Simple Question About NAT Routers

This is not specific to Linux, but there seem to be more smart people
here than in all the Windows groups put together<

I have a static IP Address which is listed below. My setup behind an
SMC7004 NAT Router was as follows:

IP Address: XXX.YYY.154.163
Subnet Mask: 255.255.255.0
GateWay: XXX.YYY.152.ZZZ

Domain: AAA.BBB.64.222, AAA.BBB.64.223

The SMC wanted you to access him at 192.168.123.1
I then routed Port 80 to 192.168.123.254 which was a Linux webserver
which had been assigned that IP address.

Ok, I decide to replace the aging SMC7004 and buy a NETGEAR WGT624
(probably my first mistake) which wants to be accessed on 192.168.0.1.

So, I change the web servers IP to 192.168.0.200 and begin to configure
the router using *the* *same* *exact* *parameters* as listed above.
However it will not let me enter the Gateway address because its not
the same at the third level. It wants something in the 66.114.154.xxx
range. So, I have to let it pick its own and therein must lie the
problem I am guessing.

Not what is odd is that I get Internet service just fine (The WWW that
is) but I cannot ping myself? I have gone to www.whatismyip.com and it
says I am at the address I am trying to ping. Therefore, when I go to
find my website via the Internet, it cannot be found via
66.114.154.AAA.

I have had DSL since the early days and at that time Verizon provided
the signal and a small company that has since become Isomedia provides
the ISP service. So, I call the ISP and the guy says I am NOT static
IP which is a bold faced lie. I prefaced the call by saying I was
having trouble setting up my NAT router configuration, so he probably
had lots of reasons not to talk to me, but still I am paying $32 to
Verizon and 17.50 to Isomedia, so if I lose my static IP over this, so
be it, the wesites are not high traffic and if my DSL drops to $30 a
month, I can probably manage with a dynamic IP.

But I really want to know:

1. Why would SMC allow me to configure that way and not the new
NETGEAR router?

2. Could my ISP just give me a different gateway address in the same
range? Unless none were available I suppose.....

3. Why can't I ping myself?

(E-Mail Removed) wrote in news:1107701563.972472.59470
@o13g2000cwo.googlegroups.com:

> 3. Why can't I ping myself?

Your router is probably blocking WAN pings.

(E-Mail Removed) wrote:
> This is not specific to Linux, but there seem to be more smart people
> here than in all the Windows groups put together<
>
> I have a static IP Address which is listed below. My setup behind an
> SMC7004 NAT Router was as follows:
>
> IP Address: XXX.YYY.154.163
> Subnet Mask: 255.255.255.0
> GateWay: XXX.YYY.152.ZZZ

Then your wan (ISP) side was on one subnet and your lan side on
another. x.x.154.x/24 is a different net from x.x.152.x/24.

> Domain: AAA.BBB.64.222, AAA.BBB.64.223

Doesn't reveal anything without the netmask and leading IP octets. Are
these DNS servers, btw?

> The SMC wanted you to access him at 192.168.123.1

This was the admin interface address.

> I then routed Port 80 to 192.168.123.254 which was a Linux webserver
> which had been assigned that IP address.

So this address space was a private lan.

> Ok, I decide to replace the aging SMC7004 and buy a NETGEAR WGT624
> (probably my first mistake) which wants to be accessed on
192.168.0.1.

Many use different addresses for admin access. My SurfBoad CM uses
192.168.0.1. The other day someone had to use something like
192.168.0.24 to access the admin interface on a Linksys, IIRC.

> So, I change the web servers IP to 192.168.0.200 and begin to
configure
> the router using *the* *same* *exact* *parameters* as listed above.

May or (more likely) may not be appropriate with the new gear.

> However it will not let me enter the Gateway address because its not
> the same at the third level.

No idea about "third level" -- I don't play video games;-)

> It wants something in the 66.114.154.xxx

This is a _public_ IP address space, evidently from your ISP:
Lookup 66.114.154.0 (unresolved) in 20+9 Zones
AS: 66.114.128.0/19 AS18530 ISOMEDIA, Inc. Redmond/Washington
Net 66.114.128-159 PIA-BLK-1 Oak Harbor, Washington @pioneernet.net

> range. So, I have to let it pick its own and therein must lie the
> problem I am guessing.

