Network Setup Discoveries

Nick were you expecting to have the Airports giving out 10.x.x.x addresses rather than the 192.168.x.x addresses?  I would have thought you'd be seeing the typical Apple 10.x.x.x addresses; have you looked in your Airport Utility app to see if perhaps the Airports are set to use the 192.168 ranges?  I'm not sure that it's your DSL router that's causing this -- it might just be an Airport Utility setup thing.

Hi, Bart,

I tried what you are suggesting, turning on NAT on Extreme #1, and letting it serve addresses in the 10.xxx.xxx.xxx range, but the Apple AirPort Setup Utility complains that I have created a redundant subnet, double-NAT.  My only subnet is now defined at the DSL router, which I guess is fine.  What is new to me is serving addresses from a different node than the gateway.

Thank you for the suggestion.

Nick

I'm not sure if this could help you, but with an Airport Extreme you can tell it to share the external IP address your DSL router gets. Then you can distribute 10.0.0.x addresses (or any network that doesn't overlap with the 192.168.0.x) with your network.

In the Airport Utility, select your Airport Extreme, than click on 'Manual Configuration', then on the 'Internet' icon on top. In the 'Internet connection' tab (the first one) the 3rd (and last) parameter is something like 'Share connection' and you can set it to something like 'Share a public IP address'. This avoids the 'double NAT' complaint. In the next 'TCP/IP' tab, your Airport Extreme must get its IP address from DHCP, ant it then gets the router external IP address. You set the DHCP server of the Airport Extreme in the 3rd tab 'DHCP'.

Sorry if I'm not clear enough !?

HTH

Maurice

I've tried various flavors of this, but have reverted to just letting the home router handle DHCP, and I set the Time Capsule (which is just an Airport Extreme + hard drive) in the "router off (bridge)" mode. 

I *do* let the Time Capsule which is hard wired to my switch and then to the router handle the wifi.  Wifi is off on the home router. Another Airport Extreme, in a different part of the house, is set up to "extend" the wireless network.  I get very fast wifi speeds from both, and never have problems with the iPhones or iPads connecting to the uServe or NDS with the Naim apps.

Hi Bart, yes that works too. Historically my Airport Extreme was here first so...

I did not find a way to use it as a "normal" router, so I can have a kind of small DMZ between the Airport Extreme and the Internet router. I guess it's not the way it is intended to work, as Nick noted in this case you get the 'double NAT' problem. But I haven't really dug the problem.

I would expect your #1 to act as a bridge (with DHCP)  to the DSL router and not act as a router itself too, esp. since the DSL router is on the same (internal) subnet as is the #1.

I can imagine a router doesn't like to have the same subnet internally and externally, because that defies the function of a router.

-

Aleg

Nick,

I would recommend you use the DHCP on your internet router. Given what you are expieriencing and just set both the Airport Expresses to bridge mode in "Connection Sharing" option on the express config. DHCP implementations can vary and it is quite possible even though the router DHCP is off its telling other DHCP servers that it owns the addresses when the the other DHCP tries to use them. (You could reduce the DHCP range on the router as an experiment - but perhaps best just use that DHCP and express in bridge mode).

You definitely shouldnt double NAT and certainly the point about resdistributing another subnet is  flawed as the Aixpress and your internet router would need to support routing protocols (i don't beleive the Express does - there is certainly noo option to setup RP)  to work and the setup is complex and care needs to set up with the use of multicast.

Just don't go there unless you really know what you are doing. Keep it simple - use a single subnet. Just chose which one it will be - a private class C is usually recommended for home LANs which is 192.168.X.X / 255.255.255.X. A private class A that Muarice suggests is a complete over kill that sometime Apple defaults to for some strange reason but is not supported by some consumer internet routers. A Class A is  10.X.X.X / 255.X.X.X.

However what I am curious about are the DNS settings - these are public Google DNS servers. I would have thought your ISP would have its own DNS for performance reasons and relay from Google.

However one of the DNS values as seen by your LAN ideally should be the same as the internet router inside (address on your LAN like 192.168.0.1) for best performance. (if your internet router supports it)

The best way to check this is in fact happneing is to look at the TCP settings that are returned in your windows or Apple product by DHCP and look at the address of the DNS.

Simon

Simon, I didn't not suggest to use 10.x.x.x as a Class A network. I barely suggested Nick could use a Class C 10.0.0.x/255.255.255.x subnet out of the Class A if he wanted to be sure to have different addresses from the ones its router provided, as Bart initially suggested. Never had a problem with this, but I never tried to use a Class A netmask.

Now the consensus seem to be to use the Airport Extreme as a bridge. As I said, the other way round works too, and when you mainly have Apple devices and simple needs, you may be fine with the convenience of the Airport Extreme. I certainely agree that the bridge mode is the way to go if you need more specific a configuration and if your Internet router can provide you with the options you need.

