Re: [WISPA] public subnet
Blocking ICMP is so 2003. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com -- From: "John Thomas" Sent: Monday, December 21, 2009 11:57 PM To: "WISPA General List" Subject: Re: [WISPA] public subnet > A great article talking about why NOT to block ICMP > > http://www.linuxplanet.com/linuxplanet/tutorials/6524/1/ > > From the article, > > In short, blocking ICMP is detrimental to the successful operation of > networks. It will break more than just ping; in fact, many protocols > will be neutered if ICMP isn't working. > > John > > > > > RickG wrote: >> Ya, and further proof it should work is that it works at my office on the >> same tower. I cant blame their cisco because I bypassed it with my >> laptop. >> No proxy server. Everything goes through the RB450G. So, the only >> differences are the WRAP on the tower and the CPE. I'll try the CPE next. >> Will advise. >> >> BTW: I agree with you on ICMP. I usually make them allow that, if they >> want >> my help :) >> >> Thanks! -RickG >> >> On Sun, Dec 20, 2009 at 12:06 AM, Jeromie Reeves >> wrote: >> >> >>> Unless there is a rouge NAT statement someplace, I do not see anything >>> specific that would be causing this (as described) >>> What about a proxy server ? Are all connections heading out the NAT IP >>> or only HTTP? >>> >>> >>> On Sat, Dec 19, 2009 at 4:40 AM, RickG wrote: >>> >>>> The thing is they had a bridge from the other tower and it was working. >>>> >>> The >>> >>>> only thing thats changed is the tower. RIP is on RB450G and WRAP's. >>>> Dont >>>> know about Cisco as it is the customers and I dont have control. They >>>> >>> also >>> >>>> have ICMP turned off amongst other things. Should I still see it? >>>> >>> I would request that ICMP be allowed to your internal network at >>> least. Personally, I control everything down to the ethernet >>> port. Past that, its their ball (but mostly I handle the LAN too) >>> >>> >>>> Yes, NAT is being done from RB450G using 10.0.0.0/8. >>>> Thanks! -RickG >>>> >>>> On Fri, Dec 18, 2009 at 9:08 PM, jree...@18-30chat.net < >>>> jree...@18-30chat.net> wrote: >>>> >>>> >>>>> Mmmm. bridging CPE, make sure its not proxy arping. >>>>> >>>>> Check your RIP, if its turned on, on both the wrap and Csico, should >>>>> be >>>>> seen. >>>>> >>>>> Where is the IP that is doing NAT located, on the RB450? The only way >>>>> I >>>>> >>> had >>> >>>>> that >>>>> work correctly was to drop all chain rules and tell NAT to source >>>>> 10.0.0.0/8 >>>>> when going out dst interface. I have 2 routers at the core one for BGP >>>>> & >>>>> etc >>>>> upstream, the other for NAT and in building hand-off (couple lans's >>>>> and >>>>> wireless, then the BH's to the rest of the network + the hotspot). >>>>> >>>>> >>>>> RickG wrote: >>>>> >>>>>> I agree but traceroutes run perfectly. Just to be clear, here is the >>>>>> >>>>> setup: >>>>> >>>>>> Inet->RB450G(Firewall)->WRAP/StarOS->CPE->Customer Device (Cisco). >>>>>> The subnet is 204.62.63.76/30. >>>>>> RB450G has the subnet defined in the filter rules as chain forward. >>>>>> The wireless interface on the WRAP has 204.62.63.77 assigned. >>>>>> The CPE is in bridge mode so its on a private IP. >>>>>> The Cisco has 204.62.63.78 assigned to ether1. >>>>>> All with a 255.255.255.252 subnet mask. >>>>>> I tested with my laptop in place of the router. >>>>>> One strange item I noticed. I'm running RIP and it does not see the >>>>>> >>> WRAP >>> >>>>>> with 204.62.63.77 assigned. >>>>>> Any other ideas? >>>>>> -RickG >>>>>> >>>>>> On Fri, Dec 18, 2009 at 5:13 PM, jree...@18-30chat.net < >>>>>> jree...@18-30chat.net> wrote: >>>>>&g
Re: [WISPA] public subnet
Thank you! I'll pass this on to the next security paranoid IT guy that thinks the Taliban is gonna take down his servers if he enables ICMP! -RickG On Tue, Dec 22, 2009 at 12:57 AM, John Thomas wrote: > A great article talking about why NOT to block ICMP > > http://www.linuxplanet.com/linuxplanet/tutorials/6524/1/ > > From the article, > > In short, blocking ICMP is detrimental to the successful operation of > networks. It will break more than just ping; in fact, many protocols > will be neutered if ICMP isn't working. > > John > > > > > RickG wrote: > > Ya, and further proof it should work is that it works at my office on the > > same tower. I cant blame their cisco because I bypassed it with my > laptop. > > No proxy server. Everything goes through the RB450G. So, the only > > differences are the WRAP on the tower and the CPE. I'll try the CPE next. > > Will advise. > > > > BTW: I agree with you on ICMP. I usually make them allow that, if they > want > > my help :) > > > > Thanks! -RickG > > > > On Sun, Dec 20, 2009 at 12:06 AM, Jeromie Reeves >wrote: > > > > > >> Unless there is a rouge NAT statement someplace, I do not see anything > >> specific that would be causing this (as described) > >> What about a proxy server ? Are all connections heading out the NAT IP > >> or only HTTP? > >> > >> > >> On Sat, Dec 19, 2009 at 4:40 AM, RickG wrote: > >> > >>> The thing is they had a bridge from the other tower and it was working. > >>> > >> The > >> > >>> only thing thats changed is the tower. RIP is on RB450G and WRAP's. > Dont > >>> know about Cisco as it is the customers and I dont have control. They > >>> > >> also > >> > >>> have ICMP turned off amongst other things. Should I still see it? > >>> > >> I would request that ICMP be allowed to your internal network at > >> least. Personally, I control everything down to the ethernet > >> port. Past that, its their ball (but mostly I handle the LAN too) > >> > >> > >>> Yes, NAT is being done from RB450G using 10.0.0.0/8. > >>> Thanks! -RickG > >>> > >>> On Fri, Dec 18, 2009 at 9:08 PM, jree...