Help setting up routing
-
@Dashrender said in Help setting up routing:
I need some assistance understanding in general, and we'll use a ER-X for specifics in the following scenario.
ISP will provide /29 of usable IPs (125.25.25.6/29)
Static assignment 125.25.25.1 - 172.16.16.200.11
Static assignment 125.25.25.2 - 172.16.16.200.12
Static assignment 125.25.25.3 - 172.16.16.200.13
Static assignment 125.25.25.4 - 172.16.16.200.14
Static assignment 125.25.25.5 - 172.16.16.200.15
Static assignment 125.25.25.6 - 172.16.16.200.x (all others)
ISP connection to your router will be over non public routable connection 10.100.100.2/30
ISP Default Gate 10.100.100.1
Internal network will be NATed 172.16.200.x/24Assuming Port 0 is the WAN port, I assume we'll assign 10.100.100.2/30 to port 0, and the DG as 10.100.100.1.
Assuming Port 1 is LAN port, assign 172.16.200.1/24.
I don't know what to do with the the 125.25.25.6/29 address so my LAN is NAT'ed, and then sent via the 10. network.
Thanks for any insight.
I have a question about this setup (just for my general understanding of networking).
Would this be considered a double nat situation? If so, does this create any issues with users on your 172. network?
-
@Dashrender said in Help setting up routing:
ISP connection to your router will be over non public routable connection 10.100.100.2/30
ISP Default Gate 10.100.100.1
Internal network will be NATed 172.16.200.x/24
Assuming Port 0 is the WAN port, I assume we'll assign 10.100.100.2/30 to port 0, and the DG as 10.100.100.1.
Assuming Port 1 is LAN port, assign 172.16.200.1/24.
I don't know what to do with the the 125.25.25.6/29 address so my LAN is NAT'ed, and then sent via the 10. network.It is not a private network, but the NAT examples above are on a router where that /29 is not on any interface.
The only WAN IP is a /30 from AT&T.
-
Basically, when I order fiber service from an ISP, I refuse their termination router.
So they drop in fiber, and a router that converts the fiber to ehternet. I hook my router up there.
The Fiber services (from the 3 companies I have used so far) all terminate on a /30. That is what I put on my router as the WAN. See above.
But then I make NAT rules to route all the traffic via the IP that they should show. See config posts above.
The only time I ever use the /30 IP if for VPN connectivity.
Your setup should be identical. Just the ISP provides a
10.
instead of a public IP for that part of the routing. -
@pmoncho said in Help setting up routing:
Would this be considered a double nat situation?
It depends on the ISP, but I would assume not in this scenario. it sounds like normal routed traffic.
-
@pmoncho said in Help setting up routing:
Would this be considered a double nat situation? If so, does this create any issues with users on your 172. network?
As Jared said - no, it's not a double NAT, at least not in my example
-
@JaredBusch said in Help setting up routing:
@pmoncho said in Help setting up routing:
Would this be considered a double nat situation?
It depends on the ISP, but I would assume not in this scenario. it sounds like normal routed traffic.
That was my thinking, I didn't see an extra NAT anywhere.
-
@JaredBusch Just curious, what it the /23 on eth3, is that one of your LAN IP blocks from AT&T?
-
@Dashrender said in Help setting up routing:
@pmoncho said in Help setting up routing:
Would this be considered a double nat situation? If so, does this create any issues with users on your 172. network?
As Jared said - no, it's not a double NAT, at least not in my example
I was only thinking of double NAT, as the ISP uses private 10.x and you use private 172.16.x and that would create a double NAT. My bad.
-
@FATeknollogee said in Help setting up routing:
@JaredBusch Just curious, what it the /23 on eth3, is that one of your LAN IP blocks from AT&T?
No. That is the LAN.
-
@JaredBusch Got it. I now see that it's a 10.202.0.x vs your LAN IP of 10.202.8.x - men, need to put my glasses on!
-
@FATeknollogee said in Help setting up routing:
@JaredBusch Just curious, what it the /23 on eth3, is that one of your LAN IP blocks from AT&T?
AT&T can't issue private IP addresses.