMZ network Subnet. use the routing option and create a route to that subnet and all will be well.

[MrC]

2) It's not your CORE router, it's the 855, it doesn't have a route to your DMZ network Subnet. use the routing option and create a route to that subnet and all will be well.

No, you can't.  You can only route via the WAN interface.