by David Traver » Thu, 26 Jul 2001 23:28:37
Internal interface 192.168.1.x
External Interface 192.168.1.y
Our ISP assigns the IP address by DHCP and strangely they provide a
192.168.1.y address?
Note on certain circumstances both 192.1681.x and 192.168.1.y could be the
same
Both problems could this cause with NAT if any ?
by James Knot » Fri, 27 Jul 2001 01:57:59
> Is it possible to set-up an IP Masquerading router that has the following
> Internal interface 192.168.1.x
> External Interface 192.168.1.y
> Our ISP assigns the IP address by DHCP and strangely they provide a
> 192.168.1.y address?
> Note on certain circumstances both 192.1681.x and 192.168.1.y could be the
> same
> Both problems could this cause with NAT if any ?
--
Replies sent via e-mail to this address will be promptly ignored.
by Brian Lee Bower » Fri, 27 Jul 2001 02:20:53
> > Is it possible to set-up an IP Masquerading router that has the following
Directly: no. Indirectly: maybe.Quote:> > Internal interface 192.168.1.x
> > External Interface 192.168.1.y
You would end up with a firewall/NAT that connects to your ISP, with a
second firewall/NAT that connects the first firewall to your internal
network. I've never tried this (who would really want to!!) but it
should work in theory.
FW1 has two network interfaces.
One gets an IP from the ISP by way of DHCP (192.168.1.X)
Two gets a private IP (10.0.0.1 for example)
FW2 has two network interfaces.
One gets an IP from the same private address space as FW1 interface Two
Two gets an IP from your local network address space (192.168.1.X)
If you have a large local network using the private 192.168.1.X
addresses, this might be viable. If you only have a few machines, it
might be less hassle just to choose a different set of private addresses
to use.
Strange, or not so strange. If this is a dial up connection, it seemsQuote:> > Our ISP assigns the IP address by DHCP and strangely they provide a
> > 192.168.1.y address?
--
Brian Lee Bowers | RADIANT Team (Summer Intern)
by M. Buchenried » Fri, 27 Jul 2001 14:25:40
They do NAT on their side because they don't have a big enoughQuote:>Our ISP assigns the IP address by DHCP and strangely they provide a
>192.168.1.y address?
[...]Quote:>Note on certain circumstances both 192.1681.x and 192.168.1.y could be the
>same
Worse and worse. Either get a different ISP, or setup the network
to not be conflicting with the IP addresses from your ISP's dialup
server (e.g., use 192.168.2.x for your LAN).
Michael
--
Lumber Cartel Unit #456 (TINLC) & Official Netscum
Note: If you want me to send you email, don't munge your address.
by Dean Thompso » Fri, 27 Jul 2001 15:35:47
Hi David,
You really want to avoid this. If possible, you might like to put yourQuote:> Is it possible to set-up an IP Masquerading router that has the following
> Internal interface 192.168.1.x
> External Interface 192.168.1.y
> Our ISP assigns the IP address by DHCP and strangely they provide a
> 192.168.1.y address?
You can IP Masq all the traffic to your gateway and then you could let your
ISP masq the traffic out. A IP Masq on a IP Masq will work. The bottom line
however, is to try and stay away with both networks being the same. This will
confuse your routing table no end.
See ya
Dean Thompson
--
+____________________________+____________________________________________+
| Bach. Computing (Hons) | ICQ - 45191180 |
| PhD Student | Office - <Off-Campus> |
| School Comp.Sci & Soft.Eng | Phone - +61 3 9903 2787 (Gen. Office) |
| MONASH (Caulfield Campus) | Fax - +61 3 9903 1077 |
| Melbourne, Australia | |
+----------------------------+--------------------------------------------+
by David » Wed, 01 Aug 2001 05:18:49
I have tried WinRoute and it seems to work.
Still trying to figure how to get LRP to work (doesn't seem to like 2 IP
addresses on 2 interfaces being the same).
--
|---------------------------------------------------|
| Anti-Spam - Please reply to address below |
|---------------------------------------------------|
+____________________________+____________________________________________+Quote:> Hi David,
> > Is it possible to set-up an IP Masquerading router that has the
following
> > Internal interface 192.168.1.x
> > External Interface 192.168.1.y
> > Our ISP assigns the IP address by DHCP and strangely they provide a
> > 192.168.1.y address?
> You really want to avoid this. If possible, you might like to put your
> internal network on a different network range. This range could be:
> 192.168.2.x. That way you could have your private network be separate
from
> the external network which they are allocating to you.
> You can IP Masq all the traffic to your gateway and then you could let
your
> ISP masq the traffic out. A IP Masq on a IP Masq will work. The bottom
line
> however, is to try and stay away with both networks being the same. This
will
> confuse your routing table no end.
> See ya
> Dean Thompson
> --
by David » Wed, 01 Aug 2001 05:17:12
I thought it was strange that there using NAT as well.
How well does a NAT through NAT connection work (if you know what I mean)?
--
|---------------------------------------------------|
| Anti-Spam - Please reply to address below |
|---------------------------------------------------|
> >Is it possible to set-up an IP Masquerading router that has the following
> >Internal interface 192.168.1.x
> >External Interface 192.168.1.y
> Possible, yes. Whether it was a good solution is a different story.
> >Our ISP assigns the IP address by DHCP and strangely they provide a
> >192.168.1.y address?
> They do NAT on their side because they don't have a big enough
> class-C or class-B (sub)net assigned to them.
> >Note on certain circumstances both 192.1681.x and 192.168.1.y could be
the
> >same
> [...]
> Worse and worse. Either get a different ISP, or setup the network
> to not be conflicting with the IP addresses from your ISP's dialup
> server (e.g., use 192.168.2.x for your LAN).
> Michael
> --
> Lumber Cartel Unit #456 (TINLC) & Official Netscum
> Note: If you want me to send you email, don't munge your address.
by James Knot » Wed, 01 Aug 2001 10:55:15
> There NTL, one of the largest communications companies in the UK and Europe.
> I thought it was strange that there using NAT as well.
> How well does a NAT through NAT connection work (if you know what I mean)?
> --
> |---------------------------------------------------|
> | Anti-Spam - Please reply to address below |
> |---------------------------------------------------|
> > >Is it possible to set-up an IP Masquerading router that has the following
> > >Internal interface 192.168.1.x
> > >External Interface 192.168.1.y
> > Possible, yes. Whether it was a good solution is a different story.
> > >Our ISP assigns the IP address by DHCP and strangely they provide a
> > >192.168.1.y address?
> > They do NAT on their side because they don't have a big enough
> > class-C or class-B (sub)net assigned to them.
> > >Note on certain circumstances both 192.1681.x and 192.168.1.y could be
> the
> > >same
> > [...]
> > Worse and worse. Either get a different ISP, or setup the network
> > to not be conflicting with the IP addresses from your ISP's dialup
> > server (e.g., use 192.168.2.x for your LAN).
> > Michael
> > --
> > Lumber Cartel Unit #456 (TINLC) & Official Netscum
> > Note: If you want me to send you email, don't munge your address.
by James Knot » Wed, 01 Aug 2001 10:57:31
> But there is no guarantees that NTL will not use 192.168.2.x
> I have tried WinRoute and it seems to work.
> Still trying to figure how to get LRP to work (doesn't seem to like 2 IP
> addresses on 2 interfaces being the same).
> --
> |---------------------------------------------------|
> | Anti-Spam - Please reply to address below |
> |---------------------------------------------------|
> > Hi David,
> > > Is it possible to set-up an IP Masquerading router that has the
> following
> > > Internal interface 192.168.1.x
> > > External Interface 192.168.1.y
> > > Our ISP assigns the IP address by DHCP and strangely they provide a
> > > 192.168.1.y address?
> > You really want to avoid this. If possible, you might like to put your
> > internal network on a different network range. This range could be:
> > 192.168.2.x. That way you could have your private network be separate
> from
> > the external network which they are allocating to you.
> > You can IP Masq all the traffic to your gateway and then you could let
> your
> > ISP masq the traffic out. A IP Masq on a IP Masq will work. The bottom
> line
> > however, is to try and stay away with both networks being the same. This
> will
> > confuse your routing table no end.
> > See ya
> > Dean Thompson
> > --
> +____________________________+____________________________________________+
> |
> > | Bach. Computing (Hons) | ICQ - 45191180
> |
> > | PhD Student | Office - <Off-Campus>
> |
> > | School Comp.Sci & Soft.Eng | Phone - +61 3 9903 2787 (Gen. Office)
> |
> > | MONASH (Caulfield Campus) | Fax - +61 3 9903 1077
> |
> > | Melbourne, Australia |
> |
> +----------------------------+--------------------------------------------+
by M. Buchenried » Wed, 01 Aug 2001 15:47:47
Well, it works. It's not highly efficient to do so, but as far as
the routers are concerned, "private" IPs are just IPs, so the
process itself does just work as expected. The downfall is that you
will never be able to reach your own machines from the Internet.
I'd take my money elsewhere, but YMMV.
Michael
--
Lumber Cartel Unit #456 (TINLC) & Official Netscum
Note: If you want me to send you email, don't munge your address.
by M. Buchenried » Wed, 01 Aug 2001 15:50:35
Not quite. The ISP could analyze both the ports that the data
is coming from (the default ports for NAT traffic are unusally
high unless manually changed and recompiled), as well as the
take a closer look on the data packets itself. It is possible to
detect masqueraded traffic, though it takes some efforts.
Michael
--
Lumber Cartel Unit #456 (TINLC) & Official Netscum
Note: If you want me to send you email, don't munge your address.
by James Knot » Wed, 01 Aug 2001 21:41:17
> >It shouldn't make any difference. Each NAT sees what appears to be an
> >absolutely normal IP data stream. It has no way of knowing about other
> >NATs.
> [...]
> Not quite. The ISP could analyze both the ports that the data
> is coming from (the default ports for NAT traffic are unusally
> high unless manually changed and recompiled), as well as the
> take a closer look on the data packets itself. It is possible to
> detect masqueraded traffic, though it takes some efforts.
> Michael
> --
> Lumber Cartel Unit #456 (TINLC) & Official Netscum
> Note: If you want me to send you email, don't munge your address.
by David » Thu, 02 Aug 2001 06:06:28
Static IP's are going to out come Sept/Oct apparently, so you will be able
to run servers then. At the moment they provide POP3 accounts for email.
As you said you cannot run internal servers mainly due to DHCP being used.
--
|---------------------------------------------------|
| Anti-Spam - Please reply to address below |
|---------------------------------------------------|
> >There NTL, one of the largest communications companies in the UK and
Europe.
> >I thought it was strange that there using NAT as well.
> >How well does a NAT through NAT connection work (if you know what I
mean)?
> [...]
> Well, it works. It's not highly efficient to do so, but as far as
> the routers are concerned, "private" IPs are just IPs, so the
> process itself does just work as expected. The downfall is that you
> will never be able to reach your own machines from the Internet.
> I'd take my money elsewhere, but YMMV.
> Michael
> --
> Lumber Cartel Unit #456 (TINLC) & Official Netscum
> Note: If you want me to send you email, don't munge your address.
by David » Thu, 02 Aug 2001 06:08:05
Doesn't WinRoute work in the same way as a Linux router would with NAT.
It works even if the two interfaces have the same IP address e.g internal
192.168.1.3, external 192.168.1.3
--
|---------------------------------------------------|
| Anti-Spam - Please reply to address below |
|---------------------------------------------------|
> > But there is no guarantees that NTL will not use 192.168.2.x
> > I have tried WinRoute and it seems to work.
> > Still trying to figure how to get LRP to work (doesn't seem to like 2 IP
> > addresses on 2 interfaces being the same).
