NAT Interface 192.168.1.x External 192.168.1.x Possible?

NAT Interface 192.168.1.x External 192.168.1.x Possible?

Post by David Traver » Thu, 26 Jul 2001 23:28:37



Is it possible to set-up an IP Masquerading router that has the following

Internal interface 192.168.1.x

External Interface 192.168.1.y

Our ISP assigns the IP address by DHCP and strangely they provide a
192.168.1.y address?

Note on certain circumstances both 192.1681.x and 192.168.1.y could be the
same

Both problems could this cause with NAT if any ?

 
 
 

NAT Interface 192.168.1.x External 192.168.1.x Possible?

Post by James Knot » Fri, 27 Jul 2001 01:57:59



> Is it possible to set-up an IP Masquerading router that has the following

> Internal interface 192.168.1.x

> External Interface 192.168.1.y

> Our ISP assigns the IP address by DHCP and strangely they provide a
> 192.168.1.y address?

> Note on certain circumstances both 192.1681.x and 192.168.1.y could be the
> same

> Both problems could this cause with NAT if any ?

You'd confuse your firewall with two networks with the same network
address.  It wouldn't know which way to route the packets.  It would be
better if you chose a different local address for your network.

--
Replies sent via e-mail to this address will be promptly ignored.


 
 
 

NAT Interface 192.168.1.x External 192.168.1.x Possible?

Post by Brian Lee Bower » Fri, 27 Jul 2001 02:20:53




> > Is it possible to set-up an IP Masquerading router that has the following

Just about anything is possible, the real question is:  is it worth the
pain?

Quote:> > Internal interface 192.168.1.x

> > External Interface 192.168.1.y

Directly:  no.  Indirectly:  maybe.

You would end up with a firewall/NAT that connects to your ISP, with a
second firewall/NAT that connects the first firewall to your internal
network.  I've never tried this (who would really want to!!) but it
should work in theory.

FW1 has two network interfaces.
        One gets an IP from the ISP by way of DHCP (192.168.1.X)
        Two gets a private IP (10.0.0.1 for example)
FW2 has two network interfaces.
        One gets an IP from the same private address space as FW1 interface Two
        Two gets an IP from your local network address space (192.168.1.X)

If you have a large local network using the private 192.168.1.X
addresses, this might be viable.  If you only have a few machines, it
might be less hassle just to choose a different set of private addresses
to use.

Quote:> > Our ISP assigns the IP address by DHCP and strangely they provide a
> > 192.168.1.y address?

Strange, or not so strange.  If this is a dial up connection, it seems
like a pretty good idea.  The ISP doesn't have to pay for a block of
globally routable IP addresses to serve its customers.  Should mean a
somewhat lower cost for your ISP's customers.

--
Brian Lee Bowers        |       RADIANT Team (Summer Intern)

 
 
 

NAT Interface 192.168.1.x External 192.168.1.x Possible?

Post by M. Buchenried » Fri, 27 Jul 2001 14:25:40



>Is it possible to set-up an IP Masquerading router that has the following
>Internal interface 192.168.1.x
>External Interface 192.168.1.y

Possible, yes. Whether it was a good solution is a different story.

Quote:>Our ISP assigns the IP address by DHCP and strangely they provide a
>192.168.1.y address?

They do NAT on their side because they don't have a big enough
class-C or class-B (sub)net assigned to them.

Quote:>Note on certain circumstances both 192.1681.x and 192.168.1.y could be the
>same

[...]

Worse and worse. Either get a different ISP, or setup the network
to not be conflicting with the IP addresses from your ISP's dialup
server (e.g., use 192.168.2.x for your LAN).

Michael
--

          Lumber Cartel Unit #456 (TINLC) & Official Netscum
    Note: If you want me to send you email, don't munge your address.

 
 
 

NAT Interface 192.168.1.x External 192.168.1.x Possible?

