Problems while changing to new dsl-router. - BSD

This is a discussion on Problems while changing to new dsl-router. - BSD ; Hi everyone: I just replaced my speedstream 5200 dsl-router (by efficient network) with a wirelees 2wire gateway (also called "home portal"). The router is connected to a BSD server and behind the server is my LAN. Router's IP is 192.168.1.2 ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: Problems while changing to new dsl-router.

  1. Problems while changing to new dsl-router.

    Hi everyone:

    I just replaced my speedstream 5200 dsl-router (by efficient network)
    with
    a wirelees 2wire gateway (also called "home portal").

    The router is connected to a BSD server and behind the server is my
    LAN.
    Router's IP is 192.168.1.2
    Server's eth2=192.168.1.1
    Server's eth1=192.168.5.1
    LAN=192.168.5.X

    My server was working OK on the day I did the change.

    The thing is, that my old router didn't work on the default settings.
    And since I configured it so long ago (and with a lot of external
    help) I'm pretty sure I'm missing something while configurating the
    new router.

    What I DID configurated on the new router, in order to equal the
    previous setting, is:
    - port forwarding for: http, ftp, smtp, snmp, pptp, telnet, dns,
    https, ssh, imap, etc.
    (though I couldnt do forwarding for ICMP... the new router doesnt have
    that
    choice but I'm sure I did on the old router).
    - and I also added on the router, the static route to subnet
    192.168.5.0 netmask
    255.255.255.0 gateway 192.168.1.1

    The facts:
    I have access to internet from the server. I can ping my LAN:
    192.168.5.X and of course the router itself: 192.168.1.2
    My LAN cannot access the web. But it can ping to the server on both
    interfaces 192.168.5.1 and 192.168.1.1
    I can access the router (192.168.1.2) from the LAN (192.168.5.X),
    however... when I delete the static route on the router... I have no
    longer access to it.

    Both, eth2 at the server and LAN have netmask 255.255.255.0
    Traceroute from LAN says it gets to
    ---->>> 192.168.5.1 (eth1 at server)
    ---->>> 192.168.1.2 (router)
    ---->>> request time out (and that's it !!!)

    The server already has the static route for 192.168.5.0 to
    192.168.5.1 netmask. 255.255.255.0
    And default router for the server is 192.168.1.2.

    What am I missing here?
    I really need to get this network up and running !!

    Thanks in advance.


  2. Re: Problems while changing to new dsl-router.

    In article <1175488602.397540.155560@p15g2000hsd.googlegroups. com>
    "birkoff" writes:
    >
    >The facts:
    >I have access to internet from the server. I can ping my LAN:
    >192.168.5.X and of course the router itself: 192.168.1.2
    >My LAN cannot access the web. But it can ping to the server on both
    >interfaces 192.168.5.1 and 192.168.1.1
    >I can access the router (192.168.1.2) from the LAN (192.168.5.X),
    >however... when I delete the static route on the router... I have no
    >longer access to it.
    >
    >Both, eth2 at the server and LAN have netmask 255.255.255.0
    >Traceroute from LAN says it gets to
    >---->>> 192.168.5.1 (eth1 at server)
    >---->>> 192.168.1.2 (router)
    >---->>> request time out (and that's it !!!)
    >
    >The server already has the static route for 192.168.5.0 to
    >192.168.5.1 netmask. 255.255.255.0
    >And default router for the server is 192.168.1.2.
    >
    >What am I missing here?


    Sounds like the router doesn't NAT the packets coming from the 192.168.5
    network - the router clearly knows where to send the traffic for it, but
    if it sends packets from it out on the Internet w/o changing the source
    address, there's no way the return packets can find their way back.

    --Per Hedeland
    per@hedeland.org

  3. Re: Problems while changing to new dsl-router.

    > Sounds like the router doesn't NAT the packets coming from the 192.168.5
    > network - the router clearly knows where to send the traffic for it, but
    > if it sends packets from it out on the Internet w/o changing the source
    > address, there's no way the return packets can find their way back.


    My thought exactly.
    Although, how is it that the server (which of course is behind the
    router) DO have web access?

    I know it's not the server's firewall, since I already flushed all the
    rules.
    And since I do can reach the router from the LAN, I'm thinking NAT at
    the server is OK.

    Thanks Per.


  4. Re: Problems while changing to new dsl-router.

    birkoff wrote:
    >> Sounds like the router doesn't NAT the packets coming from the 192.168.5
    >> network


    This is not his job; maybe he is only natting it's local network
    (192.168.1.0/24).

    >> - the router clearly knows where to send the traffic for it, but
    >> if it sends packets from it out on the Internet w/o changing the source
    >> address, there's no way the return packets can find their way back.

    >
    > My thought exactly.
    > Although, how is it that the server (which of course is behind the
    > router) DO have web access?
    >
    > I know it's not the server's firewall, since I already flushed all the
    > rules.
    > And since I do can reach the router from the LAN, I'm thinking NAT at
    > the server is OK.


    You say in a previous post that you can't ping the router from the lan
    if you delete the static route to the lan in the router. For me, it is
    showing that the nat in the server is not working.

    Try to sniff with tcpdump to be sure.