@18-30chat.net < > >>> jree...@18-30chat.net> wrote: > >>> > >>> > Mmmm. bridging CPE, make sure its not proxy arping. > > Check your RIP, if its turned on, on both the wrap and Csico, should > be > seen. > > Where is the IP that is doing NAT located, on the RB450? The only way > I > > >> had > >> > that > work correctly was to drop all chain rules and tell NAT to source > 10.0.0.0/8 > when going out dst interface. I have 2 routers at the core one for BGP > & > etc > upstream, the other for NAT and in building hand-off (couple lans's > and > wireless, then the BH's to the rest of the network + the hotspot). > > > RickG wrote: > > > I agree but traceroutes run perfectly. Just to be clear, here is the > > > setup: > > > Inet->RB450G(Firewall)->WRAP/StarOS->CPE->Customer Device (Cisco). > > The subnet is 204.62.63.76/30. > > RB450G has the subnet defined in the filter rules as chain forward. > > The wireless interface on the WRAP has 204.62.63.77 assigned. > > The CPE is in bridge mode so its on a private IP. > > The Cisco has 204.62.63.78 assigned to ether1. > > All with a 255.255.255.252 subnet mask. > > I tested with my laptop in place of the router. > > One strange item I noticed. I'm running RIP and it does not see the > > > >> WRAP > >> > > with 204.62.63.77 assigned. > > Any other ideas? > > -RickG > > > > On Fri, Dec 18, 2009 at 5:13 PM, jree...@18-30chat.net < > > jree...@18-30chat.net> wrote: > > > > > >> Routing or firewall setup issues. I pass a /24 and a /8 (NAT) across > >> > >> my > >> > >> entire > >> network. I use one place of NAT (well a few users still have in > house > >> > NAT) > > >> I > >> would do traceroutes from and to the end IPs and see where things > >> > >> start > >> > to > > >> look > >> wrong. > >> > >> RickG wrote: > >> > >>> OK, I've got a good one. I’m trying to pass public subnets to a > >>> > >> couple > >> > of > > >>> customers. They worked before I switched them to a new, closer > >>> > >> tower. > >> > >>> Bascially, it will not show the public IP when checking at > >>> whatismyip.combut rather my firewall ip. Obviuosly, I can get on > the > >>> net with the public > >>> ip's. What's weird is that it works at my office which is on the > >>> > >> same > >> > >> tower > >> > >>> although it is a different access point. However, the AP's are the > >>> > >> both > >> > >>> WRAP/StarOS units. My AP is running 5GHz and the customers is > >>> > >> running > >> > >>> 2.4GHz. One other difference is that the customer's CPE is aNS2L > and > >>> > mine > > >> is > >> > >>> a NS5. I did try a T
Re: [WISPA] public subnet
A great article talking about why NOT to block ICMP http://www.linuxplanet.com/linuxplanet/tutorials/6524/1/ From the article, In short, blocking ICMP is detrimental to the successful operation of networks. It will break more than just ping; in fact, many protocols will be neutered if ICMP isn't working. John RickG wrote: > Ya, and further proof it should work is that it works at my office on the > same tower. I cant blame their cisco because I bypassed it with my laptop. > No proxy server. Everything goes through the RB450G. So, the only > differences are the WRAP on the tower and the CPE. I'll try the CPE next. > Will advise. > > BTW: I agree with you on ICMP. I usually make them allow that, if they want > my help :) > > Thanks! -RickG > > On Sun, Dec 20, 2009 at 12:06 AM, Jeromie Reeves wrote: > > >> Unless there is a rouge NAT statement someplace, I do not see anything >> specific that would be causing this (as described) >> What about a proxy server ? Are all connections heading out the NAT IP >> or only HTTP? >> >> >> On Sat, Dec 19, 2009 at 4:40 AM, RickG wrote: >> >>> The thing is they had a bridge from the other tower and it was working. >>> >> The >> >>> only thing thats changed is the tower. RIP is on RB450G and WRAP's. Dont >>> know about Cisco as it is the customers and I dont have control. They >>> >> also >> >>> have ICMP turned off amongst other things. Should I still see it? >>> >> I would request that ICMP be allowed to your internal network at >> least. Personally, I control everything down to the ethernet >> port. Past that, its their ball (but mostly I handle the LAN too) >> >> >>> Yes, NAT is being done from RB450G using 10.0.0.0/8. >>> Thanks! -RickG >>> >>> On Fri, Dec 18, 2009 at 9:08 PM, jree...@18-30chat.net < >>> jree...@18-30chat.net> wrote: >>> >>> Mmmm. bridging CPE, make sure its not proxy arping. Check your RIP, if its turned on, on both the wrap and Csico, should be seen. Where is the IP that is doing NAT located, on the RB450? The only way I >> had >> that work correctly was to drop all chain rules and tell NAT to source 10.0.0.0/8 when going out dst interface. I have 2 routers at the core one for BGP & etc upstream, the other for NAT and in building hand-off (couple lans's and wireless, then the BH's to the rest of the network + the hotspot). RickG wrote: > I agree but traceroutes run perfectly. Just to be clear, here is the > setup: > Inet->RB450G(Firewall)->WRAP/StarOS->CPE->Customer Device (Cisco). > The subnet is 204.62.63.76/30. > RB450G has the subnet defined in the filter rules as chain forward. > The wireless interface on the WRAP has 204.62.63.77 assigned. > The CPE is in bridge mode so its on a private IP. > The Cisco has 204.62.63.78 assigned to ether1. > All with a 255.255.255.252 subnet mask. > I tested with my laptop in place of the router. > One strange item I noticed. I'm running RIP and it does not see the > >> WRAP >> > with 204.62.63.77 assigned. > Any other ideas? > -RickG > > On Fri, Dec 18, 2009 at 5:13 PM, jree...