Multi-level NAT

I have in mind a cheap solution for a social club environment thus:

Single ADSL circuit with wireless ADSL router allowing members to
connect to the 'public' network.

However, I also want certain systems within the premises to be connected
to a private LAN which also has access to the outside world via the ADSL
router, but protects the systems inside it from the 'public' LAN.

A kind of 'multi-level NAT' if you will.

The public/ADSL side is your bog-standard ADSL wireless router, but what
should I use for the private LAN? Various routers exist which implement
NAT, without ADSL modems, however which of these can I use which will
use a standard ethernet connection, rather than mucking about with PPP
over Ethernet.

For instance:
Private router 192.168.0.1/24
Private router WAN side 192.168.1.2
Public router 192.168.1.1/24
Public addresses 192.168.1.3 .. 192.168.1.254
Public router WAN side is ADSL line

Any suggestions?

I could use a Cisco 800-series router for this, but I'm not wanting to
pay that sort of money...

Jim

Jim Howes wrote:
> I have in mind a cheap solution for a social club environment thus:
>
> Single ADSL circuit with wireless ADSL router allowing members to
> connect to the 'public' network.
>
> However, I also want certain systems within the premises to be connected
> to a private LAN which also has access to the outside world via the ADSL
> router, but protects the systems inside it from the 'public' LAN.
>
> A kind of 'multi-level NAT' if you will.
>
> The public/ADSL side is your bog-standard ADSL wireless router, but what
> should I use for the private LAN? Various routers exist which implement
> NAT, without ADSL modems, however which of these can I use which will
> use a standard ethernet connection, rather than mucking about with PPP
> over Ethernet.
>
> For instance:
> Private router 192.168.0.1/24
> Private router WAN side 192.168.1.2
> Public router 192.168.1.1/24
> Public addresses 192.168.1.3 .. 192.168.1.254
> Public router WAN side is ADSL line
>
> Any suggestions?
>
> I could use a Cisco 800-series router for this, but I'm not wanting to
> pay that sort of money...
>
> Jim

You should be able to use any 'cable' router for this. I've got a
similar setup with a Speedtouch ADSL router providing access to my /29
public IPs and then I've got a Linksys WRT54G wireless cable router for
a NAT network hanging off one of the public IP addresses.

I'd expect to be able to disable PPPoE on a cable router available in
the UK (as Virgin Media don't use it), but I'd be foolish to guarantee
that all can

HTH

Peter

Jim Howes wrote:
> I have in mind a cheap solution for a social club environment thus:
>
> Single ADSL circuit with wireless ADSL router allowing members to
> connect to the 'public' network.
>
> However, I also want certain systems within the premises to be connected
> to a private LAN which also has access to the outside world via the ADSL
> router, but protects the systems inside it from the 'public' LAN.
>
> A kind of 'multi-level NAT' if you will.

The first question that occurs to me, is will a cheap commercial ADSL
router support NAT on more than one network? If it won't, you may have
to segment the network it WILL route into two halves..

Ive looked at mt router - an old DLINK 504, and that will allow me to
set up, for example, teh internal ethernet address to span many networks
by adjusting the netmask, but equally to restrict the DHCP that it
broadcasts to exactly one network, or part thereof and adjust netmasks
as well, so it looks POSSIBLE that it would do the job, although I am
concerned about broadcast addresses and the like.


>
> The public/ADSL side is your bog-standard ADSL wireless router, but what
> should I use for the private LAN? Various routers exist which implement
> NAT, without ADSL modems, however which of these can I use which will
> use a standard ethernet connection, rather than mucking about with PPP
> over Ethernet.
>
My choice would be here to use a Linux machine set up wih twin interface
cards.

Because second hand low power PC's are two a penny. Use of IP tables and
routing would control access to the LAN fairly easily, and webmin as a
web admin interface exists.

..


> For instance:
> Private router 192.168.0.1/24
> Private router WAN side 192.168.1.2
> Public router 192.168.1.1/24
> Public addresses 192.168.1.3 .. 192.168.1.254
> Public router WAN side is ADSL line
>
> Any suggestions?
>
> I could use a Cisco 800-series router for this, but I'm not wanting to
> pay that sort of money...
>

Check ebay prices..ciscos at least have full flexibility..
> Jim

Jim Howes wrote:
> I have in mind a cheap solution for a social club environment
thus:
>
> Single ADSL circuit with wireless ADSL router allowing members
to
> connect to the 'public' network.
>
> However, I also want certain systems within the premises to be
> connected to a private LAN which also has access to the outside
world
> via the ADSL router, but protects the systems inside it from
the
> 'public' LAN.
>
> A kind of 'multi-level NAT' if you will.
>
> The public/ADSL side is your bog-standard ADSL wireless router,
but
> what should I use for the private LAN? Various routers exist
which
> implement NAT, without ADSL modems, however which of these can
I use
> which will use a standard ethernet connection, rather than
mucking
> about with PPP over Ethernet.
>
> For instance:
> Private router 192.168.0.1/24
> Private router WAN side 192.168.1.2
> Public router 192.168.1.1/24
> Public addresses 192.168.1.3 .. 192.168.1.254
> Public router WAN side is ADSL line
>
> Any suggestions?
>
> I could use a Cisco 800-series router for this, but I'm not
wanting to
> pay that sort of money...
>
> Jim

Draytek 2800 series ADSL routers will do this. There's setup
details on their support web site. I think the older 2600 series
routers will also do this.

Mark

On Tue, 29 Jul 2008 21:16:02 +0100, Jim Howes wrote:

> For instance:
> Private router 192.168.0.1/24
> Private router WAN side 192.168.1.2
> Public router 192.168.1.1/24
> Public addresses 192.168.1.3 .. 192.168.1.254 Public router WAN side is
> ADSL line
>
> Any suggestions?

(ADSL)---(Public router)---(Private router)---(Private servers)
|
|
Public internet access


Any old Cable router should do the trick for the Private router. Depends
if you're bothered about NATing the private network. If you want to be
able to turn off NAT on the private router, you will a) need to get a
Private router that supports turning off NAT and b) your Public ADSL
router will need to let you put in a static route to the private network
via the Private router's WAN. My personal recommendation would be a
router that can run DD-WRT or Tomato, as it will give you lots of
interesting stuff to play with.

--
<http://ale.cx/> (AIM:troffasky) ((E-Mail Removed))
21:38:20 up 20 days, 14 min, 3 users, load average: 0.01, 0.18, 0.15
Convergence, n: The act of using separate DSL circuits for voice and data