Re: Simple Question About NAT Routers

oh_cmon_thats_bullshit_at_yahoo.com
Date: 02/07/05 

Date: 6 Feb 2005 17:04:31 -0800

prg wrote:
> oh_cmon_thats_bull***@yahoo.com wrote:
> > This is not specific to Linux, but there seem to be more smart
people
> > here than in all the Windows groups put together<;)
> >
> > I have a static IP Address which is listed below. My setup behind
an
> > SMC7004 NAT Router was as follows:
> >
> > IP Address: XXX.YYY.154.163
> > Subnet Mask: 255.255.255.0
> > GateWay: XXX.YYY.152.ZZZ
>
> Then your wan (ISP) side was on one subnet and your lan side on
> another. x.x.154.x/24 is a different net from x.x.152.x/24.
>
> > Domain: AAA.BBB.64.222, AAA.BBB.64.223
>
> Doesn't reveal anything without the netmask and leading IP octets.
Are
> these DNS servers, btw?
>
> > The SMC wanted you to access him at 192.168.123.1
>
> This was the admin interface address.
>
> > I then routed Port 80 to 192.168.123.254 which was a Linux
webserver
> > which had been assigned that IP address.
>
> So this address space was a private lan.
>
> > Ok, I decide to replace the aging SMC7004 and buy a NETGEAR WGT624
> > (probably my first mistake) which wants to be accessed on
> 192.168.0.1.
>
> Many use different addresses for admin access. My SurfBoad CM uses
> 192.168.0.1. The other day someone had to use something like
> 192.168.0.24 to access the admin interface on a Linksys, IIRC.
>
> > So, I change the web servers IP to 192.168.0.200 and begin to
> configure
> > the router using *the* *same* *exact* *parameters* as listed above.
>
> May or (more likely) may not be appropriate with the new gear.
>
> > However it will not let me enter the Gateway address because its
not
> > the same at the third level.
>
> No idea about "third level" -- I don't play video games;-)
>
> > It wants something in the 66.114.154.xxx
>
> This is a _public_ IP address space, evidently from your ISP:
> Lookup 66.114.154.0 (unresolved) in 20+9 Zones
> AS: 66.114.128.0/19 AS18530 ISOMEDIA, Inc. Redmond/Washington
> Net 66.114.128-159 PIA-BLK-1 Oak Harbor, Washington @pioneernet.net
>
> > range. So, I have to let it pick its own and therein must lie the
> > problem I am guessing.
>
> Sounds like your new gear is acting as a DHCP relay so that when you
> boot, ask for an address/net params, it passes the request upstream
and
> the reponse back to your host. It may be doing this without your
host
> making an explicit request as some sort of default behavior -- very
> common for wireless setups.
>
> You probably can over ride it with something in the admin page.
>
> > Not what is odd is that I get Internet service just fine (The WWW
> that
> > is) but I cannot ping myself?
>
> $ ping 127.0.0.1
> $ ping you.rIP.add.res < your IP address
> $ ping you.rho.stn.ame < your host name
> $ ping gw.ip.add.res
> $ ping dns.svr.add.res
> $ ping yahoo.com
>
> > I have gone to www.whatismyip.com and it
> > says I am at the address I am trying to ping. Therefore, when I go
> to
> > find my website via the Internet, it cannot be found via
> > 66.114.154.AAA.
>
> The Netgear (wan/ISP side) may have the only address that's entered
> into the DNS server. Depends on your ISP and _maybe_ the Netgear
> setup.
>
> > I have had DSL since the early days and at that time Verizon
provided
> > the signal and a small company that has since become Isomedia
> provides
> > the ISP service. So, I call the ISP and the guy says I am NOT
static
> > IP which is a bold faced lie.
>
> Well, it's easy eough for him to check and that seems to be the
"kind"
> of account you have. Explains why your address changed(?) when you
> changed your gear -- it is booting up with a different MAC address
from
> the old SMC.
>
> You may have been issued a DHCP fixed-address that rarely (if ever)
> changes with normal use. You may need to register your new Netgear
MAC
> to get a "real" static IP.
>
> > I prefaced the call by saying I was
> > having trouble setting up my NAT router configuration, so he
probably
> > had lots of reasons not to talk to me, but still I am paying $32 to
> > Verizon and 17.50 to Isomedia, so if I lose my static IP over this,
> so
> > be it, the wesites are not high traffic and if my DSL drops to $30
a
> > month, I can probably manage with a dynamic IP.
>
> It can be a good idea for low traffic users to "back up" even a
static
> IP with a DNS entry at dyndns.org -- just in case the ISP changes its
> mind ;-)
>
> > But I really want to know:
> >
> > 1. Why would SMC allow me to configure that way and not the new
> > NETGEAR router?
>
> See above and look closely at the user guides/spec sheets.
>
> > 2. Could my ISP just give me a different gateway address in the
same
> > range? Unless none were available I suppose.....
>
> Uhh? Your GW address _must_ be on the same net as your wan/ISP
> interface for reachability. Other than that, no ISP will/can cater
to
> any additional customer needs re: GW address.
>
> > 3. Why can't I ping myself?
>
> See above ping tests. You should be able to ping your own IP
address,
> both 127.x and the IP assigned to your nic at the very least.
>
> Pinging your host name can fail for a number of reasons -- all
relating
> to name resolution and where the hostname is "entered". Doubtful
that
> you have a DNS record for a name you selected unless you explicitly
> paid for it. The dynamic name typically generated by ISPs is ***
ugly
> + and all but useless. Harder to use than just your IP address.
>
> Double check your setup and the user guides, run through the ping
> tests, and if you still have problems, post the command line and
output
> of each ping test. Also include ifconfig -a output and output of
route
> -n of your Linux host and the IP of your Netgear's wan/ISP interface
> and (any?) lan side ports/interfaces.
>
> Confirm that the Netgear is a true router and not just a "bridging
> router" or "router/switch". A true router will have IPs assigned to
> the lan ports themselves (and can eat up public IPs if you're not
> carefull) and not just to the attached host (which would indicate a
> switch).
>
> hth,.
> prg
> email above disabled

I just wanted to say that this is not as complicated as what the
previous poster seems to imply. I have an IP address and I am sure
that it was a static IP at 66.114.154.236 and so I have configured my
new Netgear router *exactly* the same as what was on the old SMC
router, *except* the Netgear won't let me choose a different subnet for
the Gateway parameter. That is on the Gateway I need to be set to
66.114.152.1 and the router will *NOT* take 152 for the third position
because it doesn't match the 154 in the IP Address. The DNS servers
listed above also belong to my ISP.

There must be a reason for this, but I can't imagine why?

BTW, the Linux box is configured correctly and answers quite nicely to
192.168.0.200. I am able to collect email, ssh, some trouble with ftp
that I need to look into, but the website comes up fine.

I am a little baffled by what the previous poster is saying, and I'm
obviously weak on DNS and networking compared to others, but crimony
there's only 5 parameters from the ISP and port forwarding seems pretty
straightforward.

I just don't get it...

Loading