How to use 192.168... addresses behind Router with a Static IP

I

iceman

Hi,

I currently pay my ISP for a block of static IP addresses - I've assigned
one to my router/adsl modem, and one each to three other PCs. So these PCs
are currently accessible directly from the internet with external IP
addresses.

I'd like to just have one static IP address (it costs less) and still
operate my other PCs as I do currently.

I thought that the router would get the static IP address and then do
something to enable traffic to my other PCs. One PC publishes a small
website (currently accessible via its static IP address) and another PC I
use for Azureus.

I thought that with only one static, my other PCs would then have 192.168
addresses (either using DHCP from the router which is also a DHCP server or
manually configured). So if