Thanks Maurice, but remember the class is set by the network address prefix  not the mask, and 10.X.X.X is always a class A irrespective of the subnets. Therefore my point being some consumer routers can only understand class C network address prefixes of 192.168.X.X - certainly in my experience.

Thank you Simon. I didn't know that and Apple devices certainely have no problem with this in my experience, but I shall be careful in the future.

In my very limited experiences, my Apple products (time capsule, airport extreme) when set up initially at home with Apple devices, have always given me the Class A-style 10.x.x.x addresses.  It would be interesting to understand why Apple does that. 

Thank you, Maurice, Bart, and Simon,

Setting both the Extremes to Bridged is where I began.  I only began to explore alternatives when IP conflicts arose.  There are only a couple of nodes I need to set statically which I have tried both by reserving the address within the DHCP range on the router, and by setting the static IP on the node outside of the DHCP range.  The conflicts arose in the DHCP range, and never involved my static or reserved nodes.

The other issue involved my Windows7 VM running under VMware Fusion on my wireless MBPro.  After recent updates to the Mac OS, Fusion, and Windows, Windows could no longer connect to the Internet via Bridged mode.  Advice on VMWare Support suggested that older routers may not work, and to try a different router.  I tried "re-birthing" the whole subnet at the DSL router by changing the subnet from 192.168.0.x to 192.168.1.x.  Flushed all, but still had the VMWare issue.  Setting up a double-NAT via Extreme #1 as a test fixed the issue with the VM.  Resolving the double-NAT by making Extreme #1 the DHCP server on the original subnet has me at a stable position.

There are too many variables to know for sure if one of the updates (or System corruption on the Mac caused thereby) is the root cause of my issues, but this is my prime suspect.  OTOH, maybe the DSL router is failing.  We are moving in a few months, so I hate to replace at this point.

Interesting about the DNS, Simon.  I'll try your suggestion.  I imagine this allows you to access a local cache for better performance.

I never knew about the potential issues using Class A, either.  Good to know, as I have used them interchangeably until now.

Happy New Year, all.  Long live the Forum.

Nick

Nick I was tring to follow the logic of the VMware work around.. Still can't see it but if it works then great, but I fear you will have a high chance of issues with NATing on your own internal LANs if you don't use forwarders etc which express I don't believe supports.. It will all depend what you are wanting to talk to each other either side of the NAT... I hope they fix your bug shortly and you can revert to a regular subnet which UPNP and Airpay devices prefer which will give you more reliable performance in the long run.

Btw if your DSL router was failing to route you would have no traffic to the Internet and vica versa and so assuming you have Internet traffic it's working fine. All any device needs to typically know is the address of the router (the default gateway typically) and then if any device want to send data off it's subnet it will always go to the default gateway ie the router to be forwarded or 'routed' off the LAN.

Simon

Simon,

In VMWare, you have the option to run the VM bridged or NATted.  Bridged works better from the shared resources perspective, but stopped working after an update.  Ill try to find the tech article that suggested not all DHCP servers support their Bridged mode.  It absolutely used to work fine.

Thanks again for your counsel.

Nick

From VMWare Support article:

6.  Change your adapter from NAT to Bridged, or vice-versa. If one selection works, and the other does not, then the problem is with your network and not with Fusion or your virtual machine. For example, if NAT works and Bridged doesn't, it would be because the router/network is configured not to assign two IPs for the same machine. For more information, seeUnderstanding networking types in VMware Fusion (1022264).

For me, indeed, NAT worked, Bridged no longer did.  The fact that this became an issue so suddenly makes me skeptical that the problem really is at the old, reliable router.  I find no such setting re assigning multiple addresses to the same machine on the router, nor on the Extreme.

Nick

Nick thanks, still can't see how it can be your router, your VMware is simply I believe setting up Mutiple MAC addresses (not to confuse with Apple Mac), one of which is physical (the ethernet adapter) and the others will be virtual (sometimes referred to as loop back addresses)  and each one will be associated to a specific IP address on your subnet and held in the routers/network devices  ARP tables. It still looks like a bug to me with your Apple Mac VMware bridging software... Your router won't careless, and it's DHCP will happily assign an IP address to any requesting MAC address whether virtual or not. On some managed switches you can lock or limit ports to MAC addresses for security to stop plugging switches or  other devices into switch ports and in which case the bridge won't work, but simple consumer switches don't know how to do this...so is unlikely to be the case here and even managed ones I have never seen this as default.

Simon

FWIW I agree with Simon. Can't see why it would be a problem on the router side, it's just like having 2 different network interfaces on the same machine, how would the DHCP server know, or care ?

I'm running VMware Fusion in NAT mode with no problem but I don't share anything from the VMware.

Update:  The old DSL modem must have been hanging by a thread; it died completely a couple of days ago.  A trip to Office Depot and $100 later, a new Linksys Cisco X2000 is now in service.  Network configs are all returned to what you would normally expect, with the X2000 serving all addresses on the network.

Back to sanity!

Nick