i have just installed a PVC at my ops centre and need to hook a couple of guys in different locations in town so they can use my Internet over my high speed satellite connection... they will be assigned, static, public ip addresses for each of their individual connections, and data will be encapsulated using frame realy to support multiple logical PVCs into my single DSU....
i am wondering how i am going to setup their routing tables/information in their cisco routers... their setup is...
* private IPs.. 10.0.0.0/24 for the internal LAN
* a Linux server which will masquerade the connections for the LAN computers onto the router/internet...
* a cisco 1601 and above router connected to the CSU
* encapsulation type on the cisco router is frame-relay
i have thought of some routing algorithms for each of my client's routers, but i am not really sure if it will work... lemmie just explain... please note, for obvious reason, i am going to use fake IPs
the main cisco router is a 2509 series router connected onto the satellite... it's ethernet IP address is 172.16.0.1/24..and the ip address of the serial interface connected to th DSU/PVC is 192.168.0.1/24...
now, to configure the router of my first client, i have assigned the ip address of his serial interface that's connected to the CSU/PVC as 192.168.0.2/24....
my client's linux server has two ethernet cards, one to the internal network and another to the router... the one connected to the internal network has the ip address as 10.0.0.1.. and the one connected to the ethernet interface of the router is 169.254.0.2..... so what happens is that the firewall in the linux server is supposed to masquerade the internal 10.0.0.0/24 private network into the 169.254.0.2/24 ip address, which in turn will be masqueraded to the true public ip of the router..... i would like the connection to appear like it came from the router and not the linux server.. although any suggestions otherwise would be welcome.....
so, i have decided to give this client's router the public ip address of 172.16.0.2/24... so here is the configuration i will assume for the cisco router on the client's side...
conf t
* this will set the ip address of the router's ethernet interface, which is similar to that of the linux server on the router's side
int e0
ip address 169.254.0.1 255.255.255.0
ip nat inside
!
* this will set the ip address of the serial interface connected to the CSU/PVC
int s0
ip address 192.168.0.2 255.255.255.0
ip nat outside
!
* this will allow NAT to translate the ip address [and all other internal ip addresses thereto] of the external interface card on the linux server, 169.254.0.2/24, into the SINGLE PUBLIC IP ADDRESS...
ip nat pool ovrld 172.16.0.2 172.16.0.2 prefix 24
!
* this will allow NAT to make translation for any of the private ip addresses into the public 172.16.0.2 public ip address... in this case, the only ip to translate is that of the external network card on the linux server... 169.254.0.2/24.... as the other internal ones have been already masqueraded into it....
ip nat inside source list 2 pool ovrld overload
!
* this will define the list of ips for NAT to translate into the IP address...
access-list 7 permit 169.254.0.2
!
i think that should be it... the reason i want most of the translation to be done by linux is to free the cisco 1601 routers at the client's places of that extra processing load.. what do you think... should i..... can't it work both ways.. that the router translates all the internal ip addresses.....?...
*then finally.. i need to specify a route path of the
packets..
ip route 0.0.0.0 0.0.0.0 192.168.0.1
that should direct any packet that has a non-local ip address to the serial interface of my 2509 router.. then out onto the satellite/internet....
what i wonder is.. is it possible to ping that users router on that public address... since it's not assigned to any interface.. but is just meant to be overloaded..... do u think this is the best way to go about it..... will i have transparent routing as if they were directly connected thru ethernet at my data centre.....
also, if i were to manage bandwidth based on IP addresses, can i set up the bandwidth manager to look out for the public ip address from my client's router.. that is..172.16.0.2.. and then limit it's bandwidth usage to a pre-set capacity..?...
i really appreciate any responses to my question.. thanks...
desparate AKNIT
i am wondering how i am going to setup their routing tables/information in their cisco routers... their setup is...
* private IPs.. 10.0.0.0/24 for the internal LAN
* a Linux server which will masquerade the connections for the LAN computers onto the router/internet...
* a cisco 1601 and above router connected to the CSU
* encapsulation type on the cisco router is frame-relay
i have thought of some routing algorithms for each of my client's routers, but i am not really sure if it will work... lemmie just explain... please note, for obvious reason, i am going to use fake IPs
the main cisco router is a 2509 series router connected onto the satellite... it's ethernet IP address is 172.16.0.1/24..and the ip address of the serial interface connected to th DSU/PVC is 192.168.0.1/24...
now, to configure the router of my first client, i have assigned the ip address of his serial interface that's connected to the CSU/PVC as 192.168.0.2/24....
my client's linux server has two ethernet cards, one to the internal network and another to the router... the one connected to the internal network has the ip address as 10.0.0.1.. and the one connected to the ethernet interface of the router is 169.254.0.2..... so what happens is that the firewall in the linux server is supposed to masquerade the internal 10.0.0.0/24 private network into the 169.254.0.2/24 ip address, which in turn will be masqueraded to the true public ip of the router..... i would like the connection to appear like it came from the router and not the linux server.. although any suggestions otherwise would be welcome.....
so, i have decided to give this client's router the public ip address of 172.16.0.2/24... so here is the configuration i will assume for the cisco router on the client's side...
conf t
* this will set the ip address of the router's ethernet interface, which is similar to that of the linux server on the router's side
int e0
ip address 169.254.0.1 255.255.255.0
ip nat inside
!
* this will set the ip address of the serial interface connected to the CSU/PVC
int s0
ip address 192.168.0.2 255.255.255.0
ip nat outside
!
* this will allow NAT to translate the ip address [and all other internal ip addresses thereto] of the external interface card on the linux server, 169.254.0.2/24, into the SINGLE PUBLIC IP ADDRESS...
ip nat pool ovrld 172.16.0.2 172.16.0.2 prefix 24
!
* this will allow NAT to make translation for any of the private ip addresses into the public 172.16.0.2 public ip address... in this case, the only ip to translate is that of the external network card on the linux server... 169.254.0.2/24.... as the other internal ones have been already masqueraded into it....
ip nat inside source list 2 pool ovrld overload
!
* this will define the list of ips for NAT to translate into the IP address...
access-list 7 permit 169.254.0.2
!
i think that should be it... the reason i want most of the translation to be done by linux is to free the cisco 1601 routers at the client's places of that extra processing load.. what do you think... should i..... can't it work both ways.. that the router translates all the internal ip addresses.....?...
*then finally.. i need to specify a route path of the
packets..
ip route 0.0.0.0 0.0.0.0 192.168.0.1
that should direct any packet that has a non-local ip address to the serial interface of my 2509 router.. then out onto the satellite/internet....
what i wonder is.. is it possible to ping that users router on that public address... since it's not assigned to any interface.. but is just meant to be overloaded..... do u think this is the best way to go about it..... will i have transparent routing as if they were directly connected thru ethernet at my data centre.....
also, if i were to manage bandwidth based on IP addresses, can i set up the bandwidth manager to look out for the public ip address from my client's router.. that is..172.16.0.2.. and then limit it's bandwidth usage to a pre-set capacity..?...
i really appreciate any responses to my question.. thanks...
desparate AKNIT
