Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Help Setting Up Speedtouch 536v6 Router In None Nat Mode Please.  (Read 14316 times)

tickmike

  • Kitizen
  • ****
  • Posts: 3640
  • Yes Another Penguin !. :)
Help Setting Up Speedtouch 536v6 Router In None Nat Mode Please.
« on: November 07, 2006, 10:03:42 PM »

Hello All,
Just gone on to Broadband 30 days ago so I decided it was time to have a home network with RJ45 cable instead of wireless with all its problems also I have introduced a hardware firewall (Smoothwall ) http://www.smoothwall.org  which is very secure.

My set-up > BT phone line ( about 4Kl from the exchange as we live in a village ) > ADSL > Speedtouch 536v6 Router with RJ45 > to the 'red' Nic of my Smoothwall box (firewall)> From the 'Green' Nic of smoothwall to a LAN switch > then to between 1 to 10 computers with W2Kpro,W2K adv server , Linux, XP..  OS.

Well as some of you can tell from this set-up is I'm 'Double Natting' Which for most things like surfing the net is ok, But it is causing me trouble with OLE and http emails, also with connecting to my Daughters school 'Citrx'server to do her homework.

I want to use the 'free' router I got when is joined up with  Eclipse ISP  (who I can recommend )
From the settings   ( http://www.speedtouch.co.uk/downloads/solution/CustomTemplate54.pdf  Page 6-10 ) you can configure it to work on private without Nat ( I have it on Private with Nat) .

I wanted to know if anybody has used these settings on this type of router.
I have tried to set it up in this none Natting mode and seemed to get it to connect to the internet (using the "check connectivity to the Internet" button on the router ) then plugged it into my firewall and rebooted both and from the routing table off smothie (see blow) it seemed to connect up ?. But I could not get the Internet onto my LAN.

Routing:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
239.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 eth0
0.0.0.0         192.168.1.254   0.0.0.0         UG    0      0        0 eth1
I can ping my router from the LAN side computers.
Can any one see what I'm doing wrong ?.   :(

Regards Michael.

Logged
I have a set of 6 fixed IP's From  Eclipse  isp.BT ADSL2(G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 + Also have FTTP (G.984) No One isp Fixed IP >Dual WAN pfSense (Hardware Firewall and routing).> Two WAN's, Ethernet LAN, DMZ LAN, Zyxel GS1100-24 Switch.

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33881
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Help Setting Up Speedtouch 536v6 Router In None Nat Mode Please.
« Reply #1 on: November 08, 2006, 01:50:19 AM »

Sorry if Im pointing out the obvious here..  but have you got an IP block?
afaik if youre going to avoid double NATing - then you are going to need additional IP addresses to assign to the firewall.

Normally your router takes the IP addresses assigned by your ISP and then using NAT assigns internal addresses to all the machines. In this circumstance your firewall will be getting a LAN IP as its "external" IP address.
The firewall also performs a NAT function hence why calling it double NATing.

However if you are going to disable NAT on your router, then you will need more IP addresses.

A No NAT configuration will require a block of 4 to assign something like this:

123.456.78.1 = Public router address (WAN)
123.456.78.2 = Private router address (LAN)
123.456.78.3 = Firewall  **
123.456.78.4 = Broadcast

** You would then need to assign this IP address within your router config.

Another alternative would be using DMZ...
This involves letting your router still do NAT.. but the demiliterised zone being the area outside your router firewall. In this circumstance youd still need and additional public IP address for the smoothwall firewall machine.



« Last Edit: November 08, 2006, 08:52:01 PM by kitz »
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

tickmike

  • Kitizen
  • ****
  • Posts: 3640
  • Yes Another Penguin !. :)
Re: Help Setting Up Speedtouch 536v6 Router In None Nat Mode Please.
« Reply #2 on: November 08, 2006, 12:49:21 PM »

Hello Kitz.
Thank you for your help, having never set up anything like this before it got me confused with these IP's .
My thinking was because I had one Static IP from my ISP and only needed one IP address to forward on to my fire wall  I thought it my work but obviously it did not.
From my ISP (Eclipse) I can have up to 8 free static IP address's so I will get some more and try this suggestion out soon.
As to the DMZ well I have been trying that out before I put this post on this site, There is an option to set up DMZ so I set it to forward port 1 to 65535 then associated it to my firewall, but it failed every time to connect.
I will let you know.   :)

Regards Michael.   
Logged
I have a set of 6 fixed IP's From  Eclipse  isp.BT ADSL2(G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 + Also have FTTP (G.984) No One isp Fixed IP >Dual WAN pfSense (Hardware Firewall and routing).> Two WAN's, Ethernet LAN, DMZ LAN, Zyxel GS1100-24 Switch.

