DLink DSL-G604T NAT+Static configuration

[HaBu]

Archived from groups: alt.internet.wireless,uk.comp.home-networking,uk.telecom.broadband (More info?)

I'm trying to configure the new DLink DSL-G604T router to enable both
static and NAT routing. So far all I've accomplished is totally
blocking all my services so I feel it's time to shout for help!

Scenario:
I have a static IP subnet of eight addresses.
Eg: 82.1.1.1 - 82.1.1.8 (255.255.255.248).

The router sits on 82.1.1.2 which leaves me with five usable addresses.
Four of these I want to allocate to servers that should have no
firewall restrictions; totally visible on all ports from the Internet.
The fifth address I want to configure as a NAT gateway so that I can
have a private 192.168 subnet for wireless access with these addresses
allocated via the routers DHCP service.

Is this a feasible scenario or am I losing the plot?

 

[Guest]

Archived from groups: alt.internet.wireless,uk.comp.home-networking,uk.telecom.broadband (More info?)

On Mon, 30 Aug 2004 11:41:34 +0000 (UTC), Habu <habu@invalid.com>
wrote:

>I'm trying to configure the new DLink DSL-G604T router to enable both
>static and NAT routing. So far all I've accomplished is totally
>blocking all my services so I feel it's time to shout for help!
>
>Scenario:
>I have a static IP subnet of eight addresses.
>Eg: 82.1.1.1 - 82.1.1.8 (255.255.255.248).
>
>The router sits on 82.1.1.2 which leaves me with five usable addresses.
>Four of these I want to allocate to servers that should have no
>firewall restrictions; totally visible on all ports from the Internet.
>The fifth address I want to configure as a NAT gateway so that I can
>have a private 192.168 subnet for wireless access with these addresses
>allocated via the routers DHCP service.
>
>Is this a feasible scenario or am I losing the plot?

Yes, but you've got the wrong box. If you don't want any firewall
restrictions on your servers, then you don't need a router in the way.

The problem is that you have a combination DSL modem/bridge and an
ethernet router in one box with no way to get at the interface between
the two. It would be easy if you simply connect a hub or switch
between the DSL modem/bridge and the ethernet/wireless router. The
servers would each get one IP address each at the hub or switch. No
router required, just the DSL modem/bridge. Your 5th address with NAT
would be the only one that goes through the router.

I suggest you sell the DSL-G604T and get seperate boxes. I would go
as far as suggest also seperating the router and the wireless (access
point) functions as the router usually ends up under a desk to hide
the wires, while the wireless access point wants to be as high as
possible for better coverage. It also allows you to turn off the
power to the wireless access point when not in use.

There's a minor chance that you have the same headache in the UK as
SBC often supplies in the USA when delivering 5IP addresses. If your
address layout looks like this:
68.111.111.134 IP Address
68.111.111.133 Gateway
68.111.222.73-77 5ea IP's
it requires a completely different scheme. This probably doesn't
apply to your arrangement, but if it does, ask and I can supply
details on how to route that mess.


--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

 

[Guest]

Archived from groups: alt.internet.wireless,uk.comp.home-networking,uk.telecom.broadband (More info?)

I think you need to use the DMZ setting in order to set up a pc as totally
internet facing, and I'm pretty sure it is restricted to one IP address
only.


"Habu" <habu@invalid.com> wrote in message
news:cgv3pe$2pj$1@bananasplit.info...
> I'm trying to configure the new DLink DSL-G604T router to enable both
> static and NAT routing. So far all I've accomplished is totally
> blocking all my services so I feel it's time to shout for help!
>
> Scenario:
> I have a static IP subnet of eight addresses.
> Eg: 82.1.1.1 - 82.1.1.8 (255.255.255.248).
>
> The router sits on 82.1.1.2 which leaves me with five usable addresses.
> Four of these I want to allocate to servers that should have no
> firewall restrictions; totally visible on all ports from the Internet.
> The fifth address I want to configure as a NAT gateway so that I can
> have a private 192.168 subnet for wireless access with these addresses
> allocated via the routers DHCP service.
>
> Is this a feasible scenario or am I losing the plot?

 

[HaBu]

Archived from groups: alt.internet.wireless,uk.comp.home-networking,uk.telecom.broadband (More info?)

Piers James wrote:

> I think you need to use the DMZ setting in order to set up a pc as
> totally internet facing, and I'm pretty sure it is restricted to
> one IP address only.