Sounds like your new gear is acting as a DHCP relay so that when you
boot, ask for an address/net params, it passes the request upstream and
the reponse back to your host. It may be doing this without your host
making an explicit request as some sort of default behavior -- very
common for wireless setups.

You probably can over ride it with something in the admin page.

> Not what is odd is that I get Internet service just fine (The WWW
that
> is) but I cannot ping myself?

$ ping 127.0.0.1
$ ping you.rIP.add.res < your IP address
$ ping you.rho.stn.ame < your host name
$ ping gw.ip.add.res
$ ping dns.svr.add.res
$ ping yahoo.com

> I have gone to www.whatismyip.com and it
> says I am at the address I am trying to ping. Therefore, when I go
to
> find my website via the Internet, it cannot be found via
> 66.114.154.AAA.

The Netgear (wan/ISP side) may have the only address that's entered
into the DNS server. Depends on your ISP and _maybe_ the Netgear
setup.

> I have had DSL since the early days and at that time Verizon provided
> the signal and a small company that has since become Isomedia
provides
> the ISP service. So, I call the ISP and the guy says I am NOT static
> IP which is a bold faced lie.

Well, it's easy eough for him to check and that seems to be the "kind"
of account you have. Explains why your address changed(?) when you
changed your gear -- it is booting up with a different MAC address from
the old SMC.

You may have been issued a DHCP fixed-address that rarely (if ever)
changes with normal use. You may need to register your new Netgear MAC
to get a "real" static IP.

> I prefaced the call by saying I was
> having trouble setting up my NAT router configuration, so he probably
> had lots of reasons not to talk to me, but still I am paying $32 to
> Verizon and 17.50 to Isomedia, so if I lose my static IP over this,
so
> be it, the wesites are not high traffic and if my DSL drops to $30 a
> month, I can probably manage with a dynamic IP.

It can be a good idea for low traffic users to "back up" even a static
IP with a DNS entry at dyndns.org -- just in case the ISP changes its
mind ;-)

> But I really want to know:
>
> 1. Why would SMC allow me to configure that way and not the new
> NETGEAR router?

See above and look closely at the user guides/spec sheets.

> 2. Could my ISP just give me a different gateway address in the same
> range? Unless none were available I suppose.....

Uhh? Your GW address _must_ be on the same net as your wan/ISP
interface for reachability. Other than that, no ISP will/can cater to
any additional customer needs re: GW address.

> 3. Why can't I ping myself?

See above ping tests. You should be able to ping your own IP address,
both 127.x and the IP assigned to your nic at the very least.

Pinging your host name can fail for a number of reasons -- all relating
to name resolution and where the hostname is "entered". Doubtful that
you have a DNS record for a name you selected unless you explicitly
paid for it. The dynamic name typically generated by ISPs is butt ugly
+ and all but useless. Harder to use than just your IP address.

Double check your setup and the user guides, run through the ping
tests, and if you still have problems, post the command line and output
of each ping test. Also include ifconfig -a output and output of route
-n of your Linux host and the IP of your Netgear's wan/ISP interface
and (any?) lan side ports/interfaces.

Confirm that the Netgear is a true router and not just a "bridging
router" or "router/switch". A true router will have IPs assigned to
the lan ports themselves (and can eat up public IPs if you're not
carefull) and not just to the attached host (which would indicate a
switch).