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33881
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Help Setting Up Speedtouch 536v6 Router In None Nat Mode Please.
« Reply #3 on: November 08, 2006, 03:05:53 PM »

An adsl router is a combined device, that is like a mini PC and therefore "standalone" machine that requires its own IP address. 
Since it will be the first contact with the external side this is what *takes* your public IP address assigned by your ISP.
When in NAT mode it assigns itself an internal IP address, and then other internal IP addresses for other machines on the network.

No NAT mode means that the router needs 2 public IP addresses (one for the internet side and one for your network side).. and every machine on your network will require its own public IP address.

Another possibility is if you have an old USB modem lying around.
With a USB modem, its physically attached to the machine and the modem receives the data, but the software on machine its attached to does the NATing using something like Windows ICS. (Smoothwall will have its own linux equivalent.)

Some adsl routers can act just a modem only..  which ones Im not sure.. 
Im no expert in this area, because its not something ive ever tried.. but lookfor something called half bridge or ZipB mode.

Hope this info helps.
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

tickmike

  • Kitizen
  • ****
  • Posts: 3640
  • Yes Another Penguin !. :)
Re: Help Setting Up Speedtouch 536v6 Router In None Nat Mode Please.
« Reply #4 on: November 08, 2006, 06:05:12 PM »

Hi Kitz,
That makes it a bit clearer, I understand the principle of Nating but as I said on my other post I had not set up a Non Nating before.
So from what you said here
 "No NAT mode means that the router needs 2 public IP addresses (one for the internet side and one for your network side).. and every machine on your network will require its own public IP address."
 Being there is only one 'machine' on the other side of my router (smoothwall Firewall) I will only need one more static IP from my ISP ?.

I have been in touch with 'speedtouch' technical dept via email and to say they were useless is an understatement, well they tried to answer one of my five questions and had the cheek to ask me to fill in a survey about there helpfulness . I will not tell you what I Put !!!.

The 536v6 can be put in 'Bridge' mode if I have the correct firmware on it.
But trying to upgrade this firmware I get to a password protected page, But I do not know the password.
I have not set up a username and password for myself because it will not let me.
Every time I set it up it will not let me in, then I have to restore the router to the default settings and set it up again. O what good fun !!!?.

Re.. USB Modem no thank you   ??? , You can get modems to go with a smoothie box .

Michael.
Logged
I have a set of 6 fixed IP's From  Eclipse  isp.BT ADSL2(G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 + Also have FTTP (G.984) No One isp Fixed IP >Dual WAN pfSense (Hardware Firewall and routing).> Two WAN's, Ethernet LAN, DMZ LAN, Zyxel GS1100-24 Switch.

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33881
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Help Setting Up Speedtouch 536v6 Router In None Nat Mode Please.
« Reply #5 on: November 08, 2006, 08:50:07 PM »

>> Being there is only one 'machine' on the other side of my router (smoothwall Firewall) I will only need one more static IP from my ISP ?.


You will need a block of 4.
In a 4 block there is actually only 1 "usable" IP address.

A router has 2 interfaces:  a public (WAN) and a private (LAN). 
If youre running the router in NAT mode,  the LAN side will be a private IP address.
Anything beyond the router is a private IP address

eg NAT mode

Code: [Select]

                                      NAT

Internet < ----------------->      Router      <-------------------------->     PCs
                         91.84.9.xxx        192.168.1.254                      192.168.1.1
                            Public             Private                           Private

If youre running in Non NAT mode
The WAN and the LAN side will be a public IP address.
You need 1 for the Firewall
and 1 for broadcast.

eg
Code: [Select]

                                                                                     NAT

Internet < ----------------->       Router      <----------------------->     Smoothwall    <---------------------->     PCs
                         91.84.9.123      91.84.9.124                91.84.9.125       192.168.x.x.                   192.168.x.x
                            Public           Public                     Public           Private                       Private


Then you also need one for what is called the broadcast address.