Thanks Piers, that's the conclusion I was coming to as well. That's
annoying, the old DSL-604+ was more versatile. I could have every
internal address wide-open and then configure the firewall to control
access. In fact, there is no firewall as such that I can find on the
DSL-G604T.

I'm noticing some other issues as well:
Problems with DHCP allocation over wireless
The clock resets on every restart (ntp option not available any longer)
Uptime is screwed, probably due to above time problem.
Woeful information in the log

Pure stubbornness is preventing me from reverting to the older router.

 

[HaBu]

Archived from groups: alt.internet.wireless,uk.comp.home-networking,uk.telecom.broadband (More info?)

Jeff Liebermann wrote:

[snip]

> I suggest you sell the DSL-G604T and get seperate boxes. I would
> go as far as suggest also seperating the router and the wireless
> (access point) functions as the router usually ends up under a
> desk to hide the wires, while the wireless access point wants to
> be as high as possible for better coverage. It also allows you to
> turn off the power to the wireless access point when not in use.

Jeff, many thanks for such a concise reply. After some mucking around
today I've discovered that I can partially achieve my requirements
using the DSL-G604T: If I don't enable the NAT/Firewall functionality
of the device then all the addresses within my subnet are fully visible
from the Internet. That achieves my needs as far as server connections
go.

Now I'm on the lookout for a wireless hub with built-in NAT
functionality so I can connect my clients!

 

[Guest]

Archived from groups: alt.internet.wireless,uk.comp.home-networking,uk.telecom.broadband (More info?)

Habu <habu@invalid.com> wrote in
news:41336c67$0$52010$65c69314@mercury.nildram.net:

> ... After some mucking
> around today I've discovered that I can partially achieve my
> requirements using the DSL-G604T: If I don't enable the
> NAT/Firewall functionality of the device then all the addresses
> within my subnet are fully visible from the Internet. That
> achieves my needs as far as server connections go.
>
> Now I'm on the lookout for a wireless hub with built-in NAT
> functionality so I can connect my clients!

How to configure the device for a No-NAT setup is documented on the
D-Link UK site in the Install Guides document, which is much more
direct and to the point than the manual. Find it here:
<ftp://ftp.dlink.co.uk/dsl_routers_modems/dsl-g604t/DSL-
G604T_Install_Guides.pdf>

You're right, there doesn't seem to be an equivalent to the Multi-NAT
capability of the DSL-604+ which would give you the other
functionality you are looking for.

I understand there is a new firmware release available 'real soon
now'. Whether it will include that functionality I'm not sure.

I suspect that like other similar consumer class kit, the new D-Link
T series devices will eventually become good, reliable, well featured
products - when they're running good, reliable. well featured
firmware. Just in time to be superseded by the next models

They are however technically interesting, running as they do the
embedded BusyBox Linux kernel - which may open up a number of
possibilities...

Hope this helps

--

Richard Perkin
To email me, change the AT in the address below
richard.perkinATmyrealbox.com

It's is not, it isn't ain't, and it's it's, not its, if you mean it
is. If you don't, it's its. Then too, it's hers. It isn't her's.
It isn't our's either. It's ours, and likewise yours and theirs.
-- Oxford University Press, Edpress News

 

[Guest]

Archived from groups: alt.internet.wireless,uk.comp.home-networking,uk.telecom.broadband (More info?)

In article <2pi065FklbrbU1@uni-berlin.de>, "Richard Perkin"
f000nurdle@hotmail.com says...
<snip>
> They are however technically interesting, running as they do the
> embedded BusyBox Linux kernel - which may open up a number of
> possibilities...
>
BusyBox isn't a kernel, it's an all-in-one shell tool.

 

[Guest]

Archived from groups: alt.internet.wireless,uk.comp.home-networking,uk.telecom.broadband (More info?)

Rob Morley <nospam@ntlworld.com> wrote in
news:MPG.1b9ddd99d5b828dd989ee1@news.individual.net:

> BusyBox isn't a kernel, it's an all-in-one shell tool.

Slip of the keyboard/brain. I believe it runs on uClibc.

--

Richard Perkin
To email me, change the AT in the address below
richard.perkinATmyrealbox.com

It's is not, it isn't ain't, and it's it's, not its, if you mean it
is. If you don't, it's its. Then too, it's hers. It isn't her's.
It isn't our's either. It's ours, and likewise yours and theirs.
-- Oxford University Press, Edpress News