@18-30chat.net < > jree...@18-30chat.net> wrote: > > >> Routing or firewall setup issues. I pass a /24 and a /8 (NAT) across >> >> my >> >> entire >> network. I use one place of NAT (well a few users still have in house >> NAT) >> I >> would do traceroutes from and to the end IPs and see where things >> >> start >> to >> look >> wrong. >> >> RickG wrote: >> >>> OK, I've got a good one. I’m trying to pass public subnets to a >>> >> couple >> of >>> customers. They worked before I switched them to a new, closer >>> >> tower. >> >>> Bascially, it will not show the public IP when checking at >>> whatismyip.combut rather my firewall ip. Obviuosly, I can get on the >>> net with the public >>> ip's. What's weird is that it works at my office which is on the >>> >> same >> >> tower >> >>> although it is a different access point. However, the AP's are the >>> >> both >> >>> WRAP/StarOS units. My AP is running 5GHz and the customers is >>> >> running >> >>> 2.4GHz. One other difference is that the customer's CPE is aNS2L and >>> mine >> is >> >>> a NS5. I did try a Tranzeo CPQ as well. The only other difference is >>> that >>> the customer is now only one hop from the firewall versus two hops >
Re: [WISPA] public subnet
Just a short update. I switched the customer along with their public ip over to the same wrap my office is on and it works perfectly. This also involved switching their from the bullet2 to a ns5. Its difficult to blame the cpe so I'm thinking something strange with the other wrap setup. -rickg On Sun, Dec 20, 2009 at 5:55 PM, RickG wrote: > Yes, the WRAPs are in the 10.0.0.0/8. However, I dont have the WRAPs > defined in NAT. The "working" WRAP I'm off of at my office is using the > public IP. I'll have to FTP test the "non-working" WRAP at the customer site > to see. As I said, the net does work using the public IP from there > location. I loked at ARP in both the RB450G and the WRAPs and they look > good. The following is from the RB450G: > > ADr 204.62.63.76/3010.10.100.27 120 > ADr 204.62.63.80/3010.10.100.29 120 > > Also, here is the RIP table from the "working" WRAP: > > > NetworkNext Hop Metric FromTag Time > R(n) 0.0.0.0/0 10.10.100.1 2 10.10.100.1 0 02:46 > C(i) 10.10.100.0/24 0.0.0.0 1 self 0 > C(i) 10.10.114.0/24 0.0.0.0 1 self 0 > C(i) 10.10.115.0/24 0.0.0.0 1 self 0 > R(n) 10.10.115.21/3210.10.115.21 2 10.10.115.21 0 02:41 > R(n) 12.0.0.0/8 10.10.100.1 2 10.10.100.1 0 02:46 > R(n) 64.0.0.0/8 10.10.100.1 2 10.10.100.1 0 02:46 > R(n) 64.183.166.164/30 10.10.100.1 2 10.10.100.1 0 02:46 > R(n) 192.168.1.0/24 10.10.115.21 2 10.10.115.21 0 02:41 > R(n) 192.168.1.1/32 10.10.115.21 2 10.10.115.21 0 02:41 > R(n) 192.168.88.0/2410.10.115.22 2 10.10.115.22 0 02:41 > R(n) 204.62.63.0/24 10.10.100.1 16 10.10.100.1 0 01:46 > R(n) 204.62.63.0/28 10.10.100.1 2 10.10.100.1 0 02:46 > R(n) 204.62.63.76/3010.10.100.27 2 10.10.100.27 0 02:43 > C(i) 204.62.63.80/300.0.0.0 1 self 0 > > Here is the RIP table from the "non-working" WRAP: > > NetworkNext Hop Metric FromTag Time > R(n) 0.0.0.0/0 10.10.100.1 2 10.10.100.1 0 02:39 > C(i) 10.10.34.0/24 0.0.0.0 1 self 0 > R(n) 10.10.34.200/3210.10.34.200 2 10.10.34.200 0 02:38 > C(i) 10.10.35.0/24 0.0.0.0 1 self 0 > C(i) 10.10.36.0/24 0.0.0.0 1 self 0 > C(i) 10.10.37.0/24 0.0.0.0 1 self 0 > C(i) 10.10.38.0/24 0.0.0.0 1 self 0 > C(i) 10.10.39.0/24 0.0.0.0 1 self 0 > C(i) 10.10.100.0/24 0.0.0.0 1 self 0 > R(n) 12.0.0.0/8 10.10.100.1 2 10.10.100.1 0 02:38 > R(n) 64.0.0.0/8 10.10.100.1 2 10.10.100.1 0 02:38 > R(n) 64.183.166.164/30 10.10.100.1 2 10.10.100.1 0 02:39 > R(n) 192.168.1.0/24 10.10.34.200 2 10.10.34.200 0 02:38 > R(n) 192.168.1.1/32 10.10.34.200 2 10.10.34.200 0 02:38 > R(n) 192.168.88.0/2410.10.100.29 3 10.10.100.29 0 02:31 > R(n) 204.62.63.0/24 10.10.100.1 16 10.10.100.1 0 01:38 > R(n) 204.62.63.0/28 10.10.100.1 2 10.10.100.1 0 02:39 > C(i) 204.62.63.76/300.0.0.0 1 self 0 > R(n) 204.62.63.80/3010.10.100.29 2 10.10.100.29 0 02:53 > > Any help is greatly appreciated! -RickG > > > On Sun, Dec 20, 2009 at 9:13 AM, Jeromie Reeves wrote: > >> Mmmm, the Wrap, is its private IP in the 10.0.0.0/8 ? Can you look >> up in the RB's NAT table and see what the source IP is? >> FTP out to the world, is it using the NAT IP or the correct public IP >> ? I wonder if Proxy ARP isn't biting you. >> >> On Sat, Dec 19, 2009 at 10:19 PM, RickG wrote: >> > Ya, and further proof it should work is that it works at my office on >> the >> > same tower. I cant blame their cisco because I bypassed it with my >> laptop. >> > No proxy server. Everything goes through the RB450G. So, the only >> > differences are the WRAP on the tower and the CPE. I'll try the CPE >> next. >> > Will advise. >> > >> > BTW: I agree with you on ICMP. I usually make them allow that, if they >> want >> > my help :) >> > >> > Thanks! -RickG >> > >> > On Sun, Dec 20, 2009 at 12:06 AM, Jeromie Reeves > >wrote: >> > >> >> Unless there is a rouge NAT statement someplace, I do not see anything >> >> specific that would be causing this (as described) >> >> What about a proxy server ? Are all connections heading out the NAT IP >> >> or only HTTP? >> >> >> >> >> >> On Sat, Dec 19, 2009 at 4:40 AM, RickG wrote: >> >> > The thing is they had a bridge from the other tower and it was >> working. >> >
Re: [WISPA] public subnet