Post by Dean Thompso » Fri, 27 Jul 2001 15:35:47


Hi David,

Quote:> Is it possible to set-up an IP Masquerading router that has the following

> Internal interface 192.168.1.x

> External Interface 192.168.1.y

> Our ISP assigns the IP address by DHCP and strangely they provide a
> 192.168.1.y address?

You really want to avoid this.  If possible, you might like to put your
internal network on a different network range.  This range could be:
192.168.2.x.  That way you could have your private network be separate from
the external network which they are allocating to you.

You can IP Masq all the traffic to your gateway and then you could let your
ISP masq the traffic out.  A IP Masq on a IP Masq will work.  The bottom line
however, is to try and stay away with both networks being the same.  This will
confuse your routing table no end.

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+

 
 
 

NAT Interface 192.168.1.x External 192.168.1.x Possible?

Post by David » Wed, 01 Aug 2001 05:18:49


But there is no guarantees that NTL will not use 192.168.2.x

I have tried WinRoute and it seems to work.

Still trying to figure how to get LRP to work (doesn't seem to like 2 IP
addresses on 2 interfaces being the same).

--

|---------------------------------------------------|
| Anti-Spam - Please reply to address below          |

|---------------------------------------------------|

Quote:

> Hi David,

> > Is it possible to set-up an IP Masquerading router that has the
following

> > Internal interface 192.168.1.x

> > External Interface 192.168.1.y

> > Our ISP assigns the IP address by DHCP and strangely they provide a
> > 192.168.1.y address?

> You really want to avoid this.  If possible, you might like to put your
> internal network on a different network range.  This range could be:
> 192.168.2.x.  That way you could have your private network be separate
from
> the external network which they are allocating to you.

> You can IP Masq all the traffic to your gateway and then you could let
your
> ISP masq the traffic out.  A IP Masq on a IP Masq will work.  The bottom
line
> however, is to try and stay away with both networks being the same.  This
will
> confuse your routing table no end.

> See ya

> Dean Thompson

> --

+____________________________+____________________________________________+

|
> | Bach. Computing (Hons)     | ICQ     - 45191180
|
> | PhD Student                | Office  - <Off-Campus>
|
> | School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)
|
> | MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077
|
> | Melbourne, Australia       |
|

+----------------------------+--------------------------------------------+
 
 
 

NAT Interface 192.168.1.x External 192.168.1.x Possible?

Post by David » Wed, 01 Aug 2001 05:17:12


There NTL, one of the largest communications companies in the UK and Europe.

I thought it was strange that there using NAT as well.

How well does a NAT through NAT connection work (if you know what I mean)?

--

|---------------------------------------------------|
| Anti-Spam - Please reply to address below          |

|---------------------------------------------------|


> >Is it possible to set-up an IP Masquerading router that has the following

> >Internal interface 192.168.1.x

> >External Interface 192.168.1.y

> Possible, yes. Whether it was a good solution is a different story.

> >Our ISP assigns the IP address by DHCP and strangely they provide a
> >192.168.1.y address?

> They do NAT on their side because they don't have a big enough
> class-C or class-B (sub)net assigned to them.

> >Note on certain circumstances both 192.1681.x and 192.168.1.y could be
the
> >same

> [...]

> Worse and worse. Either get a different ISP, or setup the network
> to not be conflicting with the IP addresses from your ISP's dialup
> server (e.g., use 192.168.2.x for your LAN).

> Michael
> --

>           Lumber Cartel Unit #456 (TINLC) & Official Netscum
>     Note: If you want me to send you email, don't munge your address.

 
 
 

NAT Interface 192.168.1.x External 192.168.1.x Possible?

Post by James Knot » Wed, 01 Aug 2001 10:55:15


It shouldn't make any difference.  Each NAT sees what appears to be an
absolutely normal IP data stream.  It has no way of knowing about other
NATs.


> There NTL, one of the largest communications companies in the UK and Europe.