« Last Edit: November 08, 2006, 08:56:17 PM by kitz »
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33881
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Help Setting Up Speedtouch 536v6 Router In None Nat Mode Please.
« Reply #6 on: November 08, 2006, 09:08:31 PM »

>> From my ISP (Eclipse) I can have up to 8 free static IP address's

You'll find they come in blocks of 4 - so you will either apply for 4 or 8
Depending upon your ISP you may have to fill in a RIPE form if you ask for 8 - not sure if eclipse do or not.

BTW
Check with your ISP which IP address you have to assign as the broadcast address.. I believe with some ISPs its the last one in the block..  but not all of them... so its worth asking.

>> trying to upgrade this firmware I get to a password protected page, But I do not know the password

The defaults for the speedtouch should be:
User Name = Administrator ,
Password = "blank".    (ie nothing)

>> USB Modem no thank you   

heh.. well it was just a suggestion that could have saved messing with IP addresses :D




PS
just found this - I know its for the SAR110, but it may help you see whats going on.
http://usertools.plus.net/tutorials/id/9


« Last Edit: November 08, 2006, 09:10:12 PM by kitz »
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

tickmike

  • Kitizen
  • ****
  • Posts: 3640
  • Yes Another Penguin !. :)
Re: Help Setting Up Speedtouch 536v6 Router In None Nat Mode Please.
« Reply #7 on: November 08, 2006, 10:52:59 PM »

Kitz, Its very very good of you to help.

I think the penny has dropped at last.   ;D

I've just ordered a block of  6 IP's ( Eclipse does it in blocks of 6 ).

 Re...>> trying to upgrade this firmware I get to a password protected page, But I do not know the password

The defaults for the speedtouch should be:
User Name = Administrator ,
Password = "blank".    (ie nothing)

Yes that's correct but it does not work, I will look at the help files to see what's going on.

If I go to the change password page' and change the default password, press accept, you then get a password box up ,fill in the details, and it just does not let me in.   >:D
So I have to reset the router with the small button then re-enter all the settings.

Michael.
Logged
I have a set of 6 fixed IP's From  Eclipse  isp.BT ADSL2(G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 + Also have FTTP (G.984) No One isp Fixed IP >Dual WAN pfSense (Hardware Firewall and routing).> Two WAN's, Ethernet LAN, DMZ LAN, Zyxel GS1100-24 Switch.

mr_chris

  • Kitizen
  • ****
  • Posts: 3774
Re: Help Setting Up Speedtouch 536v6 Router In None Nat Mode Please.
« Reply #8 on: November 11, 2006, 12:09:18 PM »

Only just seen this thread. It could be done with a single IP address by putting your router into what's known as "bridge mode", which effectively means it behaves as a pass-through device and does not act as an IP 'hop' on the network. It has its own private IP address for management, but that's about it.. much like the way an ethernet cable modem behaves.

That way, the Red NIC on the smoothwall box would be directly given the public (internet) IP address, so the smoothwall box would be the last leg before the net.

Whether the SpeedTouch will do that or not I don't know.

Going down the 8 IP route will work the same, of course. The reason Eclipse say 6 is because 2 of them aren't usable because of IP rules - the lowest in the block is the "network" address and the highest in the block is the "broadcast" address. The other 6 are usable.

Your Speedtouch will need to be configured with a /29 subnet mask (255.255.255.248) - I believe there are coniguration templates available online which will help set these up. Normally the speedtouch takes the highest of the 6 usable IPs, but it might take the lowest, depending on how Eclipse do things.

You then just assign the Red smoothwall NIC with another IP in the range with the subnet mask of 255.255.255.248 and the default gateway of your speedtouch's IP address, and you'll be away, passing through the speedtouch but not NATted.

Hope this helps :)
Logged
Chris

tickmike

  • Kitizen
  • ****
  • Posts: 3640
  • Yes Another Penguin !. :)
Re: Help Setting Up Speedtouch 536v6 Router In None Nat Mode Please.
« Reply #9 on: November 11, 2006, 04:43:25 PM »

Hi Chris.
Thank you for the info very helpful.
Re 'Bridge mode'   As I put in the above post Speedtouch say.."The 536v6 can be put in 'Bridge' mode if I have the correct firmware on it". And that's all the help they gave me ( hopeless).
I'm waiting for my block of IP's before I can do anything else, Then I may need some more help. ;)
Regards Michael.
Logged
I have a set of 6 fixed IP's From  Eclipse  isp.BT ADSL2(G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 + Also have FTTP (G.984) No One isp Fixed IP >Dual WAN pfSense (Hardware Firewall and routing).> Two WAN's, Ethernet LAN, DMZ LAN, Zyxel GS1100-24 Switch.

mr_chris

  • Kitizen
  • ****
  • Posts: 3774
Re: Help Setting Up Speedtouch 536v6 Router In None Nat Mode Please.
« Reply #10 on: November 11, 2006, 05:08:04 PM »

Oops, yes... not sure why I didn't see those posts where Kitz had already suggested that.. sorry!