    Henri

    >
    > Thanks Per.
    >


  5. Re: Problems while changing to new dsl-router.

    In article <1175512812.520046.62920@d57g2000hsg.googlegroups.c om>
    "birkoff" writes:
    >> Sounds like the router doesn't NAT the packets coming from the 192.168.5
    >> network - the router clearly knows where to send the traffic for it, but
    >> if it sends packets from it out on the Internet w/o changing the source
    >> address, there's no way the return packets can find their way back.

    >
    >My thought exactly.
    >Although, how is it that the server (which of course is behind the
    >router) DO have web access?


    The server is on the 192.168.1 network, which clearly *is* NATed (it's
    on the 192.168.5 too, but the packets it sends twoards the router will
    have a source address in the 192.168.1 network).

    >I know it's not the server's firewall, since I already flushed all the
    >rules.
    >And since I do can reach the router from the LAN, I'm thinking NAT at
    >the server is OK.


    So, you have set up the server to do NAT for the 192.168.5 network? And
    consequently doesn't need the router to do it? In that case it's
    presumably that server-NAT that is broken - with a static route for
    192.168.5 in the router, the router can be reached from the LAN whether
    the server NAT works or not. Or conversely, with server NAT there is no
    need for the 192.168.5 route in the router.

    --Per Hedeland
    per@hedeland.org

  6. Re: Problems while changing to new dsl-router.

    In article Henri Hennebert
    writes:
    >birkoff wrote:
    >>> Sounds like the router doesn't NAT the packets coming from the 192.168.5
    >>> network

    >
    >This is not his job;


    Well, that's not for you (or me) to decide:-) - but of course if no-one
    told him that it's his job, he can't very well do it...

    > maybe he is only natting it's local network
    >(192.168.1.0/24).


    Yes, that's basically what I said.:-) Anyway, from birkoff's followup it
    seems he really does want to do NAT on the server for the 192.168.5
    network - there was no mention of this in the original post. Personally
    I'd probably prefer to not have the traffic from the 192.168.5 network
    NATed *twice* before it reaches the Internet (assuming the router *can*
    NAT for anything more than its local network), but either way should
    work.

    --Per Hedeland
    per@hedeland.org

  7. Re: Problems while changing to new dsl-router.

    birkoff wrote:

    > Hi everyone:
    >
    > I just replaced my speedstream 5200 dsl-router (by efficient network)
    > with
    > a wirelees 2wire gateway (also called "home portal").
    >
    > The router is connected to a BSD server and behind the server is my
    > LAN.
    > Router's IP is 192.168.1.2
    > Server's eth2=192.168.1.1
    > Server's eth1=192.168.5.1
    > LAN=192.168.5.X
    >
    > My server was working OK on the day I did the change.
    >
    > The thing is, that my old router didn't work on the default settings.
    > And since I configured it so long ago (and with a lot of external
    > help) I'm pretty sure I'm missing something while configurating the
    > new router.
    >
    > What I DID configurated on the new router, in order to equal the
    > previous setting, is:
    > - port forwarding for: http, ftp, smtp, snmp, pptp, telnet, dns,
    > https, ssh, imap, etc.
    > (though I couldnt do forwarding for ICMP... the new router doesnt have
    > that
    > choice but I'm sure I did on the old router).
    > - and I also added on the router, the static route to subnet
    > 192.168.5.0 netmask
    > 255.255.255.0 gateway 192.168.1.1
    >
    > The facts:
    > I have access to internet from the server. I can ping my LAN:
    > 192.168.5.X and of course the router itself: 192.168.1.2
    > My LAN cannot access the web. But it can ping to the server on both
    > interfaces 192.168.5.1 and 192.168.1.1
    > I can access the router (192.168.1.2) from the LAN (192.168.5.X),
    > however... when I delete the static route on the router... I have no
    > longer access to it.
    >
    > Both, eth2 at the server and LAN have netmask 255.255.255.0
    > Traceroute from LAN says it gets to
    > ---->>> 192.168.5.1 (eth1 at server)
    > ---->>> 192.168.1.2 (router)
    > ---->>> request time out (and that's it !!!)
    >
    > The server already has the static route for 192.168.5.0 to
    > 192.168.5.1 netmask. 255.255.255.0
    > And default router for the server is 192.168.1.2.
    >
    > What am I missing here?
    > I really need to get this network up and running !!
    >
    > Thanks in advance.


    If you want to use the firewall and NAT of the server while not using that
    functionality in the DSL router set up the internal LAN in private IP
    space, as you seem to have done. The NIC in the server needs to get
    assigned (via DHCP) the public IP as seen by the outside world.

    Different manufacturers use differing terminology for describing this.
    Usually it's called something like "IP Passthrough". You would disable the
    NAT/Firewall in the DSL router, enable this setting, then set the server
    NIC to DHCP. If the setup is correct when you boot the server the DHCP
    server in the DSL Router will assign the public IP to this NIC.

    That's what I do here. But the name for it varies by mfr. Also when it's
    right, there is no need for the static route either. You will also not need
    any of the port forwarding stuff in the DSL router either as it will all be
    handled by your NAT/Fireall in the server.

    Also be aware of where/how the PPPoE/PPPoA is processed. With my particular
    DSL modem/router the "IP Passthrough" allows the DSL modem/router to handle
    the PPPoE connection as normal. If the one you have does not, the
    PPPoE/PPPoA will need to be setup to get done by the server.

    -Jason


+ Reply to Thread