Talk: Wi-Fi on a Boat

Welcome to the Wi-Fi on a Boat discussion forum!

Please use the + tab (above) or click here to create a new section, give it a descriptive subject/headline, and sign all posts with --~~~~

Thanks!

Two IP addresses[]

This is a great article. Can't you avoid the problem of needing 2 IP addresses for the onboard PC by installing an onboard AP/router like the Linksys WRT54G, and then connecting it's WAN port to the Bridge? This seems to work for me using an EnGenius 3220 bridge - or am I missing something? --John Howell 09:04, 7 April 2007

Thank you.

The problem of needing two IP addresses on the PC is due to:

1. IP address assigned by DHCP for access to the Internet.
2. IP address needed for management of a wireless Ethernet (client) bridge (e.g., EnGenius 3220) that won't necessarily be on the same subnet as IP #1. This could be avoided if the wireless Ethernet (client) bridge were smart enough to obtain its LAN management IP address from the remote DHCP server (and would thus be on the same subnet as the address assigned to the PC), but I don't know of any such devices that are smart enough to do that.

If you're using the WRT54G as a:

1. Router, then what you're doing is "double NAT", NAT #1 being the remote router and NAT #2 being your WRT54G, which will get a private IP address from the remote DHCP server, and assign its own private address to the PC. That usually works, but can cause Internet access problems, so I don't recommend it.
2. Wireless access point (as suggested in this article, configured thusly), then the WRT54G needs no IP address (except for management) and the PC gets its IP address from the remote DHCP server.

Either way you have the problem of how to access the LAN management port of the EnGenius 3220 bridge (e.g., to select the Wi-Fi network you wish to connect to). If in config #2, for example, the remote DHCP server assigns the PC the address 192.168.1.102, gateway 192.168.1.1, and subnet mask 255.255.255.0, and if the LAN management port is (say) 192.168.0.240 (and no other appropriate IP address is available to the PC), then the PC will be unable to access the LAN management port of the wireless Ethernet (client) bridge.

For the LAN management port to be on the same subnet as the PC, you either need to have a wireless Ethernet (client) bridge smart enough to get that address from the remote DHCP server, be lucky enough to just have them match, or configure it manually to match.

Is the LAN management port of the EnGenius 3220 bridge being assigned an IP address by the remote DHCP server, or is it assigned manually?

--John Navas 17:29, 7 April 2007 (UTC)

Thanks for the in-depth reply.

To answer your question, the LAN management port of the EnGenius 3220 bridge is assigned manually, in this case - 192.168.2.2. The EnGenius 3220 bridge provides the option to obtain an IP address from a DHCP server, but it seems it will only grab one from the local Linksys WRT54G router/AP and not from the remote network we are bridging to, therfore apparently not solving the problem you point out.

I have the WRT54G is setup as a Router, as you describe above. And I think I was in the 'lucky enough to have them match' situation leading me to believe that a PC attached to the Linksys WRT54G would be able to always communicate to the bridge connected to the Linksys' WAN port without having to change the IP address of the PC. I tried changing the address on the 3220 to 192.168.3.1 and was not able to access it so that seems to prove your point.

What are the syptoms of the double NAT problem? I have not encountered that yet.

--John Howell 09:41, 8 April 2007

Double NAT can cause problems with applications that are sensitive to the contents of packets, including some older VPN and games. (Current versions generally work fine.) It also increases latency (delay) a bit, and increases risk of problems from weaknesses in router/NAT implementations/configurations. Thus in general it's better to avoid double NAT if possible, but usually not a problem when you can't.

In your case the only real need to use double NAT would be if (a) you had more than one wireless client needing Internet access and (b) the remote DHCP server would only hand out one IP address to you.

--John Navas 17:06, 8 April 2007 (UTC)

Thanks John. All of this still leaves me wanting a bit more from the article though. Some of us want to have a private LAN on the vessel that interconnects all of the onboard IP devices, and that when in port, will allow access to the Internet via a WiFi bridge. This seems quite a relevant topic, as the number of IP enabled devices that can be put on a boat is going up (multiple pc's, IP cameras, sensors, nav equipment, radios, etc.), thereby increasing the number of boats with onboard LANs. Managing and setting up an onboard LAN really is no different from any other LAN in most respects, but I think it would be very helpful if the article (perhaps in the section titled 'Managing A Wireless Ethernet Bridge') suggested a configuration and procedure for using a bridge that is compatible with the idea that the devices using the bridge will be managed as part of the LAN. --John Howell 14:28, 10 April 2007 (UTC)

I'm starting a new topic for this. --John Navas 14:49, 10 April 2007 (UTC)

LAN on a boat[]

Some of us want to have a private LAN on the vessel that interconnects all of the onboard IP devices, and that when in port, will allow access to the Internet via a WiFi bridge. This seems quite a relevant topic, as the number of IP enabled devices that can be put on a boat is going up (multiple pc's, IP cameras, sensors, nav equipment, radios, etc.), thereby increasing the number of boats with onboard LANs. Managing and setting up an onboard LAN really is no different from any other LAN in most respects, but I think it would be very helpful if the article (perhaps in the section titled 'Managing A Wireless Ethernet Bridge') suggested a configuration and procedure for using a bridge that is compatible with the idea that the devices using the bridge will be managed as part of the LAN. --John Howell 14:28, 10 April 2007 (UTC)

When the boat has its own wireless access point (or wired hub or switch), and multiple IP addresses are handed out by a remote DHCP server, then all of those IP address will be on the same subnet, and thus are part of a LAN. It won't necessarily be a private LAN -- unless the remote wireless access point implements wireless-to-wireless isolation (which many do not), all boats will be on the same LAN, and should take precautions accordingly. If you want your own private LAN, and one that works even when not connected to remote Wi-Fi, then use "double NAT" with a local wireless router instead of a local wireless access point, as you are now doing. (For a wired setup on the boat, that would be a wired router instead of a hub or switch.) --John Navas 14:49, 10 April 2007 (UTC)

See new section LAN on a boat. --John Navas 16:12, 10 April 2007 (UTC)

So if you want an onboard private LAN should the WiFi bridge be given a fixed IP address in the same range as the other devices on the private LAN? What physical port on the local wireless router should the bridge be plugged into so you can both manage the bridge (in order to find/connect to a new shore based WiFiISP) and also so you can use the Internet once it is all connected? Many thanks. --John Howell 19:23, 10 April 2007 (UTC)

How the wireless Ethernet (client) bridge is set up doesn't affect privacy, only management convenience. The crude management solution is to set a fake non-conflicting public IP address on the LAN management port of the wireless Ethernet (client) bridge, which your local wireless router will automatically forward to its WAN port (since it's not a local or private address). The better alternative, if supported by your local wireless router, is to configure a manual route from LAN to WAN for a (RFC 1918) private IP address on the LAN management port. (The wireless router shouldn't be forwarding private addresses without a manual route.) Does that help? --John Navas 19:53, 10 April 2007 (UTC)