Ahah! Cisco 678. I know some other guys on the list have those puppies, so please jump in list members if you have some insight into this problem, and the solution.
Here's the deal. I can't, at this point, tell you exactly how to do it, but here is the cause of the problem, and what you need to do: Currently, traffic originating on the private side of your NAT setup on the 678 that is destined for the public side, is being transmitted over the public wire regardless of the destination IP address. What you need to do is setup a rule on the 678 that prevents it from forwarding packets to Qwest if the destination IP address 'IS' the public IP address of the 678's external (public) interface--in this case: 63.230.175.147 Here is what is happening currently in detail. A packet is sent from your client PC with destination IP address of 63.230.175.147, and source IP address of 10.0.0.4. The packet hits the private port on the 678 with IP address 10.0.0.1. The 678 then translates the packet via NAT to have a source address of 63.230.175.147, and fires it over the wire to Qwest. This is the cause of the problem. The 678 *should* be recognizing the destination IP address of the packet, and NOT forwarding it out on the public wire. It should instead respond to it internally, in the fashion of the 'loopback' that Lythium and I discussed here the other day. Do you have the documentation for the 678? The settings you need to change in order to fix this should be there. I assume you have a static redirect mapping setup already for the HLDS server from 63.230.175.147-->10.0.0.2 (assuming this is the IP of the HLDS server...you didn't say). So, you're half way there. The 678 right now (for some unknown reason) isn't correctly identifying the destination address in packets originating on the private side interface. It should be seeing the 63.230.175.147 in the packet header, and saying "Oh, that's me. I'll process that". Instead, it's saying "Oh, public IP in this packet. I'll send it to the next public router in my router table." This should be a simple fix. Set the 678 to compare the destination IP address to known local interface addresses BEFORE forwarding the packet to the next route. As I said, read your docs. If that doesn't light the way, call your ISP, and hit up the support guys. They should have a ton of experience with the 678, and be able to get you going in seconds. StanTheMan TheHardwareFreak www.hardwarefreak.devastation.cc [EMAIL PROTECTED] > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Saturday, October 06, 2001 8:23 PM > To: [EMAIL PROTECTED] > Subject: Re: Cable connections > > > > My provider (Qwest out of Portland, Oregon) gives me one ip address > (63.230.175.147). I'm not actually sure where this address is, it's > somewhere out there in Qwest Land. If I TR that ip address, > this is what I > get: > > Target Name: ptlddslgw8poold147.ptld.uswest.net > IP: 63.230.175.147 > Date/Time: 10/6/01 6:07:06 PM > > 1 [10.0.0.1] 2 ms > 2 ptlddslgw8poola254.ptld.uswest.net [63.229.142.254] 54 ms > 3 ptlddslgw8poold147.ptld.uswest.net [63.230.175.147] 105 ms > > > Hop 1 from my computer is my modem (my computer is 10.0.0.4). Hop 2 is > WhoKnowsWhere somewhere out there in QwestLand. Hop 3 is > somewhere else out > there in QwestLand, and that 3rd hop is my actual ip address. > Riddle me > this - WTF is 63.229.142.254, and why do I have to go through > that to get to > my own ip address? Anyhow, where ever the hell it is, it > takes 50ms just to > ping it. I'm loosing 50ms just getting to the first hop out > there. If I ping > some other site, it still goes to 63.229.142.254, which > takes an average of > 50ms, and from there out into the Internet. > > So if I want to access my server via my external ip address > (something I > only do for the hell of it - I'm well aware of how to access > the server via > it's internal ip address, which works great and gives me > pings of 10-20ms or > so.). Anyhow, if I want to access my own server via the > external ip address, > the packets apparently have to go through those 2 hops in > qwest land before > qwest sends it back. Ping when I connect this way is like > 115ms or so. Which > is exactly what I get when I ping my own external ip address. > Whatever is > out there in Qwest land takes 100ms to make the round trip. > > Why is this? Everyone I've talked to has told me this is > normal and it's > because that is how qwest has their network configured. > > This is my config - Internet via DSL into a Cisco 678. From > there it goes to > a Netgear 10/100 hub, and from there into 1) my computer, 2) my wife's > computer, and 3) a 10mbps hub sitting in the other room. From > the second hub > it goes to 1) My sons computer and 2) My HL server. > > I don't think I'm loosing anything going through the 2 hubs - > I can ping my > HL Server from my computer, which goes through 2 hubs, in 1ms > according to > ping plotter. I can ping my Cisco 678 in 2ms - I guess it > takes a ms or two > for it to return my ping, go figure <gg>. > > My network traffic goes where I want it to, it is faster than > greased snot - > no problems here. I've been setup this way for quite a while, > works great. > > I'd be very happy indeed if I could reduce that 50ms first > hop into qwest > land - but I have no clue how, I figured it was on Qwests > side and there was > nothing I could do about it. > > > ----- Original Message ----- > From: "Stan Hoeppner" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, October 06, 2001 5:32 PM > Subject: RE: Cable connections > > > > > > Did we discuss your setup on this list before? Or was that > someone else? > > > > There is no reason why your packet traffic to your server > from your client > > should need to traverse your provider's network, period. > > > > Please let me help you optimize your personal network. > > > > First, tell me what your exact network configuration is on > the inside of > the > > cable modem. I.e. do you have a router? 2 NICs in the > server or 1? Are > > you NATing? What OS is on the server? > > > > With a few minor easy changes, I'll have your client > connecting to the > > external IP of the HLDS server and you be in ping heaven again. > > > > StanTheMan > > TheHardwareFreak > > www.hardwarefreak.devastation.cc > > [EMAIL PROTECTED] > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > > Sent: Saturday, October 06, 2001 6:27 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: Cable connections > > > > > > > > > > > > I know, I know.... > > > > > > My server is in the next room, and if I ping it via it's > > > internal IP, it > > > pings at about 10 ms. The point I was trying to make is that > > > if I ping it > > > via it's external IP, the ping has to go through the DSL > > > modem, out into > > > Qwest Land, and then back again. *That* is the path that > > > addes 30-40 ms per > > > transit. That is why I can ping other severs and get better > > > responces then > > > pinging my own server - Qwest DSL adds significant latency, > > > and it takes > > > longer to hop through the delay to Qwest Land and back > > > through the delay > > > again, then it takes to go out over the Internet to other > > > servers whos ISP > > > *doesn't* introduce such latency. > > > > > > It sux - all of my players automatically pick up 30-40 ms of > > > lag because of > > > this. Not that it's that bad in most cases, but border line > > > modem players > > > just have a bit more lag then they otherwise might have. > > > > > > > > > ----- Original Message ----- > > > From: "Stan Hoeppner" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Saturday, October 06, 2001 3:56 PM > > > Subject: RE: Cable connections > > > > > > > > > > > > > > > In order to ping > > > > > my server, it goes out to qwest and back, and that adds like > > > > > 30-40ms out, > > > > > and 30-40 ms coming back. Good old qwest..... > > > > > > > > WTF? Are you connecting to your server via Ethernet? > Where is your > > > server > > > > physically located in proximity to you? Your ping should > > > never be above > > > 15 > > > > or 20 if you're connecting to your server via Ethernet. > > > > > > > > If your server is on the same side of your broadband modem > > > as your client, > > > > something is definitely wrong with your router/firewall > config... > > > > > > > > StanTheMan > > > > TheHardwareFreak > > > > www.hardwarefreak.devastation.cc > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > >
