How to use 192.168... addresses behind Router with a Static IP

Discussion in 'Network Routers' started by iceman, Nov 28, 2005.

  1. iceman

    iceman Guest

    Hi,

    I currently pay my ISP for a block of static IP addresses - I've assigned
    one to my router/adsl modem, and one each to three other PCs. So these PCs
    are currently accessible directly from the internet with external IP
    addresses.

    I'd like to just have one static IP address (it costs less) and still
    operate my other PCs as I do currently.

    I thought that the router would get the static IP address and then do
    something to enable traffic to my other PCs. One PC publishes a small
    website (currently accessible via its static IP address) and another PC I
    use for Azureus.

    I thought that with only one static, my other PCs would then have 192.168
    addresses (either using DHCP from the router which is also a DHCP server or
    manually configured). So if my webserver is on e.g. 192.168.1.99, how can I
    still access it from the internet? Also, can I still use apps like Azureus?

    Any help very much appreciated.

    iceman
     
    iceman, Nov 28, 2005
    #1
    1. Advertisements

  2. iceman

    Dom Guest

    Use NAT and port-forwarding. Everything will be peachy, as long as you
    don't have two servers requiring the same port, such as two
    publicly-accessible web servers on port 80.
     
    Dom, Nov 28, 2005
    #2
    1. Advertisements

  3. Hi

    An External ISP type of IP cannot be configured to be use on the LAN side of
    a regular Cable/DSL Router.

    By using application that can be configured to use the ports of your choice,
    you can use one External Static IP and direct the Traffic to the right
    computer that is on an Internal IP (192.168.x.x).

    This page was written for a specific application, but the principle might
    apply to any application that interact through the Internet and has flexible
    port configuration.

    http://www.ezlan.net/vnc#portselect

    Jack (MVP-Networking).
     
    Jack \(MVP-Networking\)., Nov 28, 2005
    #3
  4. iceman

    slebetman Guest

    Oh yes it can! This is what routers are supposed to do, in the old
    days, before NAT was invented. I guess today some consumer-level
    routers have disabled this basic functionality. But my cheapo Aztech
    DSL Router can do it. Routing != NAT. In fact, NAT has to be explicitly
    enabled on a lot of routers to prevent external ISP type IP from being
    used on the LAN.

    You want to check out a site that has ALL computers
    (servers/workstations/PCs) allocated an ISP type IP then check out my
    alma mater: University of Essex. Each and every PC in the lab and in
    offices runs on 'external' IP. I used to run ftp servers over the
    weekends from the engineering lab ;-)

    In fact the OP stated that that's how his current network is set up. So
    it can be done and apparently works for him. He now wants to use NAT to
    reduce his monthly bills.
    Good suggestion.
     
    slebetman, Nov 28, 2005
    #4
  5. iceman

    iceman Guest

    Thanks for your help so far guys.

    I would only have one web server on port 80, so no problem there.

    However, I may have more than one PC on my LAN wanting to send and receive
    email. Is this then going to cause a problem if both mail clients use the
    same ports?

    (Thinking about it, I've got quite a few apps that each PC would use - AVG
    Virus updating, MS Antispyware updating, Spybot etc. Would there be a
    problem there, or is it different because these apps initiate the
    connection?)

    iceman
     
    iceman, Nov 29, 2005
    #5
  6. iceman

    Dom Guest

    Any modern NAT will also translate conflicting port numbers on outgoing
    traffic. If two machines sent outbound traffic from port 1025, the NAT
    would translate one of them to port 1026 for Internet traversal. Client
    traffic will function quite nicely.
     
    Dom, Nov 29, 2005
    #6
  7. From: "iceman" <[email protected]>

    | Thanks for your help so far guys.
    |
    | I would only have one web server on port 80, so no problem there.
    |
    | However, I may have more than one PC on my LAN wanting to send and receive
    | email. Is this then going to cause a problem if both mail clients use the
    | same ports?
    |
    | (Thinking about it, I've got quite a few apps that each PC would use - AVG
    | Virus updating, MS Antispyware updating, Spybot etc. Would there be a
    | problem there, or is it different because these apps initiate the
    | connection?)
    |
    | iceman
    |

    No. It's about incoming redirection. Outgoing is another story. It's not ant different
    then ten PCs behind a NAT Router using TCPort 80 to Browse the web.

