Unless there is a rouge NAT statement someplace, I do not see anything
specific that would be causing this (as described)
What about a proxy server ? Are all connections heading out the NAT IP
or only HTTP?


On Sat, Dec 19, 2009 at 4:40 AM, RickG <rgunder...@gmail.com> wrote:
> The thing is they had a bridge from the other tower and it was working. The
> only thing thats changed is the tower. RIP is on RB450G and WRAP's. Dont
> know about Cisco as it is the customers and I dont have control. They also
> have ICMP turned off amongst other things. Should I still see it?

I would request that ICMP be allowed to your internal network at
least. Personally, I control everything down to the ethernet
port. Past that, its their ball (but mostly I handle the LAN too)

>
> Yes, NAT is being done from RB450G using 10.0.0.0/8.
> Thanks! -RickG
>
> On Fri, Dec 18, 2009 at 9:08 PM, jree...@18-30chat.net <
> jree...@18-30chat.net> wrote:
>
>> Mmmm. bridging CPE, make sure its not proxy arping.
>>
>> Check your RIP, if its turned on, on both the wrap and Csico, should be
>> seen.
>>
>> Where is the IP that is doing NAT located, on the RB450? The only way I had
>> that
>> work correctly was to drop all chain rules and tell NAT to source
>> 10.0.0.0/8
>> when going out dst interface. I have 2 routers at the core one for BGP &
>> etc
>> upstream, the other for NAT and in building hand-off (couple lans's and
>> wireless, then the BH's to the rest of the network + the hotspot).
>>
>>
>> RickG wrote:
>> > I agree but traceroutes run perfectly. Just to be clear, here is the
>> setup:
>> > Inet->RB450G(Firewall)->WRAP/StarOS->CPE->Customer Device (Cisco).
>> > The subnet is 204.62.63.76/30.
>> > RB450G has the subnet defined in the filter rules as chain forward.
>> > The wireless interface on the WRAP has 204.62.63.77 assigned.
>> > The CPE is in bridge mode so its on a private IP.
>> > The Cisco has 204.62.63.78 assigned to ether1.
>> > All with a 255.255.255.252 subnet mask.
>> > I tested with my laptop in place of the router.
>> > One strange item I noticed. I'm running RIP and it does not see the WRAP
>> > with 204.62.63.77 assigned.
>> > Any other ideas?
>> > -RickG
>> >
>> > On Fri, Dec 18, 2009 at 5:13 PM, jree...@18-30chat.net <
>> > jree...@18-30chat.net> wrote:
>> >
>> >> Routing or firewall setup issues. I pass a /24 and a /8 (NAT) across my
>> >> entire
>> >> network. I use one place of NAT (well a few users still have in house
>> NAT)
>> >> I
>> >> would do traceroutes from and to the end IPs and see where things start
>> to
>> >> look
>> >> wrong.
>> >>
>> >> RickG wrote:
>> >>> OK, I've got a good one. I’m trying to pass public subnets to a couple
>> of
>> >>> customers. They worked before I switched them to a new, closer tower.
>> >>> Bascially, it will not show the public IP when checking at
>> >>> whatismyip.combut rather my firewall ip. Obviuosly, I can get on the
>> >>> net with the public
>> >>> ip's. What's weird is that it works at my office which is on the same
>> >> tower
>> >>> although it is a different access point. However, the AP's are the both
>> >>> WRAP/StarOS units. My AP is running 5GHz and the customers is running
>> >>> 2.4GHz. One other difference is that the customer's CPE is aNS2L and
>> mine
>> >> is
>> >>> a NS5. I did try a Tranzeo CPQ as well. The only other difference is
>> that
>> >>> the customer is now only one hop from the firewall versus two hops
>> >> before.
>> >>> Any thoughts?
>> >>>
>> >>> -RickG
>> >>>
>> >>>
>> >>>
>> >>
>> --------------------------------------------------------------------------------
>> >>> WISPA Wants You! Join today!
>> >>> http://signup.wispa.org/
>> >>>
>> >>
>> --------------------------------------------------------------------------------
>> >>> WISPA Wireless List: wireless@wispa.org
>> >>>
>> >>> Subscribe/Unsubscribe:
>> >>> http://lists.wispa.org/mailman/listinfo/wireless
>> >>>
>> >>> Archives: http://lists.wispa.org/pipermail/wireless/
>> >>
>> >>
>> >>
>> --------------------------------------------------------------------------------
>> >> WISPA Wants You! Join today!
>> >> http://signup.wispa.org/
>> >>
>> >>
>> --------------------------------------------------------------------------------
>> >>
>> >> WISPA Wireless List: wireless@wispa.org
>> >>
>> >> Subscribe/Unsubscribe:
>> >> http://lists.wispa.org/mailman/listinfo/wireless
>> >>
>> >> Archives: http://lists.wispa.org/pipermail/wireless/
>> >>
>> >
>> >
>> >
>> --------------------------------------------------------------------------------
>> > WISPA Wants You! Join today!
>> > http://signup.wispa.org/
>> >
>> --------------------------------------------------------------------------------
>> >
>> > WISPA Wireless List: wireless@wispa.org
>> >
>> > Subscribe/Unsubscribe:
>> > http://lists.wispa.org/mailman/listinfo/wireless
>> >
>> > Archives: http://lists.wispa.org/pipermail/wireless/
>>
>>
>>
>> --------------------------------------------------------------------------------
>> WISPA Wants You! Join today!
>> http://signup.wispa.org/
>>
>> --------------------------------------------------------------------------------
>>
>> WISPA Wireless List: wireless@wispa.org
>>
>> Subscribe/Unsubscribe:
>> http://lists.wispa.org/mailman/listinfo/wireless
>>
>> Archives: http://lists.wispa.org/pipermail/wireless/
>>
>
>
> --------------------------------------------------------------------------------
> WISPA Wants You! Join today!
> http://signup.wispa.org/
> --------------------------------------------------------------------------------
>
> WISPA Wireless List: wireless@wispa.org
>
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
>
> Archives: http://lists.wispa.org/pipermail/wireless/
>


--------------------------------------------------------------------------------
WISPA Wants You! Join today!
http://signup.wispa.org/
--------------------------------------------------------------------------------
 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Reply via email to