Date: Thu, 9 Aug 2001 08:43:12 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Bob Collins" <bob@pineypl.COM> Cc: <freebsd-questions@freebsd.org> Subject: RE: OT, Linksys router Message-ID: <006d01c120e9$ff8bb7e0$1401a8c0@tedm.placo.com> In-Reply-To: <20010809094730.A45647@kludge.pineypl>
next in thread | previous in thread | raw e-mail | index | archive | help
You have a scenario where there are 2 interfaces on the Cayman router - the outside interface which is an "IP Unnumbered" interface, and the inside interface which is the 1st number of a routed subnet. There is no way you can use a LinkSys in this scenario to "map" the rest of the numbers in the subnet to internal private addresses because the Linksys NAT is only Many-to-One. I see 2 possible answers: 1) A Cisco DSL router like the 827 which _may_ be able to create an internal NAT pool and statically map the numbers in the subnet to the inside IIS server as well as create an overloaded "many-to-one" NAT. (I know you can do this on Cisco IOS on the bigger routers I don't know about the 827 though) 2) Obtain an internal DSL modem and stick it into a W2K system that is running NAT. The W2K system would have the DSL modem and a NIC connected to your internal network. It runs address translation and the NIC would have the internal private numbers. The DSL modem - ie. the WAN interface - would run unnumbered as well as having all the subnet numbers secondary on the external interface. I don't recommend either of these solutions for an inexperienced DSL tech because the Telco won't lift a finger to support you if you change CPE's and each of these approaches is fraught with peril. The following is what I think you should be doing: |-[NT Server publically numbered] inet--[Cayman]-[4 port hub] |-[Linksys or FreeBSD NAT]--[10/100 hub]--[inside] You gain absolutely nothing by routing the multiple numbers to the IIS server. If I remember, the feature list from the IIS server included with W2k supports virtual domains without the need for an IP number per domain. (just like Apache does, which of course Apache on FBSD is also an option) Granted some older browsers won't do the virtual domain thing without multiple IP numbers but there's other things on Microsoft IIS products that will block you from using those browsers if you doing anything at all interesting on the IIS server. If you must do it with NT4 you will have to get a second /29 subnet assigned by the ISP and put that on the NT4 box and route to it with a static route in the Cayman. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com >-----Original Message----- >From: Bob Collins [mailto:bob@pineypl.COM] >Sent: Thursday, August 09, 2001 6:48 AM >To: Ted Mittelstaedt >Subject: Re: OT, Linksys router > > >On Wed, Aug 08, 2001 at 11:17:50PM -0700, Ted Mittelstaedt wrote: >> Whoah, there Mike: >> >> 1) he probably has the 5 IP's assigned right out of the bridge group, not >> a routed subnet. Some ISP's do that sort of icky stuff >> >> 2) if they are out of the bridge group then he can't use them as a >> routed subnet like your advising. >> >> 3) You most certainly can shut off NAT on the Linksys and use it >as a regular >> IP router. We have several customers set up this way. >> >> 4) The stinksys will not work with what he wants to do because a) >it can only >> do 1 IP number per interface and b) it's NAT is ONLY many-to-one, >you cannot >> do static maps. >> >> 5) Windows (which is running the IIS he has) NT does NOT appear to arp on >> secondary IP numbers assigned to it's interface. (at least it never did it >> for me) It only ARP's on the primary IP number. Thus he cannot >simply plug it >> into the DSL bridge and get his multiple IP numbers "routed" to >the IIS he has >> there. I assume he's discovered this. >> >> Further discussion on this is probably going to lead nowhere in >the absense of >> IP numbers and subnet masks and such, even ficticious ones. You and I are >> both guessing at his network topology. Bob, would you please be more >> specific? >> >> >> Ted Mittelstaedt >tedm@toybox.placo.com >> Author of: The FreeBSD Corporate >Networker's Guide >> Book website: >http://www.freebsd-corp-net-guide.com > >Yes, I can be more specific. >Here is the info from Bellsouth. I have >the Cayman 3220-H DSL to Ethernet router. I am assigned 65.82.187.56 >for the subnet address and 65.82.189.57 that must be assigned to the >router. From there I use 65.82.189.58, 59, 60, 61, 62 for the rest of >the block of IPs. The broadcast address is 65.82.189.63. > >All I want to do is have the Cayman answer all 5 IPs and allow the IIS >to use them. I still want my workstations to use a proper 192.168.x.x >network in house. None of the workstations require a "real" IP. I >would also prefer not to use the Proxy and NAT solution on the NT >server if I do not have to. > >The topolgy is close to this, assuming my asci art is decent. > >inet--[static IPs]--[Cayman]--[Linksys]--[10/100 hub]--[NT Server] > | | | | > | | | | > hosts a b c d > >So that makes me ask the question; IS there a reasonably priced router >that can alias or answer 5 IPs on it's WAN interface? (we are a small >firm w/ low overhead) Otherwise, I >guess I can drop the other IPs and use a single static IP and have a >friend of mine handle the DNS requirements for a couple of my domains. >We have a few domains of semi-private info we host from our NT server. >I also need to keep an FTP server running on the NT for my >consultants to share files. > >I hope this is not getting too long-winded, but with FreeBSD's ability >to alias multiple IPs on a single NIC, can I use FBSD as my second >router with ipfw and natd? I have some spare parts and a decent little >box can be built to handle this... > > >Many thanks for the input, I hope I have supplied enough info. > --Bob > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006d01c120e9$ff8bb7e0$1401a8c0>