Help setting up routing

1337

@JaredBusch said in Help setting up routing:

It is all source and destination NAT rules. This is very basic actual "routing" knowledge.

That's a good description. It doesn't require that you set up any routes as such.

It's the use of a routing network that can be confusing. But it just means that the public IPs end up being routed to the WAN interface over the private routing subnet. Doesn't require any special config to be done in the router.

Dashrender

@JaredBusch said in Help setting up routing:

outbound-interface eth0

@JaredBusch the reference to eth0 in both inbound/outbound - does that simply mean that's the interface where the traffic comes from, but has zero to do with eth0's actual IP?

If that's right, that definitely helps me understand better.

JaredBusch

@Dashrender Yes

pmoncho

@Dashrender said in Help setting up routing:

I need some assistance understanding in general, and we'll use a ER-X for specifics in the following scenario.

ISP will provide /29 of usable IPs (125.25.25.6/29)
Static assignment 125.25.25.1 - 172.16.16.200.11
Static assignment 125.25.25.2 - 172.16.16.200.12
Static assignment 125.25.25.3 - 172.16.16.200.13
Static assignment 125.25.25.4 - 172.16.16.200.14
Static assignment 125.25.25.5 - 172.16.16.200.15
Static assignment 125.25.25.6 - 172.16.16.200.x (all others)
ISP connection to your router will be over non public routable connection 10.100.100.2/30
ISP Default Gate 10.100.100.1
Internal network will be NATed 172.16.200.x/24

Assuming Port 0 is the WAN port, I assume we'll assign 10.100.100.2/30 to port 0, and the DG as 10.100.100.1.

Assuming Port 1 is LAN port, assign 172.16.200.1/24.

I don't know what to do with the the 125.25.25.6/29 address so my LAN is NAT'ed, and then sent via the 10. network.

Thanks for any insight.

I have a question about this setup (just for my general understanding of networking).

Would this be considered a double nat situation? If so, does this create any issues with users on your 172. network?

JaredBusch

@Dashrender said in Help setting up routing:

ISP connection to your router will be over non public routable connection 10.100.100.2/30
ISP Default Gate 10.100.100.1
Internal network will be NATed 172.16.200.x/24
Assuming Port 0 is the WAN port, I assume we'll assign 10.100.100.2/30 to port 0, and the DG as 10.100.100.1.
Assuming Port 1 is LAN port, assign 172.16.200.1/24.
I don't know what to do with the the 125.25.25.6/29 address so my LAN is NAT'ed, and then sent via the 10. network.

It is not a private network, but the NAT examples above are on a router where that /29 is not on any interface.

The only WAN IP is a /30 from AT&T.

JaredBusch

Basically, when I order fiber service from an ISP, I refuse their termination router.

So they drop in fiber, and a router that converts the fiber to ehternet. I hook my router up there.

The Fiber services (from the 3 companies I have used so far) all terminate on a /30. That is what I put on my router as the WAN. See above.

But then I make NAT rules to route all the traffic via the IP that they should show. See config posts above.

The only time I ever use the /30 IP if for VPN connectivity.

Your setup should be identical. Just the ISP provides a 10. instead of a public IP for that part of the routing.

JaredBusch

@pmoncho said in Help setting up routing:

Would this be considered a double nat situation?

It depends on the ISP, but I would assume not in this scenario. it sounds like normal routed traffic.

Dashrender

@pmoncho said in Help setting up routing:

Would this be considered a double nat situation? If so, does this create any issues with users on your 172. network?

As Jared said - no, it's not a double NAT, at least not in my example

scottalanmiller

@JaredBusch said in Help setting up routing:

@pmoncho said in Help setting up routing:

Would this be considered a double nat situation?

It depends on the ISP, but I would assume not in this scenario. it sounds like normal routed traffic.

That was my thinking, I didn't see an extra NAT anywhere.

FATeknollogee

@JaredBusch Just curious, what it the /23 on eth3, is that one of your LAN IP blocks from AT&T?

pmoncho

@Dashrender said in Help setting up routing:

@pmoncho said in Help setting up routing:

Would this be considered a double nat situation? If so, does this create any issues with users on your 172. network?

As Jared said - no, it's not a double NAT, at least not in my example

I was only thinking of double NAT, as the ISP uses private 10.x and you use private 172.16.x and that would create a double NAT. My bad.

JaredBusch

@FATeknollogee said in Help setting up routing:

@JaredBusch Just curious, what it the /23 on eth3, is that one of your LAN IP blocks from AT&T?

No. That is the LAN.

FATeknollogee

@JaredBusch Got it. I now see that it's a 10.202.0.x vs your LAN IP of 10.202.8.x - men, need to put my glasses on!

scottalanmiller

@FATeknollogee said in Help setting up routing:

@JaredBusch Just curious, what it the /23 on eth3, is that one of your LAN IP blocks from AT&T?

AT&T can't issue private IP addresses.