| Author |
Router and internet backbone problem
|
|
| 2lazybutsmart 2004-04-07, 12:52 pm |
| I've attached a diagram of my network. The problem here is that I can't use the internet from the computer. However, if I connect the cable the router is using to communicate with "ROUTER B" to my computer, I can access the internet.
I'll explain in more detail. But what do you guys think might be the problem --at first glance. Could it be NAT? I haven't learned how to configre NAT (although the IP Addresses I'm using in my "internal" network are private).
I'd appreciate any help.
2lbs. | |
| dmaftei 2004-04-07, 1:05 pm |
| You mean, it works if you connect your computer directly to Router B, or directly to Router C? Anyway, an address on Router B seems to be wrong, I believe .36 should be .38. | |
| 2lazybutsmart 2004-04-07, 1:46 pm |
| OK, I've ommited a few details here, but RouterA and RouterB actually connect to a switch. Now before I introduced RouterA, I could connect the "66.151.209.6" to my computer and make the default gateway "66.151.209.1"(RouterB) and the internet would work.
Now when the 66.151.209.6 IP address is taken by RouterA to communicate with RouterB, my computer can't access the internet.
The following are current situation points:
1-I can ping RouterA, RouterB from my computer. I can't ping RouterC from the computer.
2-I can ping RouterB, RouterC, and all the DNS servers from RouterB. I can even ping yahoo and examnotes from RouterB.
I'll be glad to provide more info.
2lbs.
p.s. yes, you're right. the IP address of RouterB was wrong, I've changed it and replaced the bmp wit the updated one. thnx. | |
| dmaftei 2004-04-07, 2:00 pm |
| quote:
Originally posted by 2lazybutsmart
1-I can ping RouterA, RouterB from my computer.
Exactly what can you ping on Router B from your computer: 66.151.209.1, or 66.151.208.38, or both? | |
| 2lazybutsmart 2004-04-07, 2:08 pm |
| I can ping:
192.168.20.2
66.151.209.6
66.151.209.1
and 66.151.209.38
from my computer.
The 66.151.209.37 is the default gateway of RouterB (That's a router in the ISP). And 66.151.209.1 is the default gateway of RouterA.
 | |
| dmaftei 2004-04-07, 2:41 pm |
| So, C is your ISP, and B is your connection to the ISP, right? What did you have on B before inserting A: 66.151.209.1, or 192.168.20.2? | |
| 2lazybutsmart 2004-04-07, 3:02 pm |
| B was always configured to have one interface as 66.151.209.38 and the other as 66.151.209.1.
Actually, the router is using VLSM. the 66.0.0.0 network is divided into 3 subnet's with 2 masks. a /28 mask used for 2 subnets and a /30 used for the point to point link with the satellite modem.
But I guess that internal configuration doesn't have anything to do with why people connected to routerA are getting "request timeout" (not destination host unreachable) when they ping 66.151.209.37 or any other internet address.
i'll dig out more if you need.
thnx.
2lbs. | |
| dmaftei 2004-04-07, 3:14 pm |
| quote:
Originally posted by 2lazybutsmart
Could it be NAT?
If my understanding of your setup is correct, then it's definitely NAT. You are not running NAT on A, are you? | |
| 2lazybutsmart 2004-04-07, 3:19 pm |
| nope. A isn't running NAT. and (although I'm studying for CCNA) I don't know how to configure NAT> and as the book's pages tell, NAT isn't covered in details in CCNA.
so, could you please help me configure NAT.
Thanks.
p.s. I'm saying A isn't running NAT although I don't know how to check whether NAT is running or not. However, I do know I've erased the startup config many times.... so I guess NAT configurations can't be lurkin around. | |
| dmaftei 2004-04-07, 3:49 pm |
| This might work (try it at your own risk...)
On Router A:
ip nat inside source list 1 interface ethernet 0 overload
access-list 1 permit 192.168.1.0 0.0.0.255
On the 66.151.209.6 interface:
ip nat outside
On the 192.168.20.2 interface:
ip nat inside
"ethernet 0" is your 66.151.209.6 interface.
Fixing typo: the address in the access list should be 192.168.20.0, not 192.168.1.0. | |
| forbesl 2004-04-07, 3:58 pm |
| RouterA#conf t
RouterA(config)#ip nat inside source list 1 interface (insert interface name connected to Router B i.e. serial 0/0) overload
RouterA(config)#access-list 1 permit 192.168.20.0 0.0.0.255
RouterA(config)#int (inside interface)
RouterA(config-if)#ip nat inside
RouterA(config-if)#int (outside interface)
RouterA(config-if)#ip nat outside
RouterA(config-if)#end
RouterA#wr mem
This will overload your computer's private IP address to the IP address of your external interface. In other words the world will see your computer as 66.151.209.6. | |
| Yankee 2004-04-08, 4:45 am |
| While the NAT config is likely the solution to his problem, I didn't see anybody tell him why or ask about all the public addresses he was using on his network. Could still be interesting to learn more about what was likely a routing problem for a number of reasons.
Yankee | |
| dmaftei 2004-04-08, 10:54 am |
| My understanding is that 2lazy got a /28 block from his ISP -- unlike us, ordinary mortals, who get only one public address. As such, he can attach anything with an address in the range 66.151.209.2 through 66.151.209.14 to the switch between A and B (not pictured), and it will work fine. I also think that B is on 2lazy's premises, but it's configured by his ISP.
As for the failed pings, I believe C is dropping everything coming in from 66.151.208.38, and not originating from 66.151.208.38 itself or from 66.151.209.0/28 -- that's how I would configure C if I were the ISP. Without NAT, the pings from computer originate from 192.168.20.1; while A and B wouldn't have a problem with that, C would drop them. With NAT on A, computer's pings are masqueraded as originating from 66.151.209.6, and that would make C happy. | |
| Yankee 2004-04-09, 5:06 am |
| It's probably even simpler than that...
Router A and B are running a routing protocol (or statically routed) to know of the 192.168.x.x block. Router C has know idea (and shouldn't) about that private block so it drops the packet. Until his computer plays in the public block either thru NAT or redesigning his LAN that host will never get a response from anywhere outside of his little network.
That's what I think now that I finally peeked at his drawing...
Yankee | |
| forbesl 2004-04-09, 11:30 am |
| Simpler still:
Private IP addresses are not routable over the internet.... | |
| Yankee 2004-04-10, 7:40 am |
| They are routable. The providers simply dump them to null zero.
that's why I said "and shouldn't know"
Yankee | |
| forbesl 2004-04-10, 10:48 am |
| quote:
Originally posted by Yankee
They are routable. The providers simply dump them to null zero.
that's why I said "and shouldn't know"
Yankee
If the ISPs dump them in the bit bucket, they aren't routable over the internet then, are they? You knew what I meant, and so does anyone else who has been in this field for a while. Why try to make something so simple appear so difficult? | |
| dmaftei 2004-04-10, 12:35 pm |
| quote:
Originally posted by forbesl
If the ISPs dump them in the bit bucket, they aren't routable over the internet then, are they?
Yes they are. Not routable means cannot be routed. Private addresses can be routed (that's how one builds private networks with multiple subnets). The fact that the ISPs dump them doesn't make them not routable.
Semantics... | |
| forbesl 2004-04-10, 1:21 pm |
| Sheesh....
Let me walk you through this:
If the ISPs dump them into null0, that means they do not exist on the internet; they are not in the routing table in the cloud. If they aren't in routing table, they can't be routed. If they can't be routed, they aren't routable. I didn't say private networks CAN'T BE ROUTED. I said they aren't routable OVER THE INTERNET. If a network doesn't exist, it can't be routed, can it?
If both of you would concentrate as much on learning your craft rather than picking apart my replies or posting lengthy messages to show everyone how much you think you know, you'd be geniuses. | |
| Yankee 2004-04-10, 1:33 pm |
| I only replied because you took it upon yourself to restate what I had already said without adding any additional value. To use your words "you knew what I meant and so does anyone else who has been in this field for a while".
When you have been around a bit longer, you will learn the importance of being technically accurate in the words you select.
Yankee | |
| dmaftei 2004-04-10, 1:33 pm |
| You cannot take anybody's opinion if it doesn't match yours, can you? Relax, I'm not after you (and I'm sure neither is Yankee); I'm just saying what I think on the issue at hand.
Man, you really have a temper problem... Maybe you should seek professional advice before you get a stroke or something... | |
| forbesl 2004-04-10, 2:05 pm |
| quote:
Originally posted by Yankee
I only replied because you took it upon yourself to restate what I had already said without adding any additional value.
Yankee
I didn't need to add any "additional value". My reply was simple and to the point. The guy who started this thread was obviously a beginner, and once he had what he needed, I didn't see him ask "why?". You and dmaftei are the ones who felt you needed to expound upon the problem. I just made it simpler for the guy in case he was still reading the thread. That's all he needed to know. If he wanted to know "why" he would have asked.
I HAVE been in this field for quite a while, and one thing I've learned:
People who talk too much and expound about what they know (or think they know) are usually book-smart and job-stupid.
I know how to be technically accurate ---when needed---- you just need to learn when to be accurate and when you don't need to be. When you're talking to a beginner, the rule is K.I.S.S, especially when they aren't looking for a lengthy novel. | |
| forbesl 2004-04-10, 2:06 pm |
| quote:
Originally posted by dmaftei
I'm just saying what I think on the issue at hand.
So am I | |
| dmaftei 2004-04-10, 4:12 pm |
| Never mind. | |
| Yankee 2004-04-11, 7:51 am |
| I was going to tell you the proper solution for the original problem, but erased that and decided this was a better last response.
Admit you were wrong.....you'll feel better...honestly
Yankee | |
| 2lazybutsmart 2004-04-11, 1:47 pm |
| Sorry guys... I've been away for a while.
Well first of all, that NAT config "worked"... and thanks to everybody (especially dmaftei for helping me sort things out in the begining).
quote:
I didn't need to add any "additional value". My reply was simple and to the point. The guy who started this thread was obviously a beginner, and once he had what he needed, I didn't see him ask "why?".
forbesl: thanks for the "neat-written" piece of config you provided, but why all this fuss over such a trivial thing?? Nobody's showing off here (and if they are, then who cares). And nobody's held responsible for adding "additional value". Clarifying things by adding "additional value" is all great becuase when people express how much they know --not in words full of ostentatious crap, of course; but it action-- (like posting solutions to problems and helping people solve things), people learn and observe the same thing from different perspectives.
We're all here to help --and be helped. That's how I see it, and I guess that's how Dmaftei and Yankee see it too. I'm not siding with either one, but hey... I thought that little flame had no place in this thread.
Thanks again.
2lbs. | |
| forbesl 2004-04-11, 3:38 pm |
| quote:
Originally posted by Yankee
Admit you were wrong.....you'll feel better...honestly
Yankee
Wrong about what? | |
| dmaftei 2004-04-12, 9:27 am |
| quote:
Originally posted by forbesl
Wrong about what?
I think Yankee refers to your statement about private networks being "not routable". | |
| forbesl 2004-04-12, 1:28 pm |
| quote:
Originally posted by dmaftei
I think Yankee refers to your statement about private networks being "not routable".
I wasn't wrong about that, and neither was he. In my reply concerning that statement, it's clear why I feel that way. | |
| dmaftei 2004-04-12, 2:41 pm |
| Whatever... What's really important is that you know you're right, even if a CCIE tells you you're wrong. (And no, the CCIE is not me, I'm only a "Byzantine monk in convulsions"...  ) |
|
|
|