Adding ADSL internet access to a LAN via NAT

[Squib]

Hi,

I was wondering if anyone can help me, I am sure someone must have done this before.

I am hoping to install ADSL on my LAN (one site, NT4, about 50 Win9x PC's, address range 128.5.2.0 allocated by DHCP). The ADSL service is provided by a router running NAT that allocates address in the range 192.168.254.0, I cannot reconfigure the router as it is provided by the ISP.

Now my questions relate to the allocation of IP addresses, am I correct in thinking that the NAT on the router will fight with the DHCP on my LAN?

How can I painlessly get this to work, without having to manually go and reconfigure all the boxes on my network that have fixed IP's (other servers etc). I believe I could stop the DHCP on the server and let the Router assign new IP's to everything but this would still entail a trip around changing the fixed IP's to the new 192.168.254.0 range.

I have half an idea of somehow installing a PC with 2 NIC's to act as a router, forwarding packets between my 128.5.2.0 LAN and the 192.168.254.1 ADSL router, but I am sketchy as to the details. This however would mean I could leave my LAN unchanged and just change the 'Default Gateway' in the DHCP to point to the routing PC, but again I am not sure.

Anyone have any thoughts? The cheaper the solution the better. Any free/cheap software available?

Many thanks.

 

[sobak]

Under normal circumstances, I would get a new router if the ISP would not allow me access to the existing one. Since I'm not sure who your ISP is, its hard to recommend that solution. Actually its DHCP on your router that is handing out IP Addresses and not the NAT configuration. Although the router handles NAT it is also a DHCP server.

You are correct...If you add a DHCP server to your network, you will end up with half of your systems on one IP Address Scheme and the other half on the other one.

Now the other problem is. Your network is currently setup to run on a public IP Address (128.5.2.0) Example... 128.5.2.1 is actually owned by Ford Motor Company. Your ISP set you up on the 192.168.254.0 network because these IP Addresses are private. That means that no router on the internet will forward any packet with the source address of 192.168.254.0. Most all networks running NAT have an internal Private address range and a Public IP Address on the WAN side of the ADSL Router.

The best solution that I can give your (you may not like this) is to visit each of the workstations and set them up for DHCP. This (in my opinion) is the best solution to your problem. It actually gets you on a standard that is acceptable to most Network Engineers.

Now if you don't want to go that route, you can always place a system (with 2 network cards in it) and have it between your network and the ADSL router. You can load a proxy server software on it and have it act as an interface between you and your ADSL router. However I still think you'll end up with other problems with this solution and I don't recommend it.

Hope this helps......

david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*

 

[sobak]

Another consideration is DNS. I don't know what type of servers you are using but if you are running Windows NT/2000 servers with a SQL database and your systems attempt to resolve your 128.5.2.0 network, they may possibly never find the correct server, or your workstations will never be able to browse the internet. Since you are using a public IP Address scheme, DNS requests have to resolve somewhere.

Resolved internally, your workstation will not be able to browse.
Resolved externally, your workstations MAY never find the correct server.

Things to keep in mind....
david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*

 

[jeter]

You could setup your server as a proxy and route the internet access out the nic the dsl is on. Normally i would not do this, I agree with the statement above either get a new router and or have the isp change your ip address. There is alot of good info posted here take the best application and run with it. Jeter@LasVegas.com
J.Fisher CCNA

 

[dilettante]

Sounds like you need a router behind THEIR router.

I used "The Internet Extender" for several years on my cable modem connection:

http://www-acc.scu.edu/~jsarich/ieweb/main.htm

This is pretty cool software for free, supporting NAT and NAPT (port mapping). I ran it in a slimline compact 486DX66 under DOS with two Intel EtherExpress cards. It also supports a serial WAN connection or even an internal modem for those in the sticks. Can't get much cheaper than that!

Problems:

1.) On a NIC it cannot handle a WAN DHCP address - it requires a fixed IP. Dial/PPP was fine, but a fixed IP was REQUIRED on a LAN connection.