hth,.
prg
email above disabled

prg wrote:
> (E-Mail Removed) wrote:
> > This is not specific to Linux, but there seem to be more smart
people
> > here than in all the Windows groups put together<
> >
> > I have a static IP Address which is listed below. My setup behind
an
> > SMC7004 NAT Router was as follows:
> >
> > IP Address: XXX.YYY.154.163
> > Subnet Mask: 255.255.255.0
> > GateWay: XXX.YYY.152.ZZZ
>
> Then your wan (ISP) side was on one subnet and your lan side on
> another. x.x.154.x/24 is a different net from x.x.152.x/24.
>
> > Domain: AAA.BBB.64.222, AAA.BBB.64.223
>
> Doesn't reveal anything without the netmask and leading IP octets.
Are
> these DNS servers, btw?
>
> > The SMC wanted you to access him at 192.168.123.1
>
> This was the admin interface address.
>
> > I then routed Port 80 to 192.168.123.254 which was a Linux
webserver
> > which had been assigned that IP address.
>
> So this address space was a private lan.
>
> > Ok, I decide to replace the aging SMC7004 and buy a NETGEAR WGT624
> > (probably my first mistake) which wants to be accessed on
> 192.168.0.1.
>
> Many use different addresses for admin access. My SurfBoad CM uses
> 192.168.0.1. The other day someone had to use something like
> 192.168.0.24 to access the admin interface on a Linksys, IIRC.
>
> > So, I change the web servers IP to 192.168.0.200 and begin to
> configure
> > the router using *the* *same* *exact* *parameters* as listed above.
>
> May or (more likely) may not be appropriate with the new gear.
>
> > However it will not let me enter the Gateway address because its
not
> > the same at the third level.
>
> No idea about "third level" -- I don't play video games;-)
>
> > It wants something in the 66.114.154.xxx
>
> This is a _public_ IP address space, evidently from your ISP:
> Lookup 66.114.154.0 (unresolved) in 20+9 Zones
> AS: 66.114.128.0/19 AS18530 ISOMEDIA, Inc. Redmond/Washington
> Net 66.114.128-159 PIA-BLK-1 Oak Harbor, Washington @pioneernet.net
>
> > range. So, I have to let it pick its own and therein must lie the
> > problem I am guessing.
>
> Sounds like your new gear is acting as a DHCP relay so that when you
> boot, ask for an address/net params, it passes the request upstream
and
> the reponse back to your host. It may be doing this without your
host
> making an explicit request as some sort of default behavior -- very
> common for wireless setups.
>
> You probably can over ride it with something in the admin page.
>
> > Not what is odd is that I get Internet service just fine (The WWW
> that
> > is) but I cannot ping myself?
>
> $ ping 127.0.0.1
> $ ping you.rIP.add.res < your IP address
> $ ping you.rho.stn.ame < your host name
> $ ping gw.ip.add.res
> $ ping dns.svr.add.res
> $ ping yahoo.com
>
> > I have gone to www.whatismyip.com and it
> > says I am at the address I am trying to ping. Therefore, when I go
> to
> > find my website via the Internet, it cannot be found via
> > 66.114.154.AAA.
>
> The Netgear (wan/ISP side) may have the only address that's entered
> into the DNS server. Depends on your ISP and _maybe_ the Netgear
> setup.
>
> > I have had DSL since the early days and at that time Verizon
provided
> > the signal and a small company that has since become Isomedia
> provides
> > the ISP service. So, I call the ISP and the guy says I am NOT
static
> > IP which is a bold faced lie.
>
> Well, it's easy eough for him to check and that seems to be the
"kind"
> of account you have. Explains why your address changed(?) when you
> changed your gear -- it is booting up with a different MAC address
from
> the old SMC.
>
> You may have been issued a DHCP fixed-address that rarely (if ever)
> changes with normal use. You may need to register your new Netgear
MAC
> to get a "real" static IP.
>
> > I prefaced the call by saying I was
> > having trouble setting up my NAT router configuration, so he
probably
> > had lots of reasons not to talk to me, but still I am paying $32 to
> > Verizon and 17.50 to Isomedia, so if I lose my static IP over this,
> so
> > be it, the wesites are not high traffic and if my DSL drops to $30
a
> > month, I can probably manage with a dynamic IP.
>
> It can be a good idea for low traffic users to "back up" even a
static
> IP with a DNS entry at dyndns.org -- just in case the ISP changes its
> mind ;-)
>
> > But I really want to know:
> >
> > 1. Why would SMC allow me to configure that way and not the new
> > NETGEAR router?
>
> See above and look closely at the user guides/spec sheets.
>
> > 2. Could my ISP just give me a different gateway address in the
same
> > range? Unless none were available I suppose.....
>
> Uhh? Your GW address _must_ be on the same net as your wan/ISP
> interface for reachability. Other than that, no ISP will/can cater
to
> any additional customer needs re: GW address.
>
> > 3. Why can't I ping myself?
>
> See above ping tests. You should be able to ping your own IP
address,
> both 127.x and the IP assigned to your nic at the very least.
>
> Pinging your host name can fail for a number of reasons -- all
relating
> to name resolution and where the hostname is "entered". Doubtful
that
> you have a DNS record for a name you selected unless you explicitly
> paid for it. The dynamic name typically generated by ISPs is butt
ugly
> + and all but useless. Harder to use than just your IP address.
>
> Double check your setup and the user guides, run through the ping
> tests, and if you still have problems, post the command line and
output
> of each ping test. Also include ifconfig -a output and output of
route
> -n of your Linux host and the IP of your Netgear's wan/ISP interface
> and (any?) lan side ports/interfaces.
>
> Confirm that the Netgear is a true router and not just a "bridging
> router" or "router/switch". A true router will have IPs assigned to
> the lan ports themselves (and can eat up public IPs if you're not
> carefull) and not just to the attached host (which would indicate a
> switch).
>
> hth,.
> prg
> email above disabled

