2514 Cable Connection

Hey guys

So I have a 2514 that I decided to hook up to my cable modem so I could practice NAT Overloading and port forwarding and the like.

Weird thing is, when I DHCP the ethernet interface and hook it to my cable modem it pulls a weird 24.x.x.x address every time.

Now, if I hook it back up to my Linksys WRT54G router I pull a 72.x.x.x address. I've been testing this for a few hours now and they will each never pull a different address. I guess this is attributable to my Linksys router requesting the same address it's had for months (the 72.x.x.x)

Well, I thought, no big deal. I'll just use the 24.x.x.x address and continue onward. I went ahead and set up NAT and everything was working great. Internet access and everything. The only problem was, I wasn't able to get my static NAT translations to work, like remote desktop. I had done this before and had no problem but whatever I did now was not working.

So I did a traceroute to www.google.com. And here is the crazy part: The next hop past my router was a 10.x.x.x address and then it continued through public addresses. Now, correct me if I am wrong but if their gateway uses a RFC1918 address doesn't that mean they are translating via NAT? I have never heard of a ISP translating it's customers addresses (especially since 24 is public!!) I may be missing the big picture as I am relatively new to all of this so I was hoping someone could shed some light on my situation. Thanks guys!

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

dtlokee

If they are using 10.x.x.x addresses on their internal network that's not an issue at all. The ISP doesn't need to translate your 24.x.x.x address to use 10.x.x.x addresses, they just can't advertise the 10.x.x.x addresses to the rest of the internet. Think of it this way, does the remainder of the Internet need to be able to send traffic to the ISP's internal routers? As far as the wierdness goes with the address, try spoofing the mac address of your Linksys router to the 2500 and see if you get the old address, it could be a DHCP bindings issue.

reeves122

Thanks for the reply.

I guess I had to think about it a bit more. You are right, who cares what IP address the ISP uses on it's own internal router as long as it's not a boarder router for them- and it's not. They can advertise their 10.x.x.x route all they want among their own routers.

As for the problem with port forwarding. It could be an issue with my IOS settings. I'm using basically the following commands to achieve NAT.

! NAT access list
ip access-list standard natlist
permit 192.168.1.0 0.0.0.255
!
ip nat inside source list natlist interface ethernet0 overload
!
!
ip nat inside source static tcp 192.168.1.2 3389 interface ethernet0 3389

(plus the ip nat inside and ip nat outside)

Now, i'm contemplating using the following command for static NAT instead to see if it works. Where X.X.X.X is whatever my public IP is. Do you think this would be preferable?

ip nat inside source static tcp 192.168.1.2 3389 X.X.X.X 3389 extendable

reeves122

Ok so I've done some experimenting including trying the above command but i'm still not having any luck.

I haven't been able to find much info on it but is it even possible to do port translation when your public interface is on DHCP? Of course, if I set my e0 interface to a static IP everything stops working so that's not really an option.

APA

NAT setup looks good..... Can you post the rest of your config?

Have a visited a wesbite such as www.dnsstuff.com to see whether your clients are actually getting nat'ed out as the correct address???

reeves122

This is pretty much default so there are a few things missing but I have internet access so NAT appears to be working but still no port forwarding for remote desktop

Oh and it appears that NAT is translating internal to external correctly because i checked my public IP via whatismyip.com

Reeves-Gateway#sh run
Building configuration...

Current configuration : 960 bytes
!
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Reeves-Gateway
!
logging rate-limit console 10 except errors
enable secret 5 $1$kpug$X2/JT7HqRdzYQuHUB51/a/
!
ip subnet-zero
no ip finger
!
no ip dhcp-client network-discovery
!
!
!
!
interface Ethernet0
ip address dhcp
ip nat outside
!
interface Ethernet1
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
ip kerberos source-interface any
ip nat inside source list natlist interface Ethernet0 overload
ip nat inside source static tcp 192.168.1.2 3389 interface Ethernet0 3389
ip classless
no ip http server
!
!
ip access-list standard natlist
permit 192.168.1.0 0.0.0.255
!
!
line con 0
transport input none
line aux 0
line vty 0 4
password
login
line vty 5 197
password
login
!
end

dtlokee

do you see the static translation between the indise local and inside global addresses in the output of "sh ip nat translations"? you may want to try a clear ip nat translations *