> > --
> > |---------------------------------------------------|
> > | Anti-Spam - Please reply to address below |
> > |---------------------------------------------------|
> > > Hi David,
> > > > Is it possible to set-up an IP Masquerading router that has the
> > following
> > > > Internal interface 192.168.1.x
> > > > External Interface 192.168.1.y
> > > > Our ISP assigns the IP address by DHCP and strangely they provide a
> > > > 192.168.1.y address?
> > > You really want to avoid this. If possible, you might like to put
your
> > > internal network on a different network range. This range could be:
> > > 192.168.2.x. That way you could have your private network be separate
> > from
> > > the external network which they are allocating to you.
> > > You can IP Masq all the traffic to your gateway and then you could let
> > your
> > > ISP masq the traffic out. A IP Masq on a IP Masq will work. The
bottom
> > line
> > > however, is to try and stay away with both networks being the same.
This
> > will
> > > confuse your routing table no end.
> > > See ya
> > > Dean Thompson
> > > --
Quote:> > > | Dean Thompson | E-mail -
+----------------------------+--------------------------------------------+Quote:> > |
> > > | Bach. Computing (Hons) | ICQ - 45191180
> > |
> > > | PhD Student | Office - <Off-Campus>
> > |
> > > | School Comp.Sci & Soft.Eng | Phone - +61 3 9903 2787 (Gen. Office)
> > |
> > > | MONASH (Caulfield Campus) | Fax - +61 3 9903 1077
> > |
> > > | Melbourne, Australia |
> > |
> --
> Replies sent via e-mail to this address will be promptly ignored.
by James Knot » Thu, 02 Aug 2001 10:50:06
> Yeah but you can't get a 1MB cable modem connection for 125 quid a month
> anywhere else.
> Static IP's are going to out come Sept/Oct apparently, so you will be able
> to run servers then. At the moment they provide POP3 accounts for email.
> As you said you cannot run internal servers mainly due to DHCP being used.
--
Replies sent via e-mail to this address will be promptly ignored.
1. From:192.168.0.101 TO:192.168.0.xxx VIA:192.168.2.1 ?
Hi,
My home network is configured as follows: an iMac G3 gets the
Internet connection from dial-up (!) and shares it through its en0
interface on 192.168.2.1 (a static, pre-defined setting on MacOS X
10.4 for sharing an Internet connection). en0 also has an IP of:
192.168.0.101 as shown below:
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::20a:27ff:feab:3692%en0 prefixlen 64 scopeid 0x4
inet 192.168.0.101 netmask 0xffffff00 broadcast 192.168.0.255
inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
ether 00:0a:27:ab:36:92
media: autoselect (100baseTX <full-duplex>) status: active
supported media: 10baseT/UTP 10baseT/UTP <full-duplex>
100baseTX 100baseTX <full-duplex> autoselect autosel
From en0, a crossover cable goes into a DLink DI-624 router on its WAN
connector. DI-624 (192.168.0.1) then gives dynamic IPs from
192.168.0.2- 192.168.0.255. Computers are all able to share their
resources and to go on the Internet.
The problem is that the iMac G3 cannot communicate with the other
machines on 192.168.0.x and I'd like to know if there is a way around
it?
Thanks.
2. Linux PPP problem (Please, be nice)
3. Using 192.168.0 versus 192.168.1
4. [2.5] const char* to char* update in console.h
5. 192.168.0.0 vs. 192.168.1.0
6. PCI v90 Voice Modem Suggestions?
7. Browsing 192.168.0.23 returns 192.168.0.11, why?
9. Joining 192.168.1.* to 192.168.1.* with filtering for only MS SQL Server?
10. Routing Linux 192.168.10.x network to Dlink router on 192.168.1.x network
11. 192.168.0.* vs 192.168.1.*
12. Connection attempt to TCP 192.168.0.13:3128 from 192.168.0.12:2050
13. iptables; allowing external web access to 192.168.0.1; how?