I just wanted to say that this is not as complicated as what the
previous poster seems to imply. I have an IP address and I am sure
that it was a static IP at 66.114.154.236 and so I have configured my
new Netgear router *exactly* the same as what was on the old SMC
router, *except* the Netgear won't let me choose a different subnet for
the Gateway parameter. That is on the Gateway I need to be set to
66.114.152.1 and the router will *NOT* take 152 for the third position
because it doesn't match the 154 in the IP Address. The DNS servers
listed above also belong to my ISP.

There must be a reason for this, but I can't imagine why?

BTW, the Linux box is configured correctly and answers quite nicely to
192.168.0.200. I am able to collect email, ssh, some trouble with ftp
that I need to look into, but the website comes up fine.

I am a little baffled by what the previous poster is saying, and I'm
obviously weak on DNS and networking compared to others, but crimony
there's only 5 parameters from the ISP and port forwarding seems pretty
straightforward.

I just don't get it...

(E-Mail Removed) wrote:
>[snip]
>
> I just wanted to say that this is not as complicated as what the
> previous poster seems to imply.

That may be from your view of things, but remember, we can't see
anything and can't type any commands -- or look up any Windows settings
in dialogs, click a mouse, or see setup dialogs or admin pages. Can't
even download a user guide for your Netgear box; just a flashy data
sheet ;(

When asked to enter commands and the output results, we are asking for
_exactly_ what _we_ need to help you -- not what _you_ think we need to
help you. Please co-operate. Pretty please.

> I have an IP address and I am sure
> that it was a static IP at 66.114.154.236

Doesn't really matter what it _used_ to be, till you get your current
setup working satisfactorily. Then you can revisit the "why did they
change my IP" question. What is it now? It's the IP used by your
Netgear box as you seem to be using private IPs on your lan.

And it's still not clear to me that your current IP is different from
the old one or in what way. I _think_ that's what you're saying, but I
often misinterpret what I read here.

> and so I have configured my
> new Netgear router *exactly* the same as what was on the old SMC
> router,

You may very well have done so -- but I never saw your old setup, so
it's not much use to me in trying to help. One thing you almost
certainly did _not_ do was set the Netgear's MAC address to the MAC
address of the old SMC. The Netgear provides this info as soon as it
boots up and your ISP sees a different MAC than the one sued by the SMC
box. That can affect _you_ in a number of ways depending on your ISP.

> *except* the Netgear won't let me choose a different subnet for
> the Gateway parameter.

You lose me here. The setting for your computer's GW or the GW used by
the Netgear box? Remember, I can't _see_ anything about your setup.
Nothing, nada, zip. Exactness and clarity and completeness are
required for any advice except guessing. And your guess is as good as
mine (or better).

> That is on the Gateway ...

Do you mean the Netgear box?

>... I need to be set to 66.114.152.1

You mean the Netgear box needs an IP of 66.114.152.1? Or the gateway
setting (aka default route) of your Linux box needs to be set to
66.114.152.1?

> and the router will *NOT* take 152 for the third position
> because it doesn't match the 154 in the IP Address.

And if I half understand your description, no other setup interface
would allow such a thing. 66.114.152.x/24 is _not_ in the same subnet
as 66.114.154.x/24 (or smaller subnets). The GW used by the Netgear
box _must_ be in the same subnet as it's IP or you could not use it to
maintain basic connectivity to your ISP. It's just the way IP works.
Period.

Does your Netgear box _have_ an assigned, public IP? I can't even tell
that for sure from your description or the data sheet.

Why on earth do you think you need the 66.114.152.1 if your IP is
66.114.154.x? Just because that is what your old SMC used? A friend
told you to use it? Your ISP suggested it? It makes no sense and your
Netgear box is telling you that.

> The DNS servers
> listed above also belong to my ISP.

Then the only way you can reach your IP by name is to use the name (if
any) that they placed in the DNS server (or use a name you select at
some place like dyndns). Even then you may not be able to ping your IP
from outside your subnet or the ISP's network -- it may be blocked.

> There must be a reason for this, but I can't imagine why?
>
> BTW, the Linux box is configured correctly and answers quite nicely
to
> 192.168.0.200. I am able to collect email, ssh, some trouble with
ftp
> that I need to look into, but the website comes up fine.

You mean it has internet connectivity from your side. Good. Can you
get to your server(s) from outside as you wish? Just a web server,
wasn't?

> I am a little baffled by what the previous poster is saying, and I'm
> obviously weak on DNS and networking compared to others, but crimony
> there's only 5 parameters from the ISP and port forwarding seems
pretty
> straightforward.
>
> I just don't get it...

To tell the truth, neither do I. That is, I really don't have a grasp
of just what your "problem symptoms" are. What's not working the way
you need it to work?

And I have _no_ vital signs asked for. Without them, I am blind. I
have _no_ clue about your setup except that you have a new Netgear box
that replaced an old SMC box, probably some kind of dsl modem
connecting to your ISP (connected to the Netgear box), and a host
(connected to a port on the Netgear box) running some distro/version of
Linux of which I am clueless and would need to know to fruitfully help.
I have no telepathic or remote viewing powers. I used to but lost my
union card.

I have _some_ idea of what you have tried to do with the Netgear
setup/admin page(s), but what you are doing makes no sense to me, and
I'm clueless as to why you are doing it.

Without verbatum command output (copy-n-paste) as requested I can't
help you. Less description, more data. An ascii diagram of your
network would also be nice.

regards,
prg
email above disabled

(E-Mail Removed) writes:

>I just wanted to say that this is not as complicated as what the
>previous poster seems to imply. I have an IP address and I am sure
>that it was a static IP at 66.114.154.236 and so I have configured my
>new Netgear router *exactly* the same as what was on the old SMC
>router, *except* the Netgear won't let me choose a different subnet for
>the Gateway parameter. That is on the Gateway I need to be set to
>66.114.152.1 and the router will *NOT* take 152 for the third position
>because it doesn't match the 154 in the IP Address. The DNS servers
>listed above also belong to my ISP.

The netgear is correct. Your gateway needs to be on the same
subnet.

Was your older SMC box by any chance set for some kind of PPP (such
as PPPoE)? If using PPP, then there is a logical link with different
IP addresses at each end. That would account for the discrepancy.

(E-Mail Removed) wrote in news:1107738271.289067.317920
@o13g2000cwo.googlegroups.com:

> router, *except* the Netgear won't let me choose a different subnet for
> the Gateway parameter. That is on the Gateway I need to be set to
> 66.114.152.1 and the router will *NOT* take 152 for the third position
> because it doesn't match the 154 in the IP Address. The DNS servers

Correct.

> There must be a reason for this, but I can't imagine why?

Let's take a step back. A gateway is a device on the network that allows
your machine (and others on your subnet) to connect to other networks.
Your gateway /HAS/ to be in your subnet. Think about it. How can the
device that routes your traffic to other subnets be on a different
subnet? How would it get to the gateway, since the gateway itself is on
a different network?

One of two things is happening here. You have been misinformed and the
information you have been given was incorrect and you should contact your
SP for the current IP/Subnet/Gateway addresses you should be using. If
not, then you are blindly ignoring what everyone is telling you about
your setup being completely wrong. You must contact your service
provider and obtain the correct addressing information before continuing.