Community discussions

MUM Europe 2020
 
User avatar
cpresto
Member Candidate
Member Candidate
Topic Author
Posts: 173
Joined: Tue Jul 18, 2006 3:12 pm

public IP assignment

Fri Jan 05, 2007 8:15 pm

Hi all,
I have to assign to customers public IPs form my ISP (32public IPs, /29 subnet). In a x.x.x.x/29 subnet only 30 IPs are available: x.x.x.128 is the network and x.x.x.159 is the broadcast. My customenrs stays behind MK.
ISP router as a public IP (x.x.x.129) and MK have another public IP (x.x.x.130) on the same subnet in order to communicate with ISP router.

The problem is that as I give x.x.x.130/29 to MK, a dynamic route is created and the whole subnet is considered reachable on that interface (let's call it WAN), while I want to assign public IPs of that subnet on another interface (e.g. AUTH). Is there a way that I can say to MK that the remaining public IPs (x.x.x.131-x.x.x.158) are on AUTH interface instead of WAN ?!?!? :roll: :?:

E.G.

Internet-----ISP ROUTER--------(WAN) MK (AUTH)----------- Customer
-------------------x.x.x.129------x.x.x.130----192.168.1.1----x.x.x.131

I want x.x.x.131 to arrive @ ISP router, not masqueraded. But as I give x.x.x.130 to MK, it think that x.x.x.131 is on the segment that looks @ ISP router.

Rgds
 
zhall
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Fri Aug 20, 2004 6:33 pm
Location: Virginia

Fri Jan 05, 2007 8:23 pm

Have the ISP assign you a /30 to put on your WAN interface so you can route to them. They should do this anyhow.
 
changeip
Forum Guru
Forum Guru
Posts: 3804
Joined: Fri May 28, 2004 5:22 pm

Fri Jan 05, 2007 8:32 pm

Can you just subnet those additional ips you want to route further down the line into the routing tables? Maybe setup yourself on the WAN a /30 with the ISP (even though they route it all to you).

x.x.x.144/28 (x.x.x.144 - x.x.x.x.159)

BTW a /29 is only 8 ips, /28 is 16, /27 is 32.

Sam
 
User avatar
cpresto
Member Candidate
Member Candidate
Topic Author
Posts: 173
Joined: Tue Jul 18, 2006 3:12 pm

public IP assignment

Sat Jan 06, 2007 12:35 pm

Thank you all,
yes obviously 32 IP is /27...my fault.

Of course it is possible to make 2 subnets with a /27 one, but this cause IP waisting that I would like to avoid.

I suppose that if I give a secondary (private) IP address at ISP router on LAN side (the one that looks @ MK), all public IPs should pass through it without NAT... :wink:
ISP router is a LANCOM821 (http://www.lancom-systems.de/LANCOM-821 ... ab0.0.html) and its has two IP address: the public one x.x.x.129 on its DMZ interface and the private one 192.168.0.254 on its Intranet interface. If I connect to it directly with my laptop with x.x.x.132, with DG 192.168.0.254, I'm able to surf the web without NAT (I go out with x.x.x.132), but if I remove x.x.x.129 from its DMZ interface, I'll not be able to go connect to Internet any more. So if I remove x.x.x.130 from MK, I should be able to surf the NET by means of Lancom secondary IP address:

OK with this
Internet-----Lancom---------------------Laptop----------MK
---------------192.168.0.254----x.x.x.132--------------192.168.0.1

Should work like this: :shock:
Internet---------Lancom------------------MK---------------------Customer
---------------(Sec)192.168.0.254---------192.168.0.1-----------x.x.x.132
---------------(DMZ)x.x.x.129
 
changeip
Forum Guru
Forum Guru
Posts: 3804
Joined: Fri May 28, 2004 5:22 pm

Sun Jan 07, 2007 6:23 pm

You could possibly just subnet all those IPs as /32s and route them where you need them ... it works in many cases, possibly yours.