    You can have upto 253 computers behind a NAT Router. All can can access Internet services
    simultaneously and equally as well (not withstanding that the bandwidth is shared amongst
    all LAN nodes).
     
    David H. Lipman, Nov 29, 2005
    #7
  8. iceman

    iceman Guest

    Thanks again guys.

    So, just to clarify. Apps that initiate internet communication (through the
    router, using NAT) from the PC are not a problem at all.

    The only issue is with regard to server functionality on my PCs - so if more
    than one PC is providing the same server function (like a web server or ftp
    server) then the router might have a problem performing NAT on INCOMING
    internet transfers?

    So if for each server function, it only exists on ONE of my PCs, I shouldn't
    have any problem?

    Cheers
     
    iceman, Nov 29, 2005
    #8
  9. iceman

    Dom Guest

    Sounds 'bout right. The NAT will use port translation on outbound client
    connections, so no worries there. You will be reduced to one public IP,
    so you'll only have one of each port available for incoming server
    connections. You could have two web servers accessible from the
    Internet, but only one would be a able to utilize port 80. The other
    would have to be on a different port.
     
    Dom, Nov 29, 2005
    #9
  10. From: "iceman" <[email protected]>

    | Thanks again guys.
    |
    | So, just to clarify. Apps that initiate internet communication (through the
    | router, using NAT) from the PC are not a problem at all.
    |
    | The only issue is with regard to server functionality on my PCs - so if more
    | than one PC is providing the same server function (like a web server or ftp
    | server) then the router might have a problem performing NAT on INCOMING
    | internet transfers?
    |
    | So if for each server function, it only exists on ONE of my PCs, I shouldn't
    | have any problem?
    |
    | Cheers

    Either the server would be placed in the DMZ of the Router or the protocol(s) of the service
    would be port fowarded to the IP address of the server.

    The problem arises if you have two http Daemons on two different platforms. Which one does
    incoming port 80 go to ?

    However, if one uses platform has a https Daemon the TCP port 80 incoming goes to one IP and
    TCP port 443 incoming goes to another IP.
     
    David H. Lipman, Nov 29, 2005
    #10
  11. iceman

    Hansang Bae Guest

    That's correct. But (you knew there would be a BUT....) it's entirely
    possible that your ISP may set the TTL to 1. This means that you can't
    introduce a router using NAT. This ONLY applies if your ISP is setting
    the TTL to one. Easily verifiable by running Ethereal on one of the
    PCs. Actually, there are cable modem routers that *RESET* the TTL to
    get around this. But I can't remember the brand name at the moment.



    --

    hsb


    "Somehow I imagined this experience would be more rewarding" Calvin
    **************************ROT13 MY ADDRESS*************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
     
    Hansang Bae, Nov 30, 2005
    #11
  12. iceman

    iceman Guest

    Thanks very much for all your help guys - much appreciated. I didn't even
    know what solution to use at all to begin with, but I'll go off and read
    more about NAT / Port Forwarding now to get up to speed.

    Cheers once again

    iceman
     
    iceman, Nov 30, 2005
    #12
  13. iceman

    Rod Dorman Guest

    Why the limitation or are you assuming a typical SOHO router that only
    allocates out of a /24?
     
    Rod Dorman, Nov 30, 2005
    #13
  14. From: "Rod Dorman" <>

    |
    | Why the limitation or are you assuming a typical SOHO router that only
    | allocates out of a /24?
    |

    Yes. That's the assumption for SOHO devices.
    Enterprise/Corporate devices may not have that limitation.
     
    David H. Lipman, Nov 30, 2005
    #14
  15. iceman

    slebetman Guest

    NO, NAT will NOT do port translation on outbound traffic. If CAN do it
    on incoming traffic (often called NAPT). You are confused. Remember
    that a service is identified by ip_addess+port combination. So there is
    no need to do port translation on outbound traffic. TCP sockets are
    identified by session id (something invisible to everyone but the
    TCP/IP stack) so there is no confusion at the router or you PC.