Yes, the WRAPs are in the 10.0.0.0/8. However, I dont have the WRAPs defined in NAT. The "working" WRAP I'm off of at my office is using the public IP. I'll have to FTP test the "non-working" WRAP at the customer site to see. As I said, the net does work using the public IP from there location. I loked at ARP in both the RB450G and the WRAPs and they look good. The following is from the RB450G: ADr 204.62.63.76/3010.10.100.27 120 ADr 204.62.63.80/3010.10.100.29 120 Also, here is the RIP table from the "working" WRAP: NetworkNext Hop Metric FromTag Time R(n) 0.0.0.0/0 10.10.100.1 2 10.10.100.1 0 02:46 C(i) 10.10.100.0/24 0.0.0.0 1 self 0 C(i) 10.10.114.0/24 0.0.0.0 1 self 0 C(i) 10.10.115.0/24 0.0.0.0 1 self 0 R(n) 10.10.115.21/3210.10.115.21 2 10.10.115.21 0 02:41 R(n) 12.0.0.0/8 10.10.100.1 2 10.10.100.1 0 02:46 R(n) 64.0.0.0/8 10.10.100.1 2 10.10.100.1 0 02:46 R(n) 64.183.166.164/30 10.10.100.1 2 10.10.100.1 0 02:46 R(n) 192.168.1.0/24 10.10.115.21 2 10.10.115.21 0 02:41 R(n) 192.168.1.1/32 10.10.115.21 2 10.10.115.21 0 02:41 R(n) 192.168.88.0/2410.10.115.22 2 10.10.115.22 0 02:41 R(n) 204.62.63.0/24 10.10.100.1 16 10.10.100.1 0 01:46 R(n) 204.62.63.0/28 10.10.100.1 2 10.10.100.1 0 02:46 R(n) 204.62.63.76/3010.10.100.27 2 10.10.100.27 0 02:43 C(i) 204.62.63.80/300.0.0.0 1 self 0 Here is the RIP table from the "non-working" WRAP: NetworkNext Hop Metric FromTag Time R(n) 0.0.0.0/0 10.10.100.1 2 10.10.100.1 0 02:39 C(i) 10.10.34.0/24 0.0.0.0 1 self 0 R(n) 10.10.34.200/3210.10.34.200 2 10.10.34.200 0 02:38 C(i) 10.10.35.0/24 0.0.0.0 1 self 0 C(i) 10.10.36.0/24 0.0.0.0 1 self 0 C(i) 10.10.37.0/24 0.0.0.0 1 self 0 C(i) 10.10.38.0/24 0.0.0.0 1 self 0 C(i) 10.10.39.0/24 0.0.0.0 1 self 0 C(i) 10.10.100.0/24 0.0.0.0 1 self 0 R(n) 12.0.0.0/8 10.10.100.1 2 10.10.100.1 0 02:38 R(n) 64.0.0.0/8 10.10.100.1 2 10.10.100.1 0 02:38 R(n) 64.183.166.164/30 10.10.100.1 2 10.10.100.1 0 02:39 R(n) 192.168.1.0/24 10.10.34.200 2 10.10.34.200 0 02:38 R(n) 192.168.1.1/32 10.10.34.200 2 10.10.34.200 0 02:38 R(n) 192.168.88.0/2410.10.100.29 3 10.10.100.29 0 02:31 R(n) 204.62.63.0/24 10.10.100.1 16 10.10.100.1 0 01:38 R(n) 204.62.63.0/28 10.10.100.1 2 10.10.100.1 0 02:39 C(i) 204.62.63.76/300.0.0.0 1 self 0 R(n) 204.62.63.80/3010.10.100.29 2 10.10.100.29 0 02:53 Any help is greatly appreciated! -RickG On Sun, Dec 20, 2009 at 9:13 AM, Jeromie Reeves wrote: > Mmmm, the Wrap, is its private IP in the 10.0.0.0/8 ? Can you look > up in the RB's NAT table and see what the source IP is? > FTP out to the world, is it using the NAT IP or the correct public IP > ? I wonder if Proxy ARP isn't biting you. > > On Sat, Dec 19, 2009 at 10:19 PM, RickG wrote: > > Ya, and further proof it should work is that it works at my office on the > > same tower. I cant blame their cisco because I bypassed it with my > laptop. > > No proxy server. Everything goes through the RB450G. So, the only > > differences are the WRAP on the tower and the CPE. I'll try the CPE next. > > Will advise. > > > > BTW: I agree with you on ICMP. I usually make them allow that, if they > want > > my help :) > > > > Thanks! -RickG > > > > On Sun, Dec 20, 2009 at 12:06 AM, Jeromie Reeves >wrote: > > > >> Unless there is a rouge NAT statement someplace, I do not see anything > >> specific that would be causing this (as described) > >> What about a proxy server ? Are all connections heading out the NAT IP > >> or only HTTP? > >> > >> > >> On Sat, Dec 19, 2009 at 4:40 AM, RickG wrote: > >> > The thing is they had a bridge from the other tower and it was > working. > >> The > >> > only thing thats changed is the tower. RIP is on RB450G and WRAP's. > Dont > >> > know about Cisco as it is the customers and I dont have control. They > >> also > >> > have ICMP turned off amongst other things. Should I still see it? > >> > >> I would request that ICMP be allowed to your internal network at > >> least. Personally, I control everything down to the ethernet > >> port. Past that, its their ball (but mostly I handle the LAN too) > >> > >> > > >> > Yes, NAT i
Re: [WISPA] public subnet
Mmmm, the Wrap, is its private IP in the 10.0.0.0/8 ? Can you look up in the RB's NAT table and see what the source IP is? FTP out to the world, is it using the NAT IP or the correct public IP ? I wonder if Proxy ARP isn't biting you. On Sat, Dec 19, 2009 at 10:19 PM, RickG wrote: > Ya, and further proof it should work is that it works at my office on the > same tower. I cant blame their cisco because I bypassed it with my laptop. > No proxy server. Everything goes through the RB450G. So, the only > differences are the WRAP on the tower and the CPE. I'll try the CPE next. > Will advise. > > BTW: I agree with you on ICMP. I usually make them allow that, if they want > my help :) > > Thanks! -RickG > > On Sun, Dec 20, 2009 at 12:06 AM, Jeromie Reeves wrote: > >> Unless there is a rouge NAT statement someplace, I do not see anything >> specific that would be causing this (as described) >> What about a proxy server ? Are all connections heading out the NAT IP >> or only HTTP? >> >> >> On Sat, Dec 19, 2009 at 4:40 AM, RickG wrote: >> > The thing is they had a bridge from the other tower and it was working. >> The >> > only thing thats changed is the tower. RIP is on RB450G and WRAP's. Dont >> > know about Cisco as it is the customers and I dont have control. They >> also >> > have ICMP turned off amongst other things. Should I still see it? >> >> I would request that ICMP be allowed to your internal network at >> least. Personally, I control everything down to the ethernet >> port. Past that, its their ball (but mostly I handle the LAN too) >> >> > >> > Yes, NAT is being done from RB450G using 10.0.0.0/8. >> > Thanks! -RickG >> > >> > On Fri, Dec 18, 2009 at 9:08 PM, jree...@18-30chat.net < >> > jree...