Not a very helpful reply from speedtouch was it though.

The above info in my post should hopefully help you configure the device for a block of IP addresses. I don't have a SpeedTouch so I don't know the specifics, but the principle is the same on all routers :)
Logged
Chris

tickmike

  • Kitizen
  • ****
  • Posts: 3640
  • Yes Another Penguin !. :)
Re: Help Setting Up Speedtouch 536v6 Router In None Nat Mode Please.
« Reply #11 on: November 11, 2006, 09:54:30 PM »

Hello again.
Spent some time today delving into my router, Looked hard at the 'help' files and I found how to change the password so then I could upload the latest 'firmware', But there was no bridge settings on it, I looked on the speedtouch download site and there was only one Bridge firmware but it was not compatible with my router.
From Michael.
Logged
I have a set of 6 fixed IP's From  Eclipse  isp.BT ADSL2(G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 + Also have FTTP (G.984) No One isp Fixed IP >Dual WAN pfSense (Hardware Firewall and routing).> Two WAN's, Ethernet LAN, DMZ LAN, Zyxel GS1100-24 Switch.

tickmike

  • Kitizen
  • ****
  • Posts: 3640
  • Yes Another Penguin !. :)
Re: Help Setting Up Speedtouch 536v6 Router In None Nat Mode Please.
« Reply #12 on: December 12, 2006, 10:48:02 PM »

AN Update.

Hello,
After all this time I finally got my set of 8 IP's and after four days of trying to configure the router I finally done it,
This is an example by Speedtouch.

THESE ARE NOT MY ACTUAL IP's this is a set that Speedtouch use in there set-up example

Range 99.88.123.104 > 99.88.123.111
Router IP 99.88.123.110
Other Usable IP's 99.88.123.105 > 99.88.123.109
Subnet Mask 255.255.255.248
...

Speedtouch router set-up details from the above IP's =

Router IP 99.88.123.110 it says this is the DG address as well
Network add. 99.88.123.104
Subnet Mask 255.255.255.248

Router DHCP IP's =
99.88.123.105 > 99.88.123.109

--------------------------------------------------------------------------------

Now my ISP have told me to use ( I am going to substitute my IP's for the IP's above)

Network address 99.88.123.104 ......Same as speedtouch example above
Router Broadcast Address 99.88.123.111      WHAT is a Broadcast Address ?.

Now I have used this "Broadcast Address as my router IP. This is were I had gone wrong .

After 4 days of checking re-checking my settings rebooting, My router would connect up to the NIC on my firewall (but it was using the old IP address 192.168.1.254 ) but It just would not connect to the internet.
So back to basic's I re-set the router to 'Factory default' ( by using the small reset button on the back ) put in all my settings rebooted both the router and the firewall, This time It connected to the firewall with the correct IP address, But I could not get on the internet.
Had my ISP told me to use the wrong IP's ?.
Trying my router connected strait to a spare computer with a software firewall on it,  I connected to the internet with no problems.
Reconnected the router to the hardware firewall again, I thought I would Try putting the router IP as in the speedtouch example using xxx etc.110 and rebooted and IT WORKED .
So had my ISP told me the wrong IP address to use for my router IP ?

Going back to dial-up taking half an hour to do a update download that normally takes few seconds, you miss Broadband when you don't have it.
 
Regards Michael
Logged
I have a set of 6 fixed IP's From  Eclipse  isp.BT ADSL2(G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 + Also have FTTP (G.984) No One isp Fixed IP >Dual WAN pfSense (Hardware Firewall and routing).> Two WAN's, Ethernet LAN, DMZ LAN, Zyxel GS1100-24 Switch.

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33881
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Help Setting Up Speedtouch 536v6 Router In None Nat Mode Please.
« Reply #13 on: December 12, 2006, 11:49:31 PM »

Glad you finally got it sorted in the end. :)

Thanks for posting the info - it may well help someone else in the future :)
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker
 

anything