2.) It is not a DHCP server. You need to assign fixed IP addresses within your LAN. Not a serious problem, use the 10.0.0.0 network and you have plenty of headroom!

3.) Server support. NAPT made it easy to run several kinds of servers, but you have only one IP address coming into the 486 NAT box, and that address can only serve one port 80 (for example). I ran three web servers on various port numbers, used one machine as a Windows Terminal Server, etc. Worked fine.

So why did I abandon it?

1.) Expected to lose my fixed IP address (which I did in the Excite@Home debacle earlier this month).

2.) Got tired of lubricating the fan in the 486 box (once a year, but a pain in the rear). Couldn't find a cheap replacement to fit the P/S and it would have required unsoldering two components on the P/S's circuit board to physically remove the fan. Couldn't find a cheap replacement P/S.

3.) Got a GREAT deal on a GREAT little router: SMC 7004BR for $49 last year. Includes DHCP both sides of the box, takes less space, uses 1/4 the power, has a built in print server, has both serial and 10BaseT "uplink" ports, incorporates a 4-port 10/100 switch.

But... check the Internet Extender web site. Perhaps the software has been upgraded. Great little tool, I know of about 8 people still running them locally!

 

[MWM]

... just out of curiousity, why was your LAN DHCP set up to issue public IP addresses?

Would I be right is guessing that you do not want your entire range of PCs exposed to public trafic?

Perhaps another router could interpose here and buffer your inside (albeit public) address scheme. But the time spent managing ACLs could be a serious obstacle.

Is this "bite the bullet" time?

Yours,
Mike

 

[Squib]

Hi,

Thanks everyone for your helpful posts.

I think I have decided to put another router between my network and the ADSL router. This will mean that my DHCP server can still handle the dishing out of the IP's on my network and I don't have to change anything else.

The ADSL router will be running NAT so should provide enough security to ensure no-one can access my internal network from the internet and my 128.5.2.x IP range won't be exposed to the big bad internet.

In the future I will bite the bullet and sort out my internal address range so it uses something a bit more obvious but I am trying to avoid doing that at the same time as installing this ADSL router, I am not sure what may stop working when I reconfigure the DHCP. I have a number of things with fixed IP's.

One final question, can anyone recommend a cheap router to do the job for me? Doesnt really need to be anything fancy, just a box to forward packets between the two networks. I am tempted to config a PC with 2 network cards, but I would rather buy a little box and spend 10 mins configuring it.

Thanks

 

[MWM]

... a quick walk thru CompUSA will show some consumer/very small business routers; they accept ADSL and output standard ethernet. The better ones in this group (there is the next level of small Cisco routers, too) provide for NAT, PAT, DHCP and some other options, such as better packet filtering or content filtering. One of these might replace your ISP-provided unit.

Now you will have a device that allows some configuration changes, such as DHCP (on/off, client/server), address range settings, dynamic connection setup (if needed), etc. All of this works better, in my view, with static IPs (say, a set of five static IPs), and further provides the option of giving an outside IP to an internal machine, as needed.

If your boss wants internet access for the company (necessary these days, even just to provide your machines with various operating system and virus updates) then a set of static IPs would seem to be an entirely reasonable, even trivial, cost.

For example, from PacBell a set of five small-business static IPs runs about $79/month. Add a $200 router (no, not the $69 special) and you should be well ahead in your efforts.

BTW, in my experience, the PacBell-provided Cayman 3220 router is not advised. I had no real success getting timely tech support, and I spent hours, repeatedly. (They call you back, if they call back, a day or two later, when you may not be available or on-site to work with them. So you then go into the que again.) Netgear, on the other hand, had 24-hour live support.

Yours, Mike

 

[dilettante]

Weird.

Just read my post above, and it looks like it got posted to the wrong thread.

I recall that reply of mine, but I could have sworn it was in answer to a question about a really cheap way to NAT a DSL connection.

All I can say is... "Nevermind!"