@18-30chat.net> wrote: >> > >> >> Mmmm. bridging CPE, make sure its not proxy arping. >> >> >> >> Check your RIP, if its turned on, on both the wrap and Csico, should be >> >> seen. >> >> >> >> Where is the IP that is doing NAT located, on the RB450? The only way I >> had >> >> that >> >> work correctly was to drop all chain rules and tell NAT to source >> >> 10.0.0.0/8 >> >> when going out dst interface. I have 2 routers at the core one for BGP & >> >> etc >> >> upstream, the other for NAT and in building hand-off (couple lans's and >> >> wireless, then the BH's to the rest of the network + the hotspot). >> >> >> >> >> >> RickG wrote: >> >> > I agree but traceroutes run perfectly. Just to be clear, here is the >> >> setup: >> >> > Inet->RB450G(Firewall)->WRAP/StarOS->CPE->Customer Device (Cisco). >> >> > The subnet is 204.62.63.76/30. >> >> > RB450G has the subnet defined in the filter rules as chain forward. >> >> > The wireless interface on the WRAP has 204.62.63.77 assigned. >> >> > The CPE is in bridge mode so its on a private IP. >> >> > The Cisco has 204.62.63.78 assigned to ether1. >> >> > All with a 255.255.255.252 subnet mask. >> >> > I tested with my laptop in place of the router. >> >> > One strange item I noticed. I'm running RIP and it does not see the >> WRAP >> >> > with 204.62.63.77 assigned. >> >> > Any other ideas? >> >> > -RickG >> >> > >> >> > On Fri, Dec 18, 2009 at 5:13 PM, jree...@18-30chat.net < >> >> > jree...@18-30chat.net> wrote: >> >> > >> >> >> Routing or firewall setup issues. I pass a /24 and a /8 (NAT) across >> my >> >> >> entire >> >> >> network. I use one place of NAT (well a few users still have in house >> >> NAT) >> >> >> I >> >> >> would do traceroutes from and to the end IPs and see where things >> start >> >> to >> >> >> look >> >> >> wrong. >> >> >> >> >> >> RickG wrote: >> >> >>> OK, I've got a good one. I’m trying to pass public subnets to a >> couple >> >> of >> >> >>> customers. They worked before I switched them to a new, closer >> tower. >> >> >>> Bascially, it will not show the public IP when checking at >> >> >>> whatismyip.combut rather my firewall ip. Obviuosly, I can get on the >> >> >>> net with the public >> >> >>> ip's. What's weird is that it works at my office which is on the >> same >> >> >> tower >> >> >>> although it is a different access point. However, the AP's are the >> both >> >> >>> WRAP/StarOS units. My AP is running 5GHz and the customers is >> running >> >> >>> 2.4GHz. One other difference is that the customer's CPE is aNS2L and >> >> mine >> >> >> is >> >> >>> a NS5. I did try a Tranzeo CPQ as well. The only other difference is >> >> that >> >> >>> the customer is now only one hop from the firewall versus two hops >> >> >> before. >> >> >>> Any thoughts? >> >> >>> >> >> >>> -RickG >> >> >>> >> >> >>> >> >> >>> >> >> >> >> >> >> >> >> >>> WISPA Wants You! Join today! >> >> >>> http://signup.wispa.org/ >> >> >>> >> >> >> >> >> >> >> >> >>> WISPA Wireless List: wireless@wispa.org >> >> >>> >> >> >>> Subscribe/Unsubscribe: >> >> >>> http://lists.wispa.org/mailman/listinfo/wireless >
Re: [WISPA] public subnet
Ya, and further proof it should work is that it works at my office on the same tower. I cant blame their cisco because I bypassed it with my laptop. No proxy server. Everything goes through the RB450G. So, the only differences are the WRAP on the tower and the CPE. I'll try the CPE next. Will advise. BTW: I agree with you on ICMP. I usually make them allow that, if they want my help :) Thanks! -RickG On Sun, Dec 20, 2009 at 12:06 AM, Jeromie Reeves wrote: > Unless there is a rouge NAT statement someplace, I do not see anything > specific that would be causing this (as described) > What about a proxy server ? Are all connections heading out the NAT IP > or only HTTP? > > > On Sat, Dec 19, 2009 at 4:40 AM, RickG wrote: > > The thing is they had a bridge from the other tower and it was working. > The > > only thing thats changed is the tower. RIP is on RB450G and WRAP's. Dont > > know about Cisco as it is the customers and I dont have control. They > also > > have ICMP turned off amongst other things. Should I still see it? > > I would request that ICMP be allowed to your internal network at > least. Personally, I control everything down to the ethernet > port. Past that, its their ball (but mostly I handle the LAN too) > > > > > Yes, NAT is being done from RB450G using 10.0.0.0/8. > > Thanks! -RickG > > > > On Fri, Dec 18, 2009 at 9:08 PM, jree...@18-30chat.net < > > jree...@18-30chat.net> wrote: > > > >> Mmmm. bridging CPE, make sure its not proxy arping. > >> > >> Check your RIP, if its turned on, on both the wrap and Csico, should be > >> seen. > >> > >> Where is the IP that is doing NAT located, on the RB450? The only way I > had > >> that > >> work correctly was to drop all chain rules and tell NAT to source > >> 10.0.0.0/8 > >> when going out dst interface. I have 2 routers at the core one for BGP & > >> etc > >> upstream, the other for NAT and in building hand-off (couple lans's and > >> wireless, then the BH's to the rest of the network + the hotspot). > >> > >> > >> RickG wrote: > >> > I agree but traceroutes run perfectly. Just to be clear, here is the > >> setup: > >> > Inet->RB450G(Firewall)->WRAP/StarOS->CPE->Customer Device (Cisco). > >> > The subnet is 204.62.63.76/30. > >> > RB450G has the subnet defined in the filter rules as chain forward. > >> > The wireless interface on the WRAP has 204.62.63.77 assigned. > >> > The CPE is in bridge mode so its on a private IP. > >> > The Cisco has 204.62.63.78 assigned to ether1. > >> > All with a 255.255.255.252 subnet mask. > >> > I tested with my laptop in place of the router. > >> > One strange item I noticed. I'm running RIP and it does not see the > WRAP > >> > with 204.62.63.77 assigned. > >> > Any other ideas? > >> > -RickG > >> > > >> > On Fri, Dec 18, 2009 at 5:13 PM, jree...