The IAB of the IETF hates NAT, or anything that comes between it and it's fauklty vision of "pure end to end". Taken to the extreme this means computers themsleves are bad becauase they block end to tned connectivity with, say, your mouse , keyboard or camera. Sorry, I want them under my control. But IANA's hoarding of the IPV4 address space has created an articificial scarcity of IP addreses and poeple play silly games with NAT. When customers ask for it, a "pirate" feature becomes a standard: In article <gwId4.13495$[EMAIL PROTECTED]> you write: >Someone sent me all this great info so I thought I'd post it: > >From Randy: > >Depends on the Cisco router. Most present day Ciscos (1600 and above) can >do NAT. If yours can do NAT then you would make up your own IP's from the >private ranges (say 10.10.10.0) and assign one from this range to the >ethernet side interface. You need one legit IP for your NAT pool and need to >set it up to use Overloading (all machines have the same IP). Here is a >sample config. It has more IP's than you, but just modify to your size >block. >Below is a sample configuration for NAT. Assume the following information: > >Assigned IPs: >LAN: 206.165.49.0/29 >Serial: 204.246.205.128/30 > >Customer Internal IPs: >Ethernet: 10.0.0.0/24 > > >ip nat pool NATPOOL 206.165.49.5 206.165.49.6 netmask 255.255.255.248 >ip nat inside source list 1 pool NATPOOL overload >ip nat inside source static 10.0.0.2 206.165.49.2 >ip nat inside source static tcp 10.0.0.3 25 206.165.49.3 25 >! >interface Ethernet0 > description Internal LAN > ip address 10.0.0.1 255.255.255.0 > ip nat inside >! >interface Serial0 > description >ip address 204.246.205.130 255.255.255.252 > ip nat outside >! >access-list 1 permit 10.0.0.0 0.0.0.255 > > > >========================================================= >Command: > interface Serial0 > description To FGC > ip address 204.246.205.130 255.255.255.252 > ip nat outside > >Description: > Sets the external WAN IP address to 204.246.205.130 and defines the >interface as the outside (Internet) side of NAT. >========================================================= > >========================================================= >Command: > interface Ethernet0 > description Internal LAN > ip address 10.0.0.1 255.255.255.0 > ip nat inside > >Description: > Sets the internal LAN IP address to 10.0.0.1 and defines the >interface as the inside (internal) side of NAT. >========================================================= > >========================================================= >Command: > ip nat pool NATPOOL 206.165.49.5 206.165.49.6 netmask 255.255.255.248 > >Description: > Creates an address pool from 206.165.49.5 through 206.165.49.6 to be used >for outgoing translations (Workstations on the internal LAN). >========================================================= > > >========================================================= >Command: > ip nat inside source list 1 pool NATPOOL overload > >Description: > Uses access-list 1 to filter inside translations to the IPs in the NATPOOL >========================================================= > >========================================================= >Command: > ip nat inside source static 10.0.0.2 206.165.49.2 > >Description: > Maps the outside (Internet) address of 206.165.49.2 to the internal (LAN) >address of 10.0.0.2. This means that whenever a user on the Internet >requests anything from IP address 206.165.49.2, the internal 10.0.0.2 >machine will respond. >========================================================= > >========================================================= >Command: > ip nat inside source static tcp 10.0.0.3 25 206.165.49.3 25 > >Description: > Similar to the above command, except it only maps a single TCP port to the >internal machine. In this case, port 25 (SMTP). Any mail for Internet IP >address 206.165.49.3 (port 25) would be sent through to internal IP 10.0.0.3 >(port 25). No other traffic will be permitted. >========================================================= > > >========================================================= >Command: > access-list 1 permit 10.0.0.0 0.0.0.255 > >Description: > Permits any IP from the internal class C network 10.0.0.0. Customers >could use this to control access to the Internet based on IP address. >========================================================= >----- Original Message ----- >From: "Brad" <[EMAIL PROTECTED]> >Newsgroups: >comp.protocols.tcp-ip,comp.protocols.tcp-ip.domains,comp.protocols.tcp-ip.ib >mpc,cs.cisco >Sent: Monday, January 03, 2000 9:56 PM >Subject: Simple Question: Please help.. > > >> I want to setup a home network with about 3-4 computers. I going to >> either order a DSL line or cable modem and get a dedicated IP address. >I'm >> trying to avoid having to buy 3 or four more ip addresses. >> >> If I have a cisco router with a couple of interfaces. Can I just set up >> one interface with the real dedicated IP address and the other a made up >> address that I will use as my internal network? >> >> I'll just point the pc's gateways to the interface that has the >dedicated >> address and set up a default route on the router. Do the internal pc's >have >> to have a real "live" internet addresses locally for this to work (get >> e-mail, browse, etc.) or can I use my made up network and have as many >> computers on it as I want within TCP/IP standards. I know they have >> software for this (Linux IP masquerading, 98se, SpartaCom internet sharing >> etc.) But can a router provide the same function? >> >> What are my options? I don't have to have a proxy server or anything >like >> that do I? >> >> If you can help, >> >> Thanks a bunch! > > >Brad <[EMAIL PROTECTED]> wrote in message >news:8Ztd4.12487$[EMAIL PROTECTED]... >> > > -- Richard Sexton | [EMAIL PROTECTED] | http://dns.vrx.net/tech/rootzone http://killifish.vrx.net http://www.mbz.org http://lists.aquaria.net Bannockburn, Ontario, Canada, 70 & 72 280SE, 83 300SD +1 (613) 473-1719
