2514 Cable Connection

reeves122reeves122 Member Posts: 29 ■□□□□□□□□□
Hey guys

So I have a 2514 that I decided to hook up to my cable modem so I could practice NAT Overloading and port forwarding and the like.

Weird thing is, when I DHCP the ethernet interface and hook it to my cable modem it pulls a weird 24.x.x.x address every time.

Now, if I hook it back up to my Linksys WRT54G router I pull a 72.x.x.x address. I've been testing this for a few hours now and they will each never pull a different address. I guess this is attributable to my Linksys router requesting the same address it's had for months (the 72.x.x.x)

Well, I thought, no big deal. I'll just use the 24.x.x.x address and continue onward. I went ahead and set up NAT and everything was working great. Internet access and everything. The only problem was, I wasn't able to get my static NAT translations to work, like remote desktop. I had done this before and had no problem but whatever I did now was not working.

So I did a traceroute to www.google.com. And here is the crazy part: The next hop past my router was a 10.x.x.x address and then it continued through public addresses. Now, correct me if I am wrong but if their gateway uses a RFC1918 address doesn't that mean they are translating via NAT? I have never heard of a ISP translating it's customers addresses (especially since 24 is public!!) I may be missing the big picture as I am relatively new to all of this so I was hoping someone could shed some light on my situation. Thanks guys!
The EAST Initiative
"We believe our students will change the world."
http://www.eastinitiative.com/

Comments

  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    If they are using 10.x.x.x addresses on their internal network that's not an issue at all. The ISP doesn't need to translate your 24.x.x.x address to use 10.x.x.x addresses, they just can't advertise the 10.x.x.x addresses to the rest of the internet. Think of it this way, does the remainder of the Internet need to be able to send traffic to the ISP's internal routers? As far as the wierdness goes with the address, try spoofing the mac address of your Linksys router to the 2500 and see if you get the old address, it could be a DHCP bindings issue.
    The only easy day was yesterday!
  • reeves122reeves122 Member Posts: 29 ■□□□□□□□□□
    Thanks for the reply.

    I guess I had to think about it a bit more. You are right, who cares what IP address the ISP uses on it's own internal router as long as it's not a boarder router for them- and it's not. They can advertise their 10.x.x.x route all they want among their own routers.

    As for the problem with port forwarding. It could be an issue with my IOS settings. I'm using basically the following commands to achieve NAT.

    ! NAT access list
    ip access-list standard natlist
    permit 192.168.1.0 0.0.0.255
    !
    ip nat inside source list natlist interface ethernet0 overload
    !
    !
    ip nat inside source static tcp 192.168.1.2 3389 interface ethernet0 3389

    (plus the ip nat inside and ip nat outside)

    Now, i'm contemplating using the following command for static NAT instead to see if it works. Where X.X.X.X is whatever my public IP is. Do you think this would be preferable?

    ip nat inside source static tcp 192.168.1.2 3389 X.X.X.X 3389 extendable
    The EAST Initiative
    "We believe our students will change the world."
    http://www.eastinitiative.com/
  • reeves122reeves122 Member Posts: 29 ■□□□□□□□□□
    Ok so I've done some experimenting including trying the above command but i'm still not having any luck.

    I haven't been able to find much info on it but is it even possible to do port translation when your public interface is on DHCP? Of course, if I set my e0 interface to a static IP everything stops working so that's not really an option.
    The EAST Initiative
    "We believe our students will change the world."
    http://www.eastinitiative.com/
  • APAAPA Member Posts: 959
    NAT setup looks good..... Can you post the rest of your config?

    Have a visited a wesbite such as www.dnsstuff.com to see whether your clients are actually getting nat'ed out as the correct address???

    CCNA | CCNA:Security | CCNP | CCIP
    JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
    JNCIS:SP | JNCIP:SP
  • reeves122reeves122 Member Posts: 29 ■□□□□□□□□□
    This is pretty much default so there are a few things missing but I have internet access so NAT appears to be working but still no port forwarding for remote desktop icon_sad.gif
    Oh and it appears that NAT is translating internal to external correctly because i checked my public IP via whatismyip.com


    Reeves-Gateway#sh run
    Building configuration...

    Current configuration : 960 bytes
    !
    version 12.2
    no service single-slot-reload-enable
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname Reeves-Gateway
    !
    logging rate-limit console 10 except errors
    enable secret 5 $1$kpug$X2/JT7HqRdzYQuHUB51/a/
    !
    ip subnet-zero
    no ip finger
    !
    no ip dhcp-client network-discovery
    !
    !
    !
    !
    interface Ethernet0
    ip address dhcp
    ip nat outside
    !
    interface Ethernet1
    ip address 192.168.1.1 255.255.255.0
    ip nat inside
    !
    interface Serial0
    no ip address
    shutdown
    !
    interface Serial1
    no ip address
    shutdown
    !
    ip kerberos source-interface any
    ip nat inside source list natlist interface Ethernet0 overload
    ip nat inside source static tcp 192.168.1.2 3389 interface Ethernet0 3389
    ip classless
    no ip http server
    !
    !
    ip access-list standard natlist
    permit 192.168.1.0 0.0.0.255
    !
    !
    line con 0
    transport input none
    line aux 0
    line vty 0 4
    password
    login
    line vty 5 197
    password
    login
    !
    end
    The EAST Initiative
    "We believe our students will change the world."
    http://www.eastinitiative.com/
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    do you see the static translation between the indise local and inside global addresses in the output of "sh ip nat translations"? you may want to try a clear ip nat translations *
    The only easy day was yesterday!
Sign In or Register to comment.