4. Some possible network configurations

4.1. Keep your old router and append the Aspire inside, providing two additional wireless networks. Configuration (a.).

In this configuration the Ethernet port of the Aspire is connected directly to "SRX 200". This solves the problem of Aspire having only one Ethernet port. Two Ethernet ports required are one for the Internet link the other for the internal switch to provide Internet access to Ethernet connected computers. The two wireless networks are NAT'ed to the 192.168.1.55 IP address. The reason for this is not only to put ssid "Welcome" in a separate network and simplify firewalling, but also to resolve some NAT and routing problems. First the devices in 192.168.1.0/24 must have a route to 192.168.11.0/24. I had no problem adding routes within Linux and Solaris, but my network printer simply has no such thing as a routing table in its web interface. Second, appending the route in "SRX 200" is not a problem, but "SRX 200" refuses to NAT any other network than the one connected to its interface. This is probably solvable by sub-networking its network, but I think the next configurations (b.) and (c.) are better solutions. Even with all its disadvantages, I think this configuration is the best starting point as it will not cause any disruptions or changes in your current setup until all configurations on Aspire are done and tested; then it can easily be converted to any other.

4.2. Using only Aspire as AP. Configuration (b.).

This configuration is setting you free from any later worries and is the optimal variant, but there is a price to pay. Since the Aspire has only one Ethernet adapter you have to append a second one. There are two solutions. The first one "shown on the picture" is to use an intelligent or managed switch to VLAN the eth0. The second one is to use a USB to Ethernet adapter, to convert one of the USB ports to Ethernet. The drawback of the switch solution is that it is much more expensive, though it has the advantage of speed, stability and simplicity. The USB to Ethernet adapter is much cheaper, but it comes with a doubtful Linux driver support and uncertain speed and reliability. There is one more small detail to mention: depending what kind of Internet connection you have there will be different setups for the uplink adapter. If you use a cable connection than it simply has to be on DHCP. In the case of ADSL (my case) you will need to configure a PPPoE. On Slackware you simply have to run a pppoe-setup script.

4.3. Bridging between the two private networks and NATing only "Welcome" public network. Configuration (c.).

In this configuration the interfaces eth0 and wlan0 are bridged. The network 192.168.1.0/24 can be accessed either through "kristo" or "Acer_A1" ssid. The DHCP server on the Aspire is bind only to the wlan0_0 interface. NAT to 192.168.1.55 is only done for 172.17.0.0/16. The computers assessing the 192.168.1.0/24 network through ssid "Acer_A1" are getting IP addresses from the DHCP server on "SRX 200". Other solutions will be available if the DHCP server on "SRX 200" was more manageable. For example, instead of bridging the two parts of 192.168.1.0/24, it will be more elegant to subnet 192.168.1.0/24 and setup a DHCP helper for the part in ssid "Acer_A1".

This configuration has two advantages. The first is that it avoids both, the routing problem of the solution (a.) and the consequent NAT'ing of the "Acer_A1". Second, it allows the Aspire to be turned off while networking remains through your old router. If you can't afford to dedicate your Aspire as AP, this is the best configuration. It provides a stable network when you do not need the Aspire and allows you to disconnect the Aspire from the network for personal use, while preserving a functional network.