Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


adamdotclarke

45 posts

Geek


#65933 9-Aug-2010 19:12
Send private message

Hey Guys,

I have a question and I have been googling and cant find the answer to. Ok here goes, I have a Linksys AG300 with IP 192.168.10.1 and subnet of 255.255.255.252.

I also have an ISA server box IP 192.168.10.2 and same subnet. Now currently I have NAT enabled on the AG300 but also ISA performs NAT so effectively I am double-natting. Now I believe the best alternative is Static Routing, am I correct?

If not, what do I need to do to disable NAT on my AG300 and just have it forwarding packets? If so, what options do I set for static routing, I have tried all combos I can think that are logical to me and none work.

It needs Dest IP, Subnet and Gateway IP.

Any ideas?

Thanks

Adam

Create new topic
Regs
4066 posts

Uber Geek

Trusted
Snowflake

  #365610 9-Aug-2010 20:27
Send private message

what you really want is "ip extension" or "half bridge" modes on your linksys. it will avoid the double-nat, presenting the external IP address directly to ISA via DHCP

try this link for some help: http://www.ben.geek.nz/2006/11/adsl-routing-solution-in-detail

i'm pretty sure the ag300 does half bridge too






adamdotclarke

45 posts

Geek


  #365619 9-Aug-2010 20:39
Send private message

I have just scoured my router config and looked on google and cannot find how to put this modem into bridge mode. I have a telecom single pc thomson st536v6 but couldnt figure out on that how to, seems maybe telecom locked it? I dont mind which box I use but would like to remove double nat?

Any ideas?

adamdotclarke

45 posts

Geek


  #365625 9-Aug-2010 20:46
Send private message

Scratch that, st536 is buggered. Telstraclear are sending me a free modem, anyone know mdoem number that will be? Half bridge?



nbroad
320 posts

Ultimate Geek


  #365785 10-Aug-2010 10:26
Send private message

the /30 subnet (255.255.255.252) gives you only two usable addresses, 192.168.10.1 and 192.168.10.2.

I presume the ISA server has two network cards and you have hosts using the ISA server?  If so, what is IP address and subnet mask of the inside or trusted interface?

Maybe the option is to have the ISA server route between its inside and outside NIC's instead of performing NAT?

adamdotclarke

45 posts

Geek


  #365801 10-Aug-2010 11:05
Send private message

Correct, inside interface IP is 172.20.10.1. Ah i see so then the AG300 does the NAT leaving the ISA just routing, hadnt thought of it that way..

nbroad
320 posts

Ultimate Geek


  #365802 10-Aug-2010 11:19
Send private message

adamdotclarke: Correct, inside interface IP is 172.20.10.1. Ah i see so then the AG300 does the NAT leaving the ISA just routing, hadnt thought of it that way..


yep, should work.  Only one way to find out I suppose!

raytaylor
4014 posts

Uber Geek

Trusted

  #365962 10-Aug-2010 18:33
Send private message

Another suggestion may be to set your modem to 10.1.1.1 and your ISA Wan to 10.1.1.2 - then have it as the DMZ in the modem.

Then set your ISA server to issue 192.168.0.x on its LAN interface

Or get a modem that does half bridge / ip extension, or use an internal PCI ADSL modem like I do.





Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here


 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
Regs
4066 posts

Uber Geek

Trusted
Snowflake

  #366032 10-Aug-2010 21:35
Send private message

raytaylor:
or use an internal PCI ADSL modem like I do.


that *should* be the easiest option, and potentially the most reliable,  - but they're harder to find these days.  got any links to models for sale?




adamdotclarke

45 posts

Geek


  #366044 10-Aug-2010 21:52
Send private message

Yea that is how I had it configured but swap the IP ranges.
But still isnt that not fixing the double nat issue?
Yea if you could recommend any good models as I have heard they can be unreliable if the wrong model...?

raytaylor
4014 posts

Uber Geek

Trusted

  #366052 10-Aug-2010 22:09
Send private message

I have a couple which i picked up off trademe. I always get them from there and have never had any problems with them - though if your case gets too warm i guess they could have problems.

Usually I just get one for $30 off trademe as I use them in managed firewalls for clients, and mako use them in their managed firewalls for the new government healthlink system that most pharmacy's are getting installed.

See here http://www.trademe.co.nz/Browse/SearchResults.aspx?searchType=all&searchString=pci+adsl&type=Search&generalSearch_keypresses=14&generalSearch_suggested=0

The ones i have in a load balancing firewall at home that i put together are both GlobespanVirata or something like that off trademe.





Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here


webwat
2036 posts

Uber Geek

Trusted

  #366188 11-Aug-2010 12:35
Send private message

What are your trying to achieve, ie which LAN do your want to firewall behind the NAT? Best security would have the NAT router in front of the server, so it sounds like you are protecting a second device behind the ISA server. I would have thought the second LAN would be a separate subnet on the first router instead of double NAT.




Time to find a new industry!


nbroad
320 posts

Ultimate Geek


  #366197 11-Aug-2010 12:49
Send private message

webwat: What are your trying to achieve, ie which LAN do your want to firewall behind the NAT? Best security would have the NAT router in front of the server, so it sounds like you are protecting a second device behind the ISA server. I would have thought the second LAN would be a separate subnet on the first router instead of double NAT.


performing NAT on consumer grade ADSL modem/routers usually cannot be avoided unless using a workaround such as half bridge as suggested or the Draytek option, so the first subnet is going to be natted.  It sounds like the OP's goal is to protect hosts behind the ISA server and possibly utilise ISA's firewall policies for outbound control etc etc.  I don't understand what you mean when you say 'the second LAN would be a separate subnet on the first router instead of double NAT'
I doubt the first router could take a secondary IP and subnet on the LAN interface and I don't see what that would achieve.
I still think it would be worth trying the ISA in route mode instead of NAT.  Seems simple to me.  ISA routes between the two private subnets and the modem/router performs NAT to the internet.
The only downside would be if you wanted to allow some inbound connections to hosts behind the ISA server you would have to port forward once on the modem/router and then also create port forwards and policies on the ISA server.

adamdotclarke

45 posts

Geek


  #366198 11-Aug-2010 12:52
Send private message

@nbroad you are correct, that is what I am aiming to do, I will give the route on ISA, NAT on adsl device option a try when I have the chance

Thanks heaps for all the suggestions guys, ill let you know how I get on...

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.