@18-30chat.net < > >> > jree...@18-30chat.net> wrote: > >> > > >> >> Routing or firewall setup issues. I pass a /24 and a /8 (NAT) across > my > >> >> entire > >> >> network. I use one place of NAT (well a few users still have in house > >> NAT) > >> >> I > >> >> would do traceroutes from and to the end IPs and see where things > start > >> to > >> >> look > >> >> wrong. > >> >> > >> >> RickG wrote: > >> >>> OK, I've got a good one. I’m trying to pass public subnets to a > couple > >> of > >> >>> customers. They worked before I switched them to a new, closer > tower. > >> >>> Bascially, it will not show the public IP when checking at > >> >>> whatismyip.combut rather my firewall ip. Obviuosly, I can get on the > >> >>> net with the public > >> >>> ip's. What's weird is that it works at my office which is on the > same > >> >> tower > >> >>> although it is a different access point. However, the AP's are the > both > >> >>> WRAP/StarOS units. My AP is running 5GHz and the customers is > running > >> >>> 2.4GHz. One other difference is that the customer's CPE is aNS2L and > >> mine > >> >> is > >> >>> a NS5. I did try a Tranzeo CPQ as well. The only other difference is > >> that > >> >>> the customer is now only one hop from the firewall versus two hops > >> >> before. > >> >>> Any thoughts? > >> >>> > >> >>> -RickG > >> >>> > >> >>> > >> >>> > >> >> > >> > > >> >>> WISPA Wants You! Join today! > >> >>> http://signup.wispa.org/ > >> >>> > >> >> > >> > > >> >>> WISPA Wireless List: wireless@wispa.org > >> >>> > >> >>> Subscribe/Unsubscribe: > >> >>> http://lists.wispa.org/mailman/listinfo/wireless > >> >>> > >> >>> Archives: http://lists.wispa.org/pipermail/wireless/ > >> >> > >> >> > >> >> > >> > > >> >> WISPA Wants You! Join today! > >> >> http://signup.wispa.org/ > >> >> > >> >> > >> > > >> >> > >> >> WISPA Wireless List: wireless@wispa.org > >> >> > >
Re: [WISPA] public subnet
Unless there is a rouge NAT statement someplace, I do not see anything specific that would be causing this (as described) What about a proxy server ? Are all connections heading out the NAT IP or only HTTP? On Sat, Dec 19, 2009 at 4:40 AM, RickG wrote: > The thing is they had a bridge from the other tower and it was working. The > only thing thats changed is the tower. RIP is on RB450G and WRAP's. Dont > know about Cisco as it is the customers and I dont have control. They also > have ICMP turned off amongst other things. Should I still see it? I would request that ICMP be allowed to your internal network at least. Personally, I control everything down to the ethernet port. Past that, its their ball (but mostly I handle the LAN too) > > Yes, NAT is being done from RB450G using 10.0.0.0/8. > Thanks! -RickG > > On Fri, Dec 18, 2009 at 9:08 PM, jree...@18-30chat.net < > jree...@18-30chat.net> wrote: > >> Mmmm. bridging CPE, make sure its not proxy arping. >> >> Check your RIP, if its turned on, on both the wrap and Csico, should be >> seen. >> >> Where is the IP that is doing NAT located, on the RB450? The only way I had >> that >> work correctly was to drop all chain rules and tell NAT to source >> 10.0.0.0/8 >> when going out dst interface. I have 2 routers at the core one for BGP & >> etc >> upstream, the other for NAT and in building hand-off (couple lans's and >> wireless, then the BH's to the rest of the network + the hotspot). >> >> >> RickG wrote: >> > I agree but traceroutes run perfectly. Just to be clear, here is the >> setup: >> > Inet->RB450G(Firewall)->WRAP/StarOS->CPE->Customer Device (Cisco). >> > The subnet is 204.62.63.76/30. >> > RB450G has the subnet defined in the filter rules as chain forward. >> > The wireless interface on the WRAP has 204.62.63.77 assigned. >> > The CPE is in bridge mode so its on a private IP. >> > The Cisco has 204.62.63.78 assigned to ether1. >> > All with a 255.255.255.252 subnet mask. >> > I tested with my laptop in place of the router. >> > One strange item I noticed. I'm running RIP and it does not see the WRAP >> > with 204.62.63.77 assigned. >> > Any other ideas? >> > -RickG >> > >> > On Fri, Dec 18, 2009 at 5:13 PM, jree...@18-30chat.net < >> > jree...@18-30chat.net> wrote: >> > >> >> Routing or firewall setup issues. I pass a /24 and a /8 (NAT) across my >> >> entire >> >> network. I use one place of NAT (well a few users still have in house >> NAT) >> >> I >> >> would do traceroutes from and to the end IPs and see where things start >> to >> >> look >> >> wrong. >> >> >> >> RickG wrote: >> >>> OK, I've got a good one. I’m trying to pass public subnets to a couple >> of >> >>> customers. They worked before I switched them to a new, closer tower. >> >>> Bascially, it will not show the public IP when checking at >> >>> whatismyip.combut rather my firewall ip. Obviuosly, I can get on the >> >>> net with the public >> >>> ip's. What's weird is that it works at my office which is on the same >> >> tower >> >>> although it is a different access point. However, the AP's are the both >> >>> WRAP/StarOS units. My AP is running 5GHz and the customers is running >> >>> 2.4GHz. One other difference is that the customer's CPE is aNS2L and >> mine >> >> is >> >>> a NS5. I did try a Tranzeo CPQ as well. The only other difference is >> that >> >>> the customer is now only one hop from the firewall versus two hops >> >> before. >> >>> Any thoughts? >> >>> >> >>> -RickG >> >>> >> >>> >> >>> >> >> >> >> >>> WISPA Wants You! Join