NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Using a Static IP Address on a Raspberry Pi Connected to my Nighthawk Router
Hi, I have a couple of Raspberry Pis connected to my Home Network which is provided by my Netgear Router. Ideally I want to set up a static IP Address for each of these Pis, but I cannot make th...
schumaku wrote:So t the end of the day, what went wrong and broke the Pi <-> D7800 connection and the Internet connection finally?
The router was unaware of the presence of the Webserver, so didn't route Google traffic when I was trying to use the Static IP.
The reason I am doing all this is because I am stuck at home in shielding and we have an extensive private network at our local Model Town which is used to control around 20 Pi based devices which measure water levels, operate pumps and open valves in the model river system. Owing to lockdown we are unable to get to the site to monitor this or take readings.
The two Raspberry Pis in question are both Pi3s but the remaining Pis are all Zeros. One of the Pi3s has been in place for three years and is running a Captive Portal and Webserver. This needs two Ethernet ports; eth0 connected to the Pis network on 192.168.0.* and eth1 connected to the Model Town's Office Router on 192.168.1.*, (Yes that is the IP Range of my Nighthawk. I set it that way because that is the IP Range of the Office Router and the Pis subnet was the same as the Nighthawk subnet.)
To get round the problems of lockdown (Most of us are in shielding) we are installing a VPN Server which I am testing at home using a subset of the Model Town's hardware. I want static IP Addresses for the Webserver and VPN Server because the VPN Server needs both ports to be static and the Webserver is easier to test while I am developing the system here at home.
> [...] One of the Pi3s has been in place for three years and is running
> a Captive Portal and Webserver. [...]
I don't know what "Captive Portal" means to you, but I may not need
to.
> [...] This needs two Ethernet ports; eth0 connected to the Pis network
> [...]
You lost me. To make sense of this, I'd need a map showing what's
connected to what, including which IP addresses are used on which LAN
segments. So far, I'm not even sure how many routers you have. Or
where the Internet connection appears.
> [...] we are installing a VPN Server [...]
I know nothing about that, either. (Or VPNs, in general, for that
matter.)
The one piece of "/etc/dhcpcd.conf" which you exhibited looked ok to
me. If you're having trouble getting to the Internet that way, then I'd
worry more about the router configuration and the routes on the R-Pi
than on its basic IP configuration. Possibly interesting:
ifconfig
netstat -rn
Typically, if you're using multiple subnets, then someone needs more
routing info than a simple default route/gateway. Your main router, for
example.
> [...] AFAIK the subnet mask is defined by the /24 in the declaration.
Yes, as I said.
antinode wrote:I don't know what "Captive Portal" means to you, but I may not need to.
You lost me. To make sense of this, I'd need a map showing what's connected to what, including which IP addresses are used on which LAN segments. So far, I'm not even sure how many routers you have. Or where the Internet connection appears.
I know nothing about that, either. (Or VPNs, in general, for that matter.)
Typically, if you're using multiple subnets, then someone needs more routing info than a simple default route/gateway. Your main router, for example.
A Captive Portal is a software tool that directs Visitors logging on to a WiFi Network at an attraction and directs their device to particular content. It uses iptables to restrict or allow access to the Internet and yes, it does it by using routing tables.
Similarly, a VPN Server uses iptables to route traffic (amongst other things) and also is more than 'just any old Pi'. Many VPN Servers work by taking encrypted traffic off the Internet (via the Router) and then putting the clear traffic back out onto the same network. However, this won't work when the two networks are on different subnets, so the server has two Ethernet ports.
Whilst I appreciate your advice, don't you think you might be getting a little patronising? I asked one very clear question; how to set up a static IP Address when the Pi is connected to a Netgear Router. Having a diagram showing how I'm using the other side of the Pis, complete with IP Addresses is pretty irrelevant I would have thought and the fact that you know nothing about Captive Portals or VPNs doesn't help.
I'm still struggling with this. If I make no attempt to reserve the address that the Router has allocated to my Webserver Pi and disable the static IP Address configuration in dhcpcd.conf, then my Captive Portal software works. (It relies on accessing the Internet via a few ports to 'fool' Android phones into thinking that they are not in a Walled Garden, even though they are.) However, I can't even reserve that address in the Netgear Address Reservation page, because the device never appears in the list .
I've put the VPN Server config to one side for the moment, but will pick it up again shortly because I suspect that the plethora of blocked ports on the Webserver may be confusing the Router. Is this possible?
Breaking this discussion down into two issues I think I have read about on this D7800 (firmware version unknown, ISP/WAN encapsulation unknown [because we know this can make a differences on Netgear's famous routers]):
- The D7800 does not accept a wirless client with a client side static configured IP (address from the subnet, correct default gateway/router IP, mask matching) to reach the Internet.
At that stage, the wireless client dos also not show up in the attached devices. [Why should it? There was no DHCP nor any Internet traffic, and the ARP request can be answered from any other IP stack on the wireless or on the wired LAN].
Unanswered is the most simple test: Ping the router LAN IP from the Pi. Ideally, capture the wlan0 interface traffic while doing this so we can see if there is anything from the other side coming back, like ARP replies, ping, ... Ideally, try the ping test from the router while capturing the Pi wlan0 interface, too. If this does success, while capturing the Pi wlan0 traffic, try e.g an ssh or ftp access ot, and from the Pi. Potentially there is a problem on the Pi firewall (iptables etc.) config, or the traffic does flow into the concurrently installed and configured VPN default gateway.
Can't see that is should matter if the static Pi IP is in the router DHCP pool (IP address range) or not - organisationally I would add a reservation for that MAC-LAN IP pair at least.
Does the Pi connect to the D7800 primary or the guest network? Wireless isolation on the guest network or whatever other oddities might lead to issues. - The D7800 LAN config does not (or more specifically no longer) allow to change an already assigned IP address in the MAC-IP reservation table to be changed for a further BOOTP/DHCP assignment.
Does the D7800 allow manually entering a MAC-IP pair in the LAN DHCP reservation table (Pi deassociated, worst case following a router reboot to forget about the PI wlan0 BSSID (MAC)) instead of picking and editing the dynamic entry from the DHCP table?
PS. Does anybody want to hear why I try to avoid Netgear's consumer routers where ever possible?
- The D7800 does not accept a wirless client with a client side static configured IP (address from the subnet, correct default gateway/router IP, mask matching) to reach the Internet.
