Cisco 851 setup with NAT & static public ip range ...

woter324 · ‎11-09-2012

Sorry for the double post. Internet blipped and I thought I'd lost the lot.

Hi there,

Apologies for the long post and asking what has been asked in many different forms before but I am still stuck.

I've had by BT Business Broadband service for several months now and I still have not been able to make use of my static IP addresses.

From reading around, it appears that BT employ a very different method of assigning static IPs to any other ISP that I have used in the past, I don't fully understand the difference and as a result I am regretting buying BTBB.

I've ditched the business hub as the thought of letting a router assign a publicly routable IP directly to any of my servers without a firewall in between sends shivers down my spine. It's archaic and so wrong on every level (IMHO).

My setup consists of a Netgear DG834 ADSL modem / router. NAT is turned off and the 'router' (IP BT issued for the router) public IP address is assigned to the private interface which is connected to the public interface (FE4 - 81.xx.xx.121/29) on the Cisco. There's a static route (ip route 0.0.0.0 0.0.0.0 81.xx.xx.126) back to the D834. This all works fine and as it should.

With any other ISP, I would tell the router what my public IP range is and then set up NAT with a rule like:

ip NAT inside source static TCP 192.168.5.10 443 81.xx.xx.122 443 extendable.

I have read this won't work and I have tried it and it doesn't work but why? What have BT done that is so different to every other ISP?

If anyone could explain to me why it doesn't work the 'normal' way, I'd be very grateful but what would be really great is if someone could explain how one makes use of these public IP addresses without having 2 NICs in each server set up with a public IP and the other with a private IP. (so the server can see the local lan) and a separate firewall?

I'm sure this will make some network gurus laugh and others cry. I'm a server engineer (for good reason) who tinkers with network stuff in my spare time, so if anyone could spare a few moment and help out a fellow geek, I'd be very grateful.

Many thanks

W.

BoBeB · ‎12-09-2012

which BT broadband service do you have?

woter324 · ‎12-09-2012

Hi,

I have BT Business Broadbad unlimited with 5 public IP addresses.

(Hope this is what you mean)

Many thanks

W.

BoBeB · ‎12-09-2012

Adsl?

woter324 · ‎12-09-2012

Yes ADSL.

BoBeB · ‎12-09-2012

Not sure how BT do Adsl, infinity does use pppoe. When you say it doesn't work, what doesn't work?

woter324 · ‎12-09-2012

It uses PPoE.

From outside my network, I cannot browse to www.mydomain.com when NAT is configured to do so and my domains' public DNS records are pointing to one of my public IP addresses. In fact, I can't get to any site on my internal network using any of the public IP (from outside the LAN).

Basically, how do I make use of my public IPs:

1. Without configuring the server's NIC with a public IP

2. Without a 1-to-1 NAT

3. If above are impossible, with a firewall between the WAN and LAN?

4. Allow LAN to NAT as normal.

I have been contemplating getting myself a Cisco PIX 501 to put between the DG843 and Cisco 851, but first I want to work out how to get the NAT side working. I should be able to configure something that will work (without the firewall for testing).

I am also wondering if there is something I can do with the other ports on the router whereby one of the ports is configured as a 1-to-1 NAT.

Thanks

W

woter324 · ‎18-09-2012

Hi,

Sorry to bump, but I'm getting desperate.

Thanks

W.

LogBurner · ‎22-09-2012

Does this help?

http://forum.kitz.co.uk/index.php?topic=2179.0

See discussion of How BT probably do things the old way but there is a network diagram at the bottom of the page including rule sets.

HTH

Cisco 851 setup with NAT & static public ip range (5x addresses)