cancel
Showing results for 
Search instead for 
Did you mean: 

Configuring NAT etc.

Community Veteran
Posts: 6,111
Thanks: 1
Registered: 05-04-2007

Configuring NAT etc.

I'll confess here that I'm not a networking whizz... I know alot about computers, but having never administered my own network until recently I have never really had much of a clue about them!

Anyway. The scenario is that I have a broadband router (a Binatone ADSL2000 to be precise). Connected to that I have a gateway (a Belkin 54g Wireless Cable/DSL Gateway Router). I also have a single static IP. In the configuration at the moment, NAT is happening on both the ADSL2000 and the Belkin gateway. However, this causes problems with programs such as MSN Messenger... it can get through my gateway alright, because that has the specific ports required unblocked, and it supports UPNP. However, it can't seem to get through the ADSL2000 properly - and that's because it's got NAT running, but it doesn't have the other "work arounds" such as UPNP etc. Another thing is that any pings or anything in my gateway's security log are shown as coming from the internal IP address of the ADSL2000 - so I can't see who they're really coming from.

Now, I thought that the way to beat this would be to just turn off NAT on the ADSL2000 - that would allow my static IP to "pass through" the ADSL2000 into the gateway, without being translated into an internal IP - right? :? (Correct me if I'm wrong!) However, when I do turn NAT off on the ADSL2000, what happens is my internet connection just stops working - and the only way to get it back is to enable NAT again!

Having NAT happen twice does seem rather stupid - but I can't find any way to rectify it! Can anyone help?

Thanks (alot!) in advance,
Thomas
11 REPLIES
Mark_Dowd
Grafter
Posts: 102
Registered: 08-08-2007

Configuring NAT etc.

Hi.

It sounds as though your ADSL2000 is providing session Proxy as well as NAT. If it was just NAT then you would see the originating IP addresses on the pings. As the name implies Proxy ("acting as a substitute for another") functionality "breaks" the connection, acting as a client to the outside world, and a server to the local network. Check the ADSL2000 configuration.

I would recommend that you leave NAT switched on if you only have a single IP address.

Hope this helps Smiley

Regards :-)
Community Veteran
Posts: 6,111
Thanks: 1
Registered: 05-04-2007

Configuring NAT etc.

Nope... the ADSL2000 has nothing to do with proxy-ing anywhere... it does have a rather simple configuration panel I admit.

Anyway, as I say, I don't want to totally turn NAT off... just on the ADSL2000. I still intend to keep NAT running on the gateway.

Thomas
N/A

Configuring NAT etc.

Your problem's the routing table (on the ADSL router).

You either have two subnets, or two networks. With NAT switched on at the Belkin, this fact is hidden from the ADSL router, because NAT causes all addresses from the LAN side of the Belkin to be replaced by the "WAN" address of the Belkin. Therefore, the ADSL router has no idea of the existence of a second network (or subnetwork) behind the Belkin. (Just as, your ADSL router running NAT hides your internal addresses from people out on the Internet, and they have no idea of the addresses you use internally -- they only know of your single public IP address.)

By switching off NAT on the Belkin, the address translation is no longer done, and all of a sudden, the ADSL router is seeing addresses from the network "behind" the Belkin. For traffic going out from your network, this is no problem, but consider what now happens when a response comes back from someone in the Internet. The ADSL router does its NAT "thing" resulting in an internal destination address for the packet. But it's an address for "behind" the Belkin, remember. The ADSL router consults its routing table, and there's no entry telling it how to route to that address. Therefore it uses its "default route" which points out across the PPP link -- ie outbound from your network!

You need to add a route to the ADSL router's routing table to tell it how to reach the network (or subnet) "behind" the Belkin; in other words, telling it "to reach the network behind the Belkin, send to the Belkin").

Or, as someone else pointed out in a recent thread involving a similar configuration, if the Belkin supports "bridging" between its LAN and WAN sides, then you can use that, which avoids having to do anything with routing tables, for then the networks on either side of the Belkin become (logically) one single network.
Community Veteran
Posts: 6,111
Thanks: 1
Registered: 05-04-2007

Configuring NAT etc.

Task, that's an informative post, and I thank you... the thing is, it's the NAT on the ADSL router that I'm trying to turn off... not on the Belkin gateway!

For what it's worth, I tried turning NAT off on the ADSL router once when I didn't even have the gateway (the router was just connected to the PC via an ethernet port)... again, it didn't work.

Oh I'm confused...

Thomas
N/A

Configuring NAT etc.

Unless you request "No-NAT" from PlusNet, you must not turn off NAT at the ADSL router.

Consider why.

If the ADSL router is not doing NAT, it will pass-on any addresses in the packets it receives. Packets coming from the Belkin will all have the Belkin's "WAN" address in the "source" field of the header (because the Belkin is doing NAT, and NAT will ensure that's the address used). But what address will that be? You only have a single public IP address, and that is used for the ADSL router. So you need another public IP address for the WAN side of the Belkin -- you must not use a private IP address on the Internet. You only get a second IP Address if you opt for the No-NAT offering from PlusNet.

If you switch off NAT anywhere, it has to be inside your network, not at the network boundary.
Community Veteran
Posts: 6,111
Thanks: 1
Registered: 05-04-2007

Configuring NAT etc.

I understand what you're saying. However, I don't want the ADSL router to even consider anything about the IPs... I want it so all routing is to be done by the gateway, with the router doing nothing more than providing me with an internet connection.

It looks like what I've got to do is get rid of the ADSL router, and just get an ethernet modem (not a router) - that way I'll only have one device doing routing on my network.

Thomas
N/A

Configuring NAT etc.

Does the modem/rotuer have a bridge mode. This sounds like what you want.
Community Veteran
Posts: 6,111
Thanks: 1
Registered: 05-04-2007

Configuring NAT etc.

Alas, it doesn't. Thanks anyway.

Thomas
Mark_Dowd
Grafter
Posts: 102
Registered: 08-08-2007

Configuring NAT etc.

The Solwise SAR110 does this with something called ZIPB (Zero IP Bridging).
Community Veteran
Posts: 6,111
Thanks: 1
Registered: 05-04-2007

Configuring NAT etc.

Hmm, that sounds like exactly what I need.

Well, thanks everyone.

Thomas
Community Veteran
Posts: 6,983
Thanks: 8
Registered: 10-04-2007

Configuring NAT etc.

And theres one for sale on the For Sale board Thomas :lol: