Airplane777
join:2004-06-20
2 edits | reply to superdog
Re: NAT behind NAT not a bad thing ?
Thank you superdog, robbin, & cmaenginsb:
Bridging it is.
I had to do some thinking since this commercial establishment had their own wireless router. Your ideas on me doing bridging makes sense. So I just got done setting up a test DLB 2300 in bridge mode (just to make sure I can do it quickly on the clients CPE).
I finally got the CAT5 run yesterday. I'm using NPRM with my tripod tapconned to some concrete patio blocks, which are sitting on 3 rubber mats. Seems to work pretty good. I still may go up and put a sand bag on each concrete block. I'm hoping it will take a lot of wind without blowing over...lol.
This stuff is fun...especially when I was crawling around on the roof setting up the tripod when it was snowing a few days ago.
To make it even more fun, I'm doing MAC authentication, hidden SSID, and WPA 2...lol. |
|
superdog
I Need A Drink
Premium,MVM
join:2001-07-13
Lebanon, PA
| reply to Airplane777
said by Airplane777  :How do you get those public static IPs through your edge router (since I assume your edge router is NATed)? You do some kind of port forwarding? (Isn't an edge router the one connected directly to the modem that goes to the Internet backbone?) Or do you do bridging of your edge router also? Bob, when You have a T1 or larger to the net, all of us use a router at the edge that basically bridges all of our static IP's right thru to the end user or at least to the CPE. If You are using DSL as a backhaul, You may only have 1 real world IP?, and that is used in Your modem. If that is the case?, You would then in all reality be NAT'ing 3 times?. Once at Your NOC, once at the CPE and then the 3rd time on Your customers router. This is a really bad idea. While I have seen VPN's work thru 2 NAT boxes, I have also seen some strange things happen to programs like Citrix(allows You to use a local computer to run a remote one across a VPN and special software). I would use that DLB2300 or Highgain CPE as a bridge. That way You are at least only NAT'ing twice. Once at the NOC(modem) and then again on the customers router. 
--
»www.wavecrazy.net Join WISPA today! »www.wispa.org/ |
|
robbin
Premium,MVM
join:2000-09-21
Leander, TX
| reply to Airplane777
Well, to start with, I use Trango equipment. The AP / SU (CPE) link is a bridge (no choices). It's hard to explain if you are used to WIFI equipment but basically my APs and CPEs do not exist on the client to internet network -- they are totally invisible. So whatever I do with them has no effect on the IP address assignment of the client router.
I am currently 100% bridged. As I get larger, if I decide to grow that much, I will probably do 1 to 1 NAT. Many (perhaps the majority) of my customers use a VPN on a regular basis and there has never been a problem for them. They are extremely grateful as this means that they don't have to drive 75 to 100 miles on the days they work from home!
My edge router is my T1 router -- you don't need a modem for a T1, only for DSL. |
|
Airplane777
join:2004-06-20
1 edit | reply to robbin
Hi robbin:
Thanks for your post.
Since you give public static IPs to your clients, I assume your CPEs are then set to bridging-client mode? I'm trying to get this bridging and client stuff streight in my head...lol.
How do you get those public static IPs through your edge router (since I assume your edge router is NATed)? You do some kind of port forwarding? (Isn't an edge router the one connected directly to the modem that goes to the Internet backbone?) Or do you do bridging of your edge router also? |
|