Sam
 
gyoztes
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Mon Jul 17, 2006 12:12 pm

Sun Jan 07, 2007 8:57 pm

hi all,

may i continue the question?

i have a same network:

internet --- base station(mt) -- wifi -- customer router(mt) --- customer pc

base station ips: x.x.x.1/28, and 10.0.0.1/30, and src-nat to x.x.x.2

customer router: 10.0.0.2/30 (external) + masquerading, and 192.168.0.1/24 (internal) + dhcp server

customer pcs get dhcp addresses and it works well. if somebody want x.x.x.2 address, i create static route to base station, and customer router.

i use this because i send max 1 x.x.x.x address to 1 customer. if i like to add x.x.x.1/29 to 1 customer, i can use easier plan, but with this, i can use only 5 address from 8, because i must use the other 3 address to customer router + net + broadcast.

can anybody better idea to use 1 public address to 1 customer without scr-nat and masqueradnig?

thanks,

gyoztes
 
Diganet
Member
Member
Posts: 349
Joined: Sun Oct 30, 2005 9:30 pm
Location: Denmark
Contact:

Sun Jan 07, 2007 10:56 pm

hi all,

can anybody better idea to use 1 public address to 1 customer without scr-nat and masqueradnig?

thanks,

gyoztes
Create Virtual AP for Public IP customers, create EOIP tunnel to Firewall. Bridge them together. On Firewall create bridge for WAN interface and EoIP tunnel. Assign Public IP direct to customers Wireless interface. Voilá.. No wasting of public IP's because of routing in your net.

/Henrik
 
User avatar
savagedavid
Trainer
Trainer
Posts: 310
Joined: Thu Aug 25, 2005 12:58 pm
Location: Cape Town, South Africa
Contact:

Mon Jan 08, 2007 12:39 am

The best way to do this is to use Point to Point addressing on your network. This means using /32 addresses on your client side. Then you dont need any tunnels of any sort and you dont waste addresses. Your routing will be more complicated though.
 
User avatar
cpresto
Member Candidate
Member Candidate
Topic Author
Posts: 173
Joined: Tue Jul 18, 2006 3:12 pm

public IP assignment

Fri Jan 12, 2007 7:07 pm

Thank you all for replies,
finally it seems that the problem is the Lancom Router. It's able to manage two Interfaces, DMZ and Intranet, only DMZ address are able to access Internet withouth NAT. I've tested the following scenarios:

1) Unique subnet
Internet----Lancom-------------------------MK----------------Customer
---------DMZ x.x.x.129/27------x.x.x.130/27-----------PPPoE x.x.x.132/27
------Intranet 192.168.0.254-----192.168.0.1

- MK is able to reach x.x.x.132/27.
- The route x.x.x.132-->192.168.0.1 is added to the Lancom

Results
- Lancom does not routes packects for x.x.x.132/27 because this is an address on its DMZ interface

2) Two Subnets
Internet----Lancom-------------------------MK----------------Customer
---------DMZ x.x.x.129/30------x.x.x.130/30-----------PPPoE x.x.x.132/27
------Intranet 192.168.0.254-----192.168.0.1

- MK is able to reach x.x.x.132/27
- The route x.x.x.132-->192.168.0.1 is added to the Lancom

Results
- Lancom is able to reach x.x.x.132/27 via MK (because this address does not belongs to its subnet)
- Customer with x.x.x.132/27 reaches the Lancom, but it access Internet "natted" by him (x.x.x.129/30) . This is because x.x.x.132/27 does not belong to the DMZ subnet (x.x.x.128/30).

3) N:N mapping
Internet----Lancom---------------------------MK----------------Customer
---------DMZ x.x.x.129/27------x.x.x.130/27--------- 192.168.7.132/27
------Intranet 192.168.0.254-----192.168.0.1

With N:N mapping, the Lancom should map every single privite IP 192.168.7.128/27 to a corresponding IP x.x.x.128/27, eg: 192.168.7.132/27 <-> x.x.x.132/27.

Results
Customer reaches Lancom with 192.168.7.132 and not with x.x.x.132/27. This seems to be the right way, but something is not working with N:N mapping on Lancom... :evil:

Regards

Who is online

Users browsing this forum: Google [Bot], HarolsdPhivy and 92 guests