Can't download Windows Updates or visit Microsoft.com
-
@thecreativeone91 said:
@scottalanmiller Yeah. He flagged all of my responses as unrelated because his question was about removing a double NAT or setting up multiple subnets. And they were deleted.
Wait... they got deleted? Seriously?
-
They'd better not delete my posts for trying to help him understand where his problems are. What a load of crap.
-
-
A Comcast tech I know said they had an issue with MTU being wrong which caused issues with packets being dropped.
-
@scottalanmiller said:
Right, that's what I'm saying. Two routers and/or two firewalls doesn't suggest double NAT.
Yes it does. The typical SoHo gear does not have the routing capability out of the box to do any BUT basic NAT. This means double NAT always.
Additionally, the only way most people know how to set up gear is static/DHCP WAN and a NAT to the LAN.
So again, yes, two routers immediately suggests double NAT.
This does not mean two router technically suggests a double NAT, as it does not. But that is not a standard in practice skill.
-
@JaredBusch said:
@scottalanmiller said:
Right, that's what I'm saying. Two routers and/or two firewalls doesn't suggest double NAT.
Yes it does. The typical SoHo gear does not have the routing capability out of the box to do any BUT basic NAT. This means double NAT always.
Additionally, the only way most people know how to set up gear is static/DHCP WAN and a NAT to the LAN.
So again, yes, two routers immediately suggests double NAT.
This does not mean two router technically suggests a double NAT, as it does not. But that is not a standard in practice skill.
But no IT pro or business would seriously suggest home equipment and even sub $100 business gear doesn't require NAT. Anyone in this category falls below the "business" line. It is and always has been standard to have double routers, but not double NAT, in business. This is common from both networking and systems training sides. That somewhere some confused home users suggest double NAT doesn't mean that IT recommendations of double routers suggests double NAT, or any NAT.
-
If you use NAT for "security" what the heck do they plan on doing when IPv6 is mainstream. I don't think that guy understands PCI compliance either.
-
@thecreativeone91 said:
If you use NAT for "security" what the heck do they plan on doing when IPv6 is mainstream. I don't think that guy understands PCI compliance either.
No, not at all. And several people in that thread even said that they wouldn't actually recommend double NAT, just double routers. In the case of the OP, he isn't saying that he wants to do it but that he refuses to explain how to do things well. Basically, he doesn't care at all about the client and is unclear on where his demarcation point is because he keeps flip flopping on that point in order to shut down whoever is trying to help him at the particular moment.
-
I guess I haven't seen the posts where the OP states he's doing double NAT. Where was it?
Regardless of double nat... Since DHCP works and static doesn't, doesn't it seem obvious that he's probably missing a default gateway.
-
@Dashrender said:
I guess I haven't seen the posts where the OP states he's doing double NAT. Where was it?
Regardless of double nat... Since DHCP works and static doesn't, doesn't it seem obvious that he's probably missing a default gateway.
Some of the conversation has been deleted. But they are using NAT for security to separate companies instead of a firewall. Which won't meet the requirements of PCI-DSS. And will cause issues for lots of types of traffic. If they are related enough of companies to share an internet connection they should be willing to work together to properly set it up.
-
@thecreativeone91 said:
@Dashrender said:
I guess I haven't seen the posts where the OP states he's doing double NAT. Where was it?
Regardless of double nat... Since DHCP works and static doesn't, doesn't it seem obvious that he's probably missing a default gateway.
Some of the conversation has been deleted. But they are using NAT for security to separate companies instead of a firewall. Which won't meet the requirements of PCI-DSS. And will cause issues for lots of types of traffic. If they are related enough of companies to share an internet connection they should be willing to work together to properly set it up.
While I agree that PCI-DSS isn't a reason to do what they are doing, but the continuous badgering over NATing vs solving the problem seemed pointless. The suggestions were made, rejected, so move on to a solution that he wants?
Yeah I assumed that a bunch of posts must have been removed, the quoted parts didn't since since they weren't in the thread....
oh well... I suppose was should move back to talking about the OP's question.
-
Problem is, he's not giving good reasons for moving on and keeps making crap up. There is a way for him to handle it well, but he isn't doing that. He's basically refusing to listen to reason, refusing to explain to management why what they are doing is bad and/or won't even work and he's instead attacking the people trying most to help him. Basically he's being lazy and foolish. He might have reasons for not telling management the truth, but he's not sharing those or even suggesting that they exist. Instead he makes up reasons like "he's only supposed to fix the one device" which he can't do, so that reason isn't valid. Then he makes up a different, conflicting reason, in another post.
I agree, there are times to accept that we can't always do the best thing. But this is a case of someone demanding bad advice and just refusing to accept good advice when it is give. It isn't a case where, from anything we can see in the thread, he is limited to only do the wrong thing. He's just being foolish all around (both in his tech and how he presents it to us.)
And there is no good advice to give. He's already stated that what he wants to do doesn't work. So the one thing he demands he's already ruled out!
