Linksys BEFSR81 and NAT Configuration 1

[MattSavage]

Hello all....I currently have a working network with a T! line in and approx. 25 IPs. The main router is a Polycom NetEngine 6200 which runs to a 3Com firewall, then to a switch, then to a Windows 2000 server and XP workstations. I would like to use the NAT functionality of the Linksys BEFSR81 for added security and more IPs, but also continue to use the DHCP server on the Windows 2000 Server.

I have the server set to Gateway mode.
LAN IP Adress: 192.168.1.2
Subnet Mask: 255.255.255.0

Static WAN Address: 192.168.1.1
Subnet Mask: 255.255.255.0
Default gateway: points to Polycom router
DNS: points to Windows 2000 server running DNS

Do I need to change any of these settings?

Also, I plan to use the DHCP scope of 192.168.1.100 - .200
What additional configuration needs to be made to the DHCP server settings?

 

[bcastner]

It is unclear to me what additional features are gained over the NAT assignments now given by your DHCP server.

And unless the Polycom router is on the same subnet as your planned WAN IP it cannot be used as a Gateway address, as you cannot have a Gateway adddress on a different subnet.

 

[MattSavage]

I am running out of IP addresses in DHCP without NAT. We have recently added a number of computers but they are unable to obtain an IP address. I have one workstation behind the Linksys, and I have manually configured the IP (192.168.1.100), Subnet (255.255.255.0), and Gateway (192.168.1.1). With the manual configuration, I can access the internet, but when I try to obtain the IP address automatically, the DHCP server will not assign an address.

Here are the current Linksys settings:

Lan IP Address: 192.168.1.1
Subnet Mask: 255.255.255.0

Wan IP Address: ISP Provided IP
Subnet Mask: 255.255.255.224
Default Gateway: IP address of Polycom
DNS: IP address of Windows 2000 server

I am also not sure if I should use the WAN port on the router or not.

 

[bcastner]

Okay, I understand.

Why not better use the Win2k DNS server? The DNS server should have it forwarder service enabled, with the ISPs DNS servers as the entries. You likely do not need 25 IPs and could save some money by reducing them.

The DHCP server would then assign only private NAT addresses, just as you would like from the linksys. The DNS address would be that of your DNS server, and any non-local addresses would be sent to the forwarder service and out to your ISP DNS servers. You could then use a Class B scheme to allow you an incredible number of valid IP addresses.

See faq779-4017, section #2 for links and a description of how this would work.

But back to your issue. Check the DHCP tab on the linksys router to be certain it is enabled, and that the DHCP scope is correctly set for your needs. If your client properties are then set to "obtain an IP address automaticly" the linksys DHCP server should then respond with a valid IP within its scope. It has little choice, as there is no other DHCP server to respond to the broadcast request which is non-routable.

So, check the linksys configuration's DHCP tab, as it sounds as if the DHCP service is not enabled. Be certain to do a ipconfig /reset and an ipconfig /renew on your test workstation after setting its properties for obtain the ip address automaticly. Make certain that no other static entries for DNS or default Gateway are left over from your static ip testing by checking the Advanced button under DNS.

You might find this recent article on the use of double routers of value:

http://www4.tomshardware.com/network/20030716/index.html

 

[MattSavage]

I do use the Win2k DNS, and it forwards outsite requests to my ISP DNS. I also use Win2k DHCP. I would like to stay with this, disabling the DHCP on the Linksys router. All I want the Linksys to do is the NAT. Everything else will be handled by the Win2k server.

I could not get this to work yesterday, so I tried disabling the Win2k DHCP and used the Linksys DHCP, and the workstations received the correct IP addresses. HOWEVER, we have experienced a severe slowdown in internet speed. Websites load very slow, but eventually come up.

Should the Linksys be in Gateway mode or Router mode? And do I need to make any changes to Win2k DNS? Also, can I use Win2k DHCP while the Linksys does NAT, or must the Linksys handle the DHCP as well.

 

[MattSavage]

I do use the Win2k DNS, and it forwards outsite requests to my ISP DNS. I also use Win2k DHCP. I would like to stay with this, disabling the DHCP on the Linksys router. All I want the Linksys to do is the NAT. Everything else will be handled by the Win2k server.

I could not get this to work yesterday, so I tried disabling the Win2k DHCP and used the Linksys DHCP, and the workstations received the correct IP addresses. HOWEVER, we have experienced a severe slowdown in internet speed. Websites load very slow, but eventually come up.

Should the Linksys be in Gateway mode or Router mode? And do I need to make any changes to Win2k DNS? Also, can I use Win2k DHCP while the Linksys does NAT, or must the Linksys handle the DHCP as well?

 

[bcastner]

Your win2k DHCP server is more than capable of NAT'ing IPs.

The linksys should be in Gateway mode.

 

[MattSavage]

I have been able to get the system working using the Linksys to do NAT and DHCP, but the connection is soooooo slow. Also, when using Remote Desktop Connection now, the session only lasts for a minute then cuts out. Is my Firewall to blame for this? I have assigned a static route for the Private IPs on the firewall...any advice??