Can't download Windows Updates or visit Microsoft.com
-
@thecreativeone91 said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
Double NAT? is everyone here running two routers in series behind their ISP's connection?
Not me.
OK good I thought I had missed something completely.
People are recomeding double NAT over there as a security practice. It gives you better security they claim to have two firewalls. So apparently some are.
Double firewalls does not equal double NAT. Double firewalls used to be a standard practice and enterprises all still do this. But I know of none that do double NAT, many don't do NAT at all.
-
@scottalanmiller said:
@thecreativeone91 said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
Double NAT? is everyone here running two routers in series behind their ISP's connection?
Not me.
OK good I thought I had missed something completely.
People are recomeding double NAT over there as a security practice. It gives you better security they claim to have two firewalls. So apparently some are.
Double firewalls does not equal double NAT. Double firewalls used to be a standard practice and enterprises all still do this. But I know of none that do double NAT, many don't do NAT at all.
Yes of course. But in this case they are reccomeding using two routers.
-
@thecreativeone91 said:
Yes of course. But in this case they are reccomeding using two routers.
Right, that's what I'm saying. Two routers and/or two firewalls doesn't suggest double NAT.
-
@scottalanmiller said:
@thecreativeone91 said:
Yes of course. But in this case they are reccomeding using two routers.
Right, that's what I'm saying. Two routers and/or two firewalls doesn't suggest double NAT.
If it's configured in that way. But they way they were suggestion is is using the second NAT to separate business related in the same building (parent company from sister company etc.) instead of using a single router with a firewall and separate subnets for each.
-
I don't see the point in over complicating it by using double NAT.
It just makes things more difficult for the poor bunny that has to troubleshoot it. -
This is just one of them I've seen recently. http://community.spiceworks.com/topic/859078-soho-router-to-router-dchp-works-static-doesnt
-
@thecreativeone91 said:
@scottalanmiller said:
@thecreativeone91 said:
Yes of course. But in this case they are reccomeding using two routers.
Right, that's what I'm saying. Two routers and/or two firewalls doesn't suggest double NAT.
If it's configured in that way. But they way they were suggestion is is using the second NAT to separate business related in the same building (parent company from sister company etc.) instead of using a single router with a firewall and separate subnets for each.
That's different then.
-
@scottalanmiller Yeah. He flagged all of my responses as unrelated because his question was about removing a double NAT or setting up multiple subnets. And they were deleted.
-
@thecreativeone91 said:
@scottalanmiller Yeah. He flagged all of my responses as unrelated because his question was about removing a double NAT or setting up multiple subnets. And they were deleted.
Wait... they got deleted? Seriously?
-
They'd better not delete my posts for trying to help him understand where his problems are. What a load of crap.
-
-
A Comcast tech I know said they had an issue with MTU being wrong which caused issues with packets being dropped.
-
@scottalanmiller said:
Right, that's what I'm saying. Two routers and/or two firewalls doesn't suggest double NAT.
Yes it does. The typical SoHo gear does not have the routing capability out of the box to do any BUT basic NAT. This means double NAT always.
Additionally, the only way most people know how to set up gear is static/DHCP WAN and a NAT to the LAN.
So again, yes, two routers immediately suggests double NAT.
This does not mean two router technically suggests a double NAT, as it does not. But that is not a standard in practice skill.
-
@JaredBusch said:
@scottalanmiller said:
Right, that's what I'm saying. Two routers and/or two firewalls doesn't suggest double NAT.
Yes it does. The typical SoHo gear does not have the routing capability out of the box to do any BUT basic NAT. This means double NAT always.
Additionally, the only way most people know how to set up gear is static/DHCP WAN and a NAT to the LAN.
So again, yes, two routers immediately suggests double NAT.
This does not mean two router technically suggests a double NAT, as it does not. But that is not a standard in practice skill.
But no IT pro or business would seriously suggest home equipment and even sub $100 business gear doesn't require NAT. Anyone in this category falls below the "business" line. It is and always has been standard to have double routers, but not double NAT, in business. This is common from both networking and systems training sides. That somewhere some confused home users suggest double NAT doesn't mean that IT recommendations of double routers suggests double NAT, or any NAT.
-
If you use NAT for "security" what the heck do they plan on doing when IPv6 is mainstream. I don't think that guy understands PCI compliance either.
-
@thecreativeone91 said:
If you use NAT for "security" what the heck do they plan on doing when IPv6 is mainstream. I don't think that guy understands PCI compliance either.
No, not at all. And several people in that thread even said that they wouldn't actually recommend double NAT, just double routers. In the case of the OP, he isn't saying that he wants to do it but that he refuses to explain how to do things well. Basically, he doesn't care at all about the client and is unclear on where his demarcation point is because he keeps flip flopping on that point in order to shut down whoever is trying to help him at the particular moment.
-
I guess I haven't seen the posts where the OP states he's doing double NAT. Where was it?
Regardless of double nat... Since DHCP works and static doesn't, doesn't it seem obvious that he's probably missing a default gateway.
-
@Dashrender said:
I guess I haven't seen the posts where the OP states he's doing double NAT. Where was it?
Regardless of double nat... Since DHCP works and static doesn't, doesn't it seem obvious that he's probably missing a default gateway.
Some of the conversation has been deleted. But they are using NAT for security to separate companies instead of a firewall. Which won't meet the requirements of PCI-DSS. And will cause issues for lots of types of traffic. If they are related enough of companies to share an internet connection they should be willing to work together to properly set it up.
-
@thecreativeone91 said:
@Dashrender said:
I guess I haven't seen the posts where the OP states he's doing double NAT. Where was it?
Regardless of double nat... Since DHCP works and static doesn't, doesn't it seem obvious that he's probably missing a default gateway.
Some of the conversation has been deleted. But they are using NAT for security to separate companies instead of a firewall. Which won't meet the requirements of PCI-DSS. And will cause issues for lots of types of traffic. If they are related enough of companies to share an internet connection they should be willing to work together to properly set it up.
While I agree that PCI-DSS isn't a reason to do what they are doing, but the continuous badgering over NATing vs solving the problem seemed pointless. The suggestions were made, rejected, so move on to a solution that he wants?
Yeah I assumed that a bunch of posts must have been removed, the quoted parts didn't since since they weren't in the thread....
oh well... I suppose was should move back to talking about the OP's question.
-
Problem is, he's not giving good reasons for moving on and keeps making crap up. There is a way for him to handle it well, but he isn't doing that. He's basically refusing to listen to reason, refusing to explain to management why what they are doing is bad and/or won't even work and he's instead attacking the people trying most to help him. Basically he's being lazy and foolish. He might have reasons for not telling management the truth, but he's not sharing those or even suggesting that they exist. Instead he makes up reasons like "he's only supposed to fix the one device" which he can't do, so that reason isn't valid. Then he makes up a different, conflicting reason, in another post.
I agree, there are times to accept that we can't always do the best thing. But this is a case of someone demanding bad advice and just refusing to accept good advice when it is give. It isn't a case where, from anything we can see in the thread, he is limited to only do the wrong thing. He's just being foolish all around (both in his tech and how he presents it to us.)
And there is no good advice to give. He's already stated that what he wants to do doesn't work. So the one thing he demands he's already ruled out!
