Home > IT Answers > Networking > Routing without NAT, help!
Help

Question

  Asked: May 12 2008   9:03 PM GMT
  Asked by: Johnshoff

Routing without NAT, help!


Routers, Routing and switching, IP configuration, Router configuration, NAT, Wireless networking

I have a block of IP static IP addresses from our ISP, and I want to route those back through a couple of routers (wireless radio equipment) without using NAT.

I can make things work if I have NAT enabled, BUT certain applications do not work well through one NAT connection much less two or three.

The reason for this is that we have a wireless radio link between our two buildings, and we are trying to give them access into our network, without any NAT issues in between.

The radios can work in bridge mode, or router mode, with or without nat. Bridge mode would work but seems to fail out during DHCP or RADIUS server requests.

My idea is to enable router mode, disable NAT, and configure the WAN and LAN sides so that all traffic stays inside the same IP range.

If my IP address range is 10.100.XXX.XXX how would i configure the WAN and LAN sides of the router to direct traffic from the one building into the other.

The settings I need are below:

WAN SIDE
IP ADDR:
SUBNET:
GATEWAY:

LAN SIDE
IP ADDR:
SUBNET:

Can someone throw me out some ideas?

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window
Help

Answer Wiki (Improve, edit or add to this answer)

IMPROVE THIS ANSWER
View History
 RATE THIS ANSWER
+1
Click to Vote:
  •   1
  •  0
Last Answered: May 13 2008  7:06 PM GMT  by Labnuke99


Latest Contributors: Johnshoff


If your private addresses are in the 10.100.xx.xx range, you will have to use NAT as this is a private address space that is not routable on the internet.

I would also be very concerned about just placing these devices directly on the internet. You should place a firewall of some type in front of the devices and ensure that the devices are hardened and kept up to date on patches and fixes.

>->

I have a router doing NAT in front of all of this. I just don't want to do NAT into NAT into NAT again if you know what I mean.

Everyone will be behind a single linux box running NAT, but I want to have the other routers subnetted in the internal network so that I can masquarade a Public IP into them if need be...

>->
I get what you are saying now. The bridging should work even for DHCP and RADIUS. I would contact the supplier of the wireless gear and troubleshoot this issue with them. Bridging would be the best option unless you need to segment these networks for some reason. If that is necessary, then maybe create VLANs and keep the same root subnet of 10.100.x.x. Make the subnet mask 255.255.128.0 This will make the first building 10.100.0.1-10.100.127.254 and the second building 10.100.128.1-10.100.255.254. The wireless devices would be the default gateway on each VLAN and they would have a default gateway of the edge router. The edge router would decide which wireless router the traffic needs to be sent to in this case.

WAN side
IP addr: 10.100.0.253
SM: 255.255.128.0
GW: 10.100.0.254 (this is the LAN interface on the edge router)

LAN side
IP addr: 10.100.128.254
SM: 255.255.128.0
GW: 10.100.0.253 (this is the WAN interface on the wireless device)
Clients would then use 10.100.128.254 as their default gateway
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Networking.

Looking for relevant Networking Whitepapers? Visit the SearchNetworking.com Research Library.


RSS - Discussions Help

Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

Johnshoff  |   May 16 2008  5:50AM GMT

OK, I kind of understand what you mean, but I am getting confused. Please excuse my lack of subnetting knowledge…

OK, so as I mentioned before, everything works with NAT enabled on the router at my client side.

I am going to enter in the settings I have here, and can you fill in the blanks (or correct my mistakes)

Router on EDGE of Private Network (CALL IT LARRY FOR SHORT)
WAN SIDE - PUBLIC IP, SUB, GATEWAY (provided by my ISP)
LAN SIDE of edge router: 10.171.0.1
subnet mask: 255.255.240.0

ACCESS Point in bridge mode - plugged directly into the router (CALL IT CURLY FOR SHORT)
IP: 10.171.8.1
subnet mask: 255.255.240.0
(basically this unit should be transparent - and the IP address shouldn’t really matter right? - cause it is a bridge)

Wireless radio in router mode, with nat disabled - At remote location: (CALL IT MOE FOR SHORT)
WAN SIDE
IP: 10.171.9.1
subnet: 255.255.240.0
gateway: 10.171.0.1

LAN SIDE:
IP 10.171.17.1
subnet: 255.255.240.0

Clients at the remote location are configured
10.171.17.2 through to 254
subnet 255.255.240.0
gateway 255.255.17.1

If I do this, and disable the nat on “MOE” I loose connection everywhere. If I turn NAT back on, and reboot the radio (MOE) I usually get connection back.

If I leave MOE NATted, I work just fine on the Internet, BUT I am segregated from our main office network (10.171.0.2-254)

What am I doing wrong!!! HELP!! I am so frustrated!

 

Labnuke99  |   May 21 2008  12:05PM GMT

Well… it looks like you crossed the end subnet range when you went to 10.171.17.0. The actual subnet ends at 10.171.15.254. This is why the NAT works. Can you make the remote office 10.171.15.2-254?

 

configure router without nat  |   Jul 22 2008  3:20PM GMT

[…] DHCP or RADIUS server requests. My idea is to enable router mode, disable NAT, and configure …http://itknowledgeexchange.techtarget.com/itanswers/routing-without-nat-help/NAT and On-line GamesSeveral hardware router manufacturers are beginning to offer UPnP compliant […]