First of all I want to use the LEAF as a firewall. The Cisco 678 is a standalone DSL modem and connects to the ISP via DSL. It allows NAT, port translation and some other basic networking options. I have only 1 IP, and will have to look into the bridging mode option to use that IP for both the Cisco external and the LEAF external address. I think that would be the best option.
But if not, you answered what i wanted to know in that I can use a non-routable address on the outside of the LEAF by turning off the filtering of that address range. What sort of problems would "double NAT" possibly cause? Thanks again KJ At 11:10 AM 6/14/02 -0700, Kale Lowman wrote: >Rather new here, so gently reproof any mistakes. >I am setting up Dachstein and cannot find how I should set up my Cisco DSL >modem. I assume turning off NAT on the modem but what inside/outside IP >should I use. We have a static IP assigned by our ISP, if I use that on the >outside of the DSL modem, what should I set for the outside of the firewall? >I don't need a DMZ. We can't answer your questions definitively, because the answers depend in part on what service your ISP is offering to you, and partly on why you even want a LEAF router in this setup (since it sounds from your descriptions like the Cisco can itself connect a LAN to the Internet, without needing another router in the setup). And since Cisco makes a lot of products, we don't even really know what device "my Cisco DSL modem" exactly is. Is your ISP providing you with a single "outside" IP address or multiple addresses (a 5-block DSL service, for example, is common in my area)? If you have more than one real IP address, how does your ISP say you should route them through the Cisco? If you do have only one real IP address, as your comments seem to suggest, then you use it as the Cisco's external address. What to do on the inside depends on details of the Cisco that you haven't told us. Guessing from the little you have said, I'd think you want to turn NAT -ON- on the Cisco and use some suitable private-address LAN (or static route) to connect it to the LEAF router. For example, make the Cisco 10.1.1.1 and the LEAF external port 10.1.1.2, on network 10.1.1.0/30. (Then remember to turn off private-address filtering on the LEAF router's external interface, or use a dropin firewall like EchoWall that handles that part for you.) Now, as to the LEAF router ... once again, it depends on what you want the LEAF router to do. Easiest is to run its external interface as described above, and its internal interface as some different private-address network (say 192.168.1.0/24) with its NAT turned on as well. This approach does a "double NAT" of any LEAF-LAN host connection to the Internet, which might cause some problems, but it's hard to say without more info about the Cisco and about what you want to do. Other options are to turn standard NAT off on the LEAF router, then use static-NAT, or proxy arp, or modification of the Cisco's routing table to connect the LEAF LAN to the Internet. Again, we'd need to know more about the Cisco to discuss the relative merits of these approaches. I suppose it is also possible that the Cisco can operate in some sort of bridging mode, one that would let you use the real IP address as the LEAF router's external interface address. Again, whether this is possible depends more on the Cisco than on the LEAF system. -- -----------------------------------------------"Never tell me the odds!"-------------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ---------------------------------------------------------------------------- --------------- _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
