Karlnet
[Top] [All Lists]

Re: [Karlnet] Help with nat and access list

To: karlnet@wispnotes.com
Subject: Re: [Karlnet] Help with nat and access list
From: Ryan Walker <rwalker@oacys.com>
Reply-to: karlnet@WISPNotes.com
Date: Tue, 08 Oct 2002 15:47:53 -0700
List-post: <mailto:karlnet@WISPNotes.com>
Hi Helio,

I believe that the access list requires the physical radio MAC, not the ethernet MAC. KarlNet NAT setup has always been a little weird in my opinion. The way we set it up to work is by not enabling bridging or routing (it does work with bridging enabled but we don't really want it to bridge all traffic). Since you need routing for interface 2 and 3 try removing the direct route for intf 1 and adding that IP address as the private IP in the NAT setup. Good Luck!

-Ryan

At 09:06 AM 10/8/2002, you wrote:
Hi:

   I'm new to Karlnet and to that list. I've searched the archives but
could not find a similar situation. Maybe someone could help me out...

I have two problems...

First problem:

I've set a few TurboCell ISP bridges and some RG1100 as CPE's.
They're working fine, but if put an access list (in 'TurboCell Acess list
setup') no one client is allowed in.

One table look like this:

00-60-1D-03-15-32,permit,max
00-02-2D-15-7C-FF,permit,max
00-02-2D-15-7D-35,permit,max
00-02-2D-4D-35-BE,permit,256

The first MAC is one sattelite (another bridge)
The second one is the main bridge (where that particular bridge is conected -
his upstream)
The third entry is another sattelite (another bridge)
The fourth entry is one RG1100 running turbocell.

Everything goes fine WITHOUT the table. Why the access list do not work in
my case ?  The MACs are correct...
With the TABLE in place, the only conection that works is to the upstream
(00-02-2D-15-7C-FF) .

Second problem:

NAT in the AP1000 (TurboCell ISP Bridge).

I have the following routes in a particular bridge:

200.244.69.100/224 Direct 2
200.244.69.193/224 Direct 3
10.0.0.1/224 Direct 1

Default Router: 200.244.69.97
Prefered: 200.244.69.100

Bridging is disabled

Outgoing NAT is enable, and look like this:

Public IP/MASK
200.244.69.100 / 255.255.255.255

Private IP/MASK
10.0.0.1/255.255.255.224

Any computer conected to the 10.0.0.0/27 subnet could reach
ONLY the ip's directly conected to the ISP TurboCell Bridge (and the 10.0.0.0
subnet, of course). They go nowhere further. The access in that particular
bridge is working fine (I'm using DHCP in interface 3 and the PC Card clients
and RG's access the Internet just fine).

In the NAT clients the gw is 10.0.0.1 and the ip's in the range 10.0.0.2 -
10.0.0.30 . The DNS server is also correctly set, but it doesn't really matter
because all the tests we are doing are using ip addresses, not hostnames.

What is wrong with my NAT setup ?

Thanks !
Helio.
-
CompuLand ISP Admin
GnuPG Public Key: http://www.compuland.com.br/helio/gpgpublic.txt
_______________________________________________
Karlnet mailing list
Karlnet@WISPNotes.com
http://lists.wispnotes.com/mailman/listinfo/karlnet


<Prev in Thread] Current Thread [Next in Thread>