> I thought it was strange that there using NAT as well.

> How well does a NAT through NAT connection work (if you know what I mean)?

> --

> |---------------------------------------------------|
> | Anti-Spam - Please reply to address below          |

> |---------------------------------------------------|



> > >Is it possible to set-up an IP Masquerading router that has the following

> > >Internal interface 192.168.1.x

> > >External Interface 192.168.1.y

> > Possible, yes. Whether it was a good solution is a different story.

> > >Our ISP assigns the IP address by DHCP and strangely they provide a
> > >192.168.1.y address?

> > They do NAT on their side because they don't have a big enough
> > class-C or class-B (sub)net assigned to them.

> > >Note on certain circumstances both 192.1681.x and 192.168.1.y could be
> the
> > >same

> > [...]

> > Worse and worse. Either get a different ISP, or setup the network
> > to not be conflicting with the IP addresses from your ISP's dialup
> > server (e.g., use 192.168.2.x for your LAN).

> > Michael
> > --

> >           Lumber Cartel Unit #456 (TINLC) & Official Netscum
> >     Note: If you want me to send you email, don't munge your address.

--
Replies sent via e-mail to this address will be promptly ignored.

 
 
 

NAT Interface 192.168.1.x External 192.168.1.x Possible?

Post by James Knot » Wed, 01 Aug 2001 10:57:31


That's because it routes based on addresses.  If both sides have the
same address, how does it know which way to send the data?


> But there is no guarantees that NTL will not use 192.168.2.x

> I have tried WinRoute and it seems to work.

> Still trying to figure how to get LRP to work (doesn't seem to like 2 IP
> addresses on 2 interfaces being the same).

> --

> |---------------------------------------------------|
> | Anti-Spam - Please reply to address below          |

> |---------------------------------------------------|


> > Hi David,

> > > Is it possible to set-up an IP Masquerading router that has the
> following

> > > Internal interface 192.168.1.x

> > > External Interface 192.168.1.y

> > > Our ISP assigns the IP address by DHCP and strangely they provide a
> > > 192.168.1.y address?

> > You really want to avoid this.  If possible, you might like to put your
> > internal network on a different network range.  This range could be:
> > 192.168.2.x.  That way you could have your private network be separate
> from
> > the external network which they are allocating to you.

> > You can IP Masq all the traffic to your gateway and then you could let
> your
> > ISP masq the traffic out.  A IP Masq on a IP Masq will work.  The bottom
> line
> > however, is to try and stay away with both networks being the same.  This
> will
> > confuse your routing table no end.

> > See ya

> > Dean Thompson

> > --

> +____________________________+____________________________________________+

> |
> > | Bach. Computing (Hons)     | ICQ     - 45191180
> |
> > | PhD Student                | Office  - <Off-Campus>
> |
> > | School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)
> |
> > | MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077
> |
> > | Melbourne, Australia       |
> |

> +----------------------------+--------------------------------------------+

--
Replies sent via e-mail to this address will be promptly ignored.

 
 
 

NAT Interface 192.168.1.x External 192.168.1.x Possible?

Post by M. Buchenried » Wed, 01 Aug 2001 15:47:47



>There NTL, one of the largest communications companies in the UK and Europe.
>I thought it was strange that there using NAT as well.
>How well does a NAT through NAT connection work (if you know what I mean)?

[...]

Well, it works. It's not highly efficient to do so, but as far as
the routers are concerned, "private" IPs are just IPs, so the
process itself does just work as expected. The downfall is that you
will never be able to reach your own machines from the Internet.

I'd take my money elsewhere, but YMMV.

Michael

--

          Lumber Cartel Unit #456 (TINLC) & Official Netscum
    Note: If you want me to send you email, don't munge your address.

 
 
 

NAT Interface 192.168.1.x External 192.168.1.x Possible?

Post by M. Buchenried » Wed, 01 Aug 2001 15:50:35



>It shouldn't make any difference.  Each NAT sees what appears to be an
>absolutely normal IP data stream.  It has no way of knowing about other
>NATs.

[...]

Not quite. The ISP could analyze both the ports that the data
is coming from (the default ports for NAT traffic are unusally
high unless manually changed and recompiled), as well as the
take a closer look on the data packets itself. It is possible to
detect masqueraded traffic, though it takes some efforts.

Michael
--

          Lumber Cartel Unit #456 (TINLC) & Official Netscum
    Note: If you want me to send you email, don't munge your address.

 
 
 

NAT Interface 192.168.1.x External 192.168.1.x Possible?

Post by James Knot » Wed, 01 Aug 2001 21:41:17


With Linux routers, it is possible to select port ranges used for NAT.
And what artifacts would those be.  Also my comments were strictly from
a technical point in that there's nothing in a NAT packet that says it
is one.  As far as the next NAT goes, that packet came from a computer.



> >It shouldn't make any difference.  Each NAT sees what appears to be an
> >absolutely normal IP data stream.  It has no way of knowing about other
> >NATs.

> [...]

> Not quite. The ISP could analyze both the ports that the data
> is coming from (the default ports for NAT traffic are unusally
> high unless manually changed and recompiled), as well as the
> take a closer look on the data packets itself. It is possible to
> detect masqueraded traffic, though it takes some efforts.

> Michael
> --

>           Lumber Cartel Unit #456 (TINLC) & Official Netscum
>     Note: If you want me to send you email, don't munge your address.

--
Replies sent via e-mail to this address will be promptly ignored.

 
 
 

NAT Interface 192.168.1.x External 192.168.1.x Possible?

Post by David » Thu, 02 Aug 2001 06:06:28


Yeah but you can't get a 1MB cable modem connection for 125 quid a month
anywhere else.

Static IP's are going to out come Sept/Oct apparently, so you will be able
to run servers then. At the moment they provide POP3 accounts for email.

As you said you cannot run internal servers mainly due to DHCP being used.

--

|---------------------------------------------------|
| Anti-Spam - Please reply to address below          |

|---------------------------------------------------|


> >There NTL, one of the largest communications companies in the UK and
Europe.

> >I thought it was strange that there using NAT as well.

> >How well does a NAT through NAT connection work (if you know what I
mean)?

> [...]

> Well, it works. It's not highly efficient to do so, but as far as
> the routers are concerned, "private" IPs are just IPs, so the
> process itself does just work as expected. The downfall is that you
> will never be able to reach your own machines from the Internet.

> I'd take my money elsewhere, but YMMV.

> Michael

> --

>           Lumber Cartel Unit #456 (TINLC) & Official Netscum
>     Note: If you want me to send you email, don't munge your address.

 
 
 

NAT Interface 192.168.1.x External 192.168.1.x Possible?

Post by David » Thu, 02 Aug 2001 06:08:05


So why does WinRoute work but not LRP?

Doesn't WinRoute work in the same way as a Linux router would with NAT.

It works even if the two interfaces have the same IP address e.g internal
192.168.1.3, external 192.168.1.3

--

|---------------------------------------------------|
| Anti-Spam - Please reply to address below          |

|---------------------------------------------------|

> That's because it routes based on addresses.  If both sides have the
> same address, how does it know which way to send the data?


> > But there is no guarantees that NTL will not use 192.168.2.x

> > I have tried WinRoute and it seems to work.

> > Still trying to figure how to get LRP to work (doesn't seem to like 2 IP
> > addresses on 2 interfaces being the same).

> > --

> > |---------------------------------------------------|
> > | Anti-Spam - Please reply to address below          |

> > |---------------------------------------------------|


> > > Hi David,

> > > > Is it possible to set-up an IP Masquerading router that has the
> > following

> > > > Internal interface 192.168.1.x

> > > > External Interface 192.168.1.y

> > > > Our ISP assigns the IP address by DHCP and strangely they provide a
> > > > 192.168.1.y address?

> > > You really want to avoid this.  If possible, you might like to put
your
> > > internal network on a different network range.  This range could be:
> > > 192.168.2.x.  That way you could have your private network be separate
> > from
> > > the external network which they are allocating to you.

> > > You can IP Masq all the traffic to your gateway and then you could let
> > your
> > > ISP masq the traffic out.  A IP Masq on a IP Masq will work.  The
bottom
> > line
> > > however, is to try and stay away with both networks being the same.
This
> > will
> > > confuse your routing table no end.

> > > See ya

> > > Dean Thompson

> > > --

+____________________________+____________________________________________+
Quote:> > > | Dean Thompson              | E-mail  -


Quote:> > |
> > > | Bach. Computing (Hons)     | ICQ     - 45191180
> > |
> > > | PhD Student                | Office  - <Off-Campus>
> > |
> > > | School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)
> > |
> > > | MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077
> > |
> > > | Melbourne, Australia       |
> > |

+----------------------------+--------------------------------------------+

- Show quoted text -

> --
> Replies sent via e-mail to this address will be promptly ignored.


 
 
 

NAT Interface 192.168.1.x External 192.168.1.x Possible?

Post by James Knot » Thu, 02 Aug 2001 10:50:06



> Yeah but you can't get a 1MB cable modem connection for 125 quid a month
> anywhere else.

> Static IP's are going to out come Sept/Oct apparently, so you will be able
> to run servers then. At the moment they provide POP3 accounts for email.

> As you said you cannot run internal servers mainly due to DHCP being used.

DHCP does not prohibit servers.  You may have a static host name, which
is all you need.  If you don't have one of those, you can use DNS
servers, which you update with the DHCP address when it changes.

--
Replies sent via e-mail to this address will be promptly ignored.

 
 
 

1. From:192.168.0.101 TO:192.168.0.xxx VIA:192.168.2.1 ?

Hi,

My home network is configured as follows:  an iMac G3 gets the
Internet connection from dial-up (!) and shares it through its en0
interface on 192.168.2.1 (a static, pre-defined setting on MacOS X
10.4 for sharing an Internet connection).  en0 also has an IP of:
192.168.0.101 as shown below:

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet6 fe80::20a:27ff:feab:3692%en0 prefixlen 64 scopeid 0x4
        inet 192.168.0.101 netmask 0xffffff00 broadcast 192.168.0.255
        inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
        ether 00:0a:27:ab:36:92
        media: autoselect (100baseTX <full-duplex>) status: active
        supported media: 10baseT/UTP 10baseT/UTP <full-duplex>
100baseTX 100baseTX <full-duplex> autoselect autosel

From en0, a crossover cable goes into a DLink DI-624 router on its WAN
connector.  DI-624 (192.168.0.1) then gives dynamic IPs from
192.168.0.2- 192.168.0.255.  Computers are all able to share their
resources and to go on the Internet.

The problem is that the iMac G3 cannot communicate with the other
machines on 192.168.0.x and I'd like to know if there is a way around
it?

Thanks.

2. Linux PPP problem (Please, be nice)

3. Using 192.168.0 versus 192.168.1

4. [2.5] const char* to char* update in console.h

5. 192.168.0.0 vs. 192.168.1.0

6. PCI v90 Voice Modem Suggestions?

7. Browsing 192.168.0.23 returns 192.168.0.11, why?

8. A new libc.a for gcc 2.2.2

9. Joining 192.168.1.* to 192.168.1.* with filtering for only MS SQL Server?

10. Routing Linux 192.168.10.x network to Dlink router on 192.168.1.x network

11. 192.168.0.* vs 192.168.1.*

12. Connection attempt to TCP 192.168.0.13:3128 from 192.168.0.12:2050

13. iptables; allowing external web access to 192.168.0.1; how?