    Lets illustrate what happens if what you say is true:

    1. CLIENT1 wants to connect to MY_SERVER using HTTP
    2. CLIENT1 initiates a TCP connection to MY_SERVER at port 80
    3. The packet goes to the router which forwards it to MY_SERVER port 80
    4. MY_SERVER sees a packet on port 80 and replies to HTTP request
    5. At the same time, CLIENT2 wants to also connect to MY_SERVER port 80
    6. Dom's router sees a port conflict and send it instead to MY_SERVER
    port 81
    7. MY_SERVER does not see a packet on port 81 since no software is
    running to listen on port 81 (actually its ethernet card recieves the
    packet on port81 but is ignored by the OS)
    8. CLIENT2 gets frustrated and says: "sh**! this router is stupid!!!"
     
    slebetman, Dec 1, 2005
    #15
  16. iceman

    Dom Guest

    "PAT translates multiple local addresses to a single global IP address.
    Specifically, the FWSM translates the local address and local port for
    multiple connections and/or hosts to a single global address and a
    unique port (above 1024). When a local host connects to the destination
    network on a given source port, the FWSM assigns the global IP address
    to it and a unique port number. Each host receives the same IP address,
    but because the source port numbers are unique, the responding traffic,
    which includes the IP address and port number as the destination, can be
    sent to the correct host."

    http://www.cisco.com/univercd/cc/td..._icn/fwsm/fwsm_2_2/fwsm_cfg/nat.htm#wp1146468
     
    Dom, Dec 1, 2005
    #16
  17. iceman

    Dom Guest

    Dom, Dec 1, 2005
    #17
  18. iceman

    Alun Jones Guest

    You are confused.

    There are two IP addresses, there are two ports.

    There is an IP address and a port at each end, and it is this four-tuple
    that uniquely identifies the socket.

    The NAPT will - MUST - be able to translate ports from internal to external,
    if it hosts two systems that each want to source their traffic at the same
    port number.

    Your example is flawed, because you assume that there is one port, not two,
    involved in a TCP connection.

    A better example would be:

    Client 1 connects from address 192.168.0.1, port 1025, to Server 1 at
    address 10.1.1.1, port 80.
    Client 2 connects from address 192.168.0.2, port 1025, to Server 1 at
    address 10.1.1.1, port 80.

    The external facing address of the NAPT device is, say, 192.168.100.1 - but
    you can't have two connections from 192.168.100.1:1025 to 10.1.1.1:80, so
    one client (the first to start its connection request) gets that socket, and
    the other gets (probably) 192.168.100.1:1026 to 10.1.1.1:80.

    Alun.
    ~~~~
    [Please don't email posters, if a Usenet response is appropriate.]
     
    Alun Jones, Dec 1, 2005
    #18
  19. iceman

    Dom Guest

    A table may offer a better example...

    OUTBOUND NAT
    translated
    src ip:port src ip:port dest ip:port
    192.168.0.2:1025 1.2.3.4:1025 2.3.4.5:80
    192.168.0.3:1025 1.2.3.4:1026 2.3.4.5:80
    192.168.0.4:1025 1.2.3.4:1027 3.4.5.6:110
    192.168.0.5:1025 1.2.3.4:1028 4.5.6.7:443
    192.168.0.6:1025 1.2.3.4:1029 5.6.7.8:143

    INBOUND NAT
    translated
    src ip:port dest ip:port dest ip:port
    2.3.4.5:1025 1.2.3.4:80 192.168.0.7:80
    3.4.5.6:1025 1.2.3.4:80 192.168.0.7:80
    4.5.6.7:1025 1.2.3.4:25 192.168.0.8:25
    5.6.7.8:1025 1.2.3.4:110 192.168.0.8:110
     
    Dom, Dec 1, 2005
    #19
  20. iceman

    Eric Guest

    You can get around that and have multiple web sites via virtual hosts but
    yeh, only 1 server. From the web surfer's viewpoint it looks the same as if
    you had multiple servers.
    Eric
     
    Eric, Dec 2, 2005
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.