today! >> >>> http://signup.wispa.org/ >> >>> >> >> >> >> >>> WISPA Wireless List: wireless@wispa.org >> >>> >> >>> Subscribe/Unsubscribe: >> >>> http://lists.wispa.org/mailman/listinfo/wireless >> >>> >> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> >> >> >> >> >> >> WISPA Wants You! Join today! >> >> http://signup.wispa.org/ >> >> >> >> >> >> >> >> >> WISPA Wireless List: wireless@wispa.org >> >> >> >> Subscribe/Unsubscribe: >> >> http://lists.wispa.org/mailman/listinfo/wireless >> >> >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> > >> > >> > >> >> > WISPA Wants You! Join today! >> > http://signup.wispa.org/ >> > >> >> > >> > WISPA Wireless List: wireless@wispa.org >> > >> > Subscribe/Unsubscribe: >> > http://lists.wispa.org/mailman/listinfo/wireless >> > >> > Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> >> >> WISPA Wants You! Join
Re: [WISPA] public subnet
The thing is they had a bridge from the other tower and it was working. The only thing thats changed is the tower. RIP is on RB450G and WRAP's. Dont know about Cisco as it is the customers and I dont have control. They also have ICMP turned off amongst other things. Should I still see it? Yes, NAT is being done from RB450G using 10.0.0.0/8. Thanks! -RickG On Fri, Dec 18, 2009 at 9:08 PM, jree...@18-30chat.net < jree...@18-30chat.net> wrote: > Mmmm. bridging CPE, make sure its not proxy arping. > > Check your RIP, if its turned on, on both the wrap and Csico, should be > seen. > > Where is the IP that is doing NAT located, on the RB450? The only way I had > that > work correctly was to drop all chain rules and tell NAT to source > 10.0.0.0/8 > when going out dst interface. I have 2 routers at the core one for BGP & > etc > upstream, the other for NAT and in building hand-off (couple lans's and > wireless, then the BH's to the rest of the network + the hotspot). > > > RickG wrote: > > I agree but traceroutes run perfectly. Just to be clear, here is the > setup: > > Inet->RB450G(Firewall)->WRAP/StarOS->CPE->Customer Device (Cisco). > > The subnet is 204.62.63.76/30. > > RB450G has the subnet defined in the filter rules as chain forward. > > The wireless interface on the WRAP has 204.62.63.77 assigned. > > The CPE is in bridge mode so its on a private IP. > > The Cisco has 204.62.63.78 assigned to ether1. > > All with a 255.255.255.252 subnet mask. > > I tested with my laptop in place of the router. > > One strange item I noticed. I'm running RIP and it does not see the WRAP > > with 204.62.63.77 assigned. > > Any other ideas? > > -RickG > > > > On Fri, Dec 18, 2009 at 5:13 PM, jree...@18-30chat.net < > > jree...@18-30chat.net> wrote: > > > >> Routing or firewall setup issues. I pass a /24 and a /8 (NAT) across my > >> entire > >> network. I use one place of NAT (well a few users still have in house > NAT) > >> I > >> would do traceroutes from and to the end IPs and see where things start > to > >> look > >> wrong. > >> > >> RickG wrote: > >>> OK, I've got a good one. I’m trying to pass public subnets to a couple > of > >>> customers. They worked before I switched them to a new, closer tower. > >>> Bascially, it will not show the public IP when checking at > >>> whatismyip.combut rather my firewall ip. Obviuosly, I can get on the > >>> net with the public > >>> ip's. What's weird is that it works at my office which is on the same > >> tower > >>> although it is a different access point. However, the AP's are the both > >>> WRAP/StarOS units. My AP is running 5GHz and the customers is running > >>> 2.4GHz. One other difference is that the customer's CPE is aNS2L and > mine > >> is > >>> a NS5. I did try a Tranzeo CPQ as well. The only other difference is > that > >>> the customer is now only one hop from the firewall versus two hops > >> before. > >>> Any thoughts? > >>> > >>> -RickG > >>> > >>> > >>> > >> > > >>> WISPA Wants You! Join today! > >>> http://signup.wispa.org/ > >>> > >> > > >>> WISPA Wireless List: wireless@wispa.org > >>> > >>> Subscribe/Unsubscribe: > >>> http://lists.wispa.org/mailman/listinfo/wireless > >>> > >>> Archives: http://lists.wispa.org/pipermail/wireless/ > >> > >> > >> > > >> WISPA Wants You! Join today! > >> http://signup.wispa.org/ > >> > >> > > >> > >> WISPA Wireless List: wireless@wispa.org > >> > >> Subscribe/Unsubscribe: > >> http://lists.wispa.org/mailman/listinfo/wireless > >> > >> Archives: http://lists.wispa.org/pipermail/wireless/ > >> > > > > > > > > > WISPA Wants You! Join today! > > http://signup.wispa.org/ > > > > > > > WISPA Wireless List: wireless@wispa.org > > > > Subscribe/Unsubscribe: > > http://lists.wispa.org/mailman/listinfo/wireless > > > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: htt
Re: [WISPA] public subnet
Mmmm. bridging CPE, make sure its not proxy arping. Check your RIP, if its turned on, on both the wrap and Csico, should be seen. Where is the IP that is doing NAT located, on the RB450? The only way I had that work correctly was to drop all chain rules and tell NAT to source 10.0.0.0/8 when going out dst interface. I have 2 routers at the core one for BGP & etc upstream, the other for NAT and in building hand-off (couple lans's and wireless, then the BH's to the rest of the network + the hotspot). RickG wrote: > I agree but traceroutes run perfectly. Just to be clear, here is the setup: > Inet->RB450G(Firewall)->WRAP/StarOS->CPE->Customer Device (Cisco). > The subnet is 204.62.63.76/30. > RB450G has the subnet defined in the filter rules as chain forward. > The wireless interface on the WRAP has 204.62.63.77 assigned. > The CPE is in bridge mode so its on a private IP. > The Cisco has 204.62.63.78 assigned to ether1. > All with a 255.255.255.252 subnet mask. > I tested with my laptop in place of the router. > One strange item I noticed. I'm running RIP and it does not see the WRAP > with 204.62.63.77 assigned. > Any other ideas? > -RickG > > On Fri, Dec 18, 2009 at 5:13 PM, jree...