DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Help with NAT / non NAT on 2130Vn

More
08 Jun 2011 09:32 #68134 by know-dice
Replied by know-dice on topic Re: Help with NAT / non NAT on 2130Vn
That's a blow... :cry:

I don't think you said who your ISP is, most ISPs use the first usable as the default router but some (Zen) use the last address - I don't know how you handle public IPs if that is the case.

If your ISP uses the first IP then maybe configure up the Zyxel with same LAN & WAN address let it do the PPPoA for you and manually configure a computer to your public IP address range and do a test to the Internet with that.

Please Log in or Create an account to join the conversation.

More
08 Jun 2011 10:36 #68138 by vmrsss
Replied by vmrsss on topic Re: Help with NAT / non NAT on 2130Vn
My ISP (which is AAISP) gives me a router external address and 32 more public IPs, say X.96/27. X.96 is the network address, X.97 is the asdl router LAN address, X.127 is the broadcast address. All these IPs are routed to the Zyxel's WAN, and all puch through untouched to the LAN side, because I leave NAT off.

So far I have been using 2 public IPs for individual machines and 1 for an old Apple airport to NAT for all the rest of the devices in the network. It worked well, till the airport died. I then bought the 2130 to do exactly what's in the figure in the original post: keep three machines public, put all the rest behind NAT (with the bonus of fast wireless and gigabit wired routing).

The LAN page on the 2130 seems to be meant to do exactly what I need. And it works for you. So it must be something in the setup of the Zyxel. I have tried several configurations (eg switch firewall off), but sometimes the zyxel only reacts when you reboot, which I haven't always done. Unfortunately, the zywel hasn't got a DMZ button...

Running out of ideas. I could perhaps set all internal machines under the 192.168 private LAN on the 2130, and then set one DMZ host for each of the machines I want to have public addresses. This would work, but of course there is a problem with firewalling them (I could use ipfw chains, but that's very delicate, I'd rather use the 2130 firewall...)

hmm don't know what next...

Please Log in or Create an account to join the conversation.

More
08 Jun 2011 19:06 #68151 by vmrsss
Replied by vmrsss on topic Re: Help with NAT / non NAT on 2130Vn
perhaps I should try and put the zyxel in bridge mode, do you have any experience with that?

Please Log in or Create an account to join the conversation.

More
09 Jun 2011 10:42 #68161 by know-dice
Replied by know-dice on topic Re: Help with NAT / non NAT on 2130Vn
When you connect your 2 machines to the Zyxel what address do you give them - in the 192.168 range or your actual public IP range?

Link from BT have a look at the "Multiple Static IP Setup" section: http://btenhancedsupport.com/791.html you are right that the Zyxel generally needs re-booting after you make these sort of changes.

Haven't tried the Zyxel in its "Bridge mode" but I seem to remember that you would then need another device to do PPPoA or PPPoE for you - do AAISP support PPPoE as the Vigor could do this for you...

Please Log in or Create an account to join the conversation.

More
09 Jun 2011 11:32 #68163 by vmrsss
Replied by vmrsss on topic Re: Help with NAT / non NAT on 2130Vn

know-dice wrote: When you connect your 2 machines to the Zyxel what address do you give them - in the 192.168 range or your actual public IP range?



I give them addresses in the public IP range, which is of the kind 81.187... like all AAISP IPs.

know-dice wrote: Haven't tried the Zyxel in its "Bridge mode" but I seem to remember that you would then need another device to do PPPoA or PPPoE for you - do AAISP support PPPoE as the Vigor could do this for you...



I am now in bridge mode, the 2130 does PPPoE and directly gets the WAN IP from the provider using username and password, and I put the first available public IP in the "For IP routing" field, the same IP that previously the zyxel router was using to route the LAN. Again, the internal 192.168.. network works well, things seems to be more promising also for the 81.187... addresses, but I yet haven't managed to configure a machine with static public IP...

Please Log in or Create an account to join the conversation.

More
09 Jun 2011 16:14 #68177 by vmrsss
Replied by vmrsss on topic Re: Help with NAT / non NAT on 2130Vn
does not work yet. At this stage I have essentially completely eliminated the zyxel, just acts as a modem. Frankly, I don't believe it can be the source of the problem (yet I haven't figured out a test that would clear that possibility once and for all).

I have verified that (1) the 2130 responds to the public IP I gave it 81.XXX.YYY.97 (I can reach its webinterface from outside) as well to its private one 192.168.1.1; and that (2) the rest of the public IPs are routed to the 2130 (if I use OpenPort to map them to the router address, this works, so those IPs pass the modem and arrive to the 2130).

Yet if I configure a machine with a fixed public IP it cannot connect to the internet at all. More, I cannot even telnet to port 80 of the 2130, which is the default GW !!?!? Yet, the routing table of the 2130 appears perfect:

Code:
Destination Gateway Genmask Flags Metric Ref Use Iface 81.XXX.81.187 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 81.XXX.YYY.96 0.0.0.0 255.255.255.224 U 0 0 0 br-lan 81.XXX.YYY.0 0.0.0.0 255.255.255.0 U 0 0 0 ppp0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0


you can see the default ISP router on PPP, the public and the private subnets
on the LAN, and the rest of the 81... again correctly on PPP.

Also the routing table of the machine on the 81... network is fine: sends
everything to the 2130 81.XXX.

Code:
Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 81.XXX.YYY.97 0.0.0.0 UH 0 0 0 en1 ....


what's missing? I don't know what to think... I am starting to wonder whether
br-lan actually means LAN, and this mechanism is only supposed to work with
wired and not wireless hosts.... Hmm, no, br-lan ought to include the WLAN...
Looks as though the packets do not make it back, perhaps something wrong
with the ARP table?

Folks, any idea?

Please Log in or Create an account to join the conversation.

Moderators: Chris