@18-30chat.net < > jree...@18-30chat.net> wrote: > >> Routing or firewall setup issues. I pass a /24 and a /8 (NAT) across my >> entire >> network. I use one place of NAT (well a few users still have in house NAT) >> I >> would do traceroutes from and to the end IPs and see where things start to >> look >> wrong. >> >> RickG wrote: >>> OK, I've got a good one. I’m trying to pass public subnets to a couple of >>> customers. They worked before I switched them to a new, closer tower. >>> Bascially, it will not show the public IP when checking at >>> whatismyip.combut rather my firewall ip. Obviuosly, I can get on the >>> net with the public >>> ip's. What's weird is that it works at my office which is on the same >> tower >>> although it is a different access point. However, the AP's are the both >>> WRAP/StarOS units. My AP is running 5GHz and the customers is running >>> 2.4GHz. One other difference is that the customer's CPE is aNS2L and mine >> is >>> a NS5. I did try a Tranzeo CPQ as well. The only other difference is that >>> the customer is now only one hop from the firewall versus two hops >> before. >>> Any thoughts? >>> >>> -RickG >>> >>> >>> >> >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> >> >>> WISPA Wireless List: wireless@wispa.org >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] public subnet
I agree but traceroutes run perfectly. Just to be clear, here is the setup: Inet->RB450G(Firewall)->WRAP/StarOS->CPE->Customer Device (Cisco). The subnet is 204.62.63.76/30. RB450G has the subnet defined in the filter rules as chain forward. The wireless interface on the WRAP has 204.62.63.77 assigned. The CPE is in bridge mode so its on a private IP. The Cisco has 204.62.63.78 assigned to ether1. All with a 255.255.255.252 subnet mask. I tested with my laptop in place of the router. One strange item I noticed. I'm running RIP and it does not see the WRAP with 204.62.63.77 assigned. Any other ideas? -RickG On Fri, Dec 18, 2009 at 5:13 PM, jree...@18-30chat.net < jree...@18-30chat.net> wrote: > Routing or firewall setup issues. I pass a /24 and a /8 (NAT) across my > entire > network. I use one place of NAT (well a few users still have in house NAT) > I > would do traceroutes from and to the end IPs and see where things start to > look > wrong. > > RickG wrote: > > OK, I've got a good one. I’m trying to pass public subnets to a couple of > > customers. They worked before I switched them to a new, closer tower. > > Bascially, it will not show the public IP when checking at > > whatismyip.combut rather my firewall ip. Obviuosly, I can get on the > > net with the public > > ip's. What's weird is that it works at my office which is on the same > tower > > although it is a different access point. However, the AP's are the both > > WRAP/StarOS units. My AP is running 5GHz and the customers is running > > 2.4GHz. One other difference is that the customer's CPE is aNS2L and mine > is > > a NS5. I did try a Tranzeo CPQ as well. The only other difference is that > > the customer is now only one hop from the firewall versus two hops > before. > > Any thoughts? > > > > -RickG > > > > > > > > > WISPA Wants You! Join today! > > http://signup.wispa.org/ > > > > > > > WISPA Wireless List: wireless@wispa.org > > > > Subscribe/Unsubscribe: > > http://lists.wispa.org/mailman/listinfo/wireless > > > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] public subnet
Routing or firewall setup issues. I pass a /24 and a /8 (NAT) across my entire network. I use one place of NAT (well a few users still have in house NAT) I would do traceroutes from and to the end IPs and see where things start to look wrong. RickG wrote: > OK, I've got a good one. I’m trying to pass public subnets to a couple of > customers. They worked before I switched them to a new, closer tower. > Bascially, it will not show the public IP when checking at > whatismyip.combut rather my firewall ip. Obviuosly, I can get on the > net with the public > ip's. What's weird is that it works at my office which is on the same tower > although it is a different access point. However, the AP's are the both > WRAP/StarOS units. My AP is running 5GHz and the customers is running > 2.4GHz. One other difference is that the customer's CPE is aNS2L and mine is > a NS5. I did try a Tranzeo CPQ as well. The only other difference is that > the customer is now only one hop from the firewall versus two hops before. > Any thoughts? > > -RickG > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
[WISPA] public subnet
OK, I've got a good one. I’m trying to pass public subnets to a couple of customers. They worked before I switched them to a new, closer tower. Bascially, it will not show the public IP when checking at whatismyip.combut rather my firewall ip. Obviuosly, I can get on the net with the public ip's. What's weird is that it works at my office which is on the same tower although it is a different access point. However, the AP's are the both WRAP/StarOS units. My AP is running 5GHz and the customers is running 2.4GHz. One other difference is that the customer's CPE is aNS2L and mine is a NS5. I did try a Tranzeo CPQ as well. The only other difference is that the customer is now only one hop from the firewall versus two hops before. Any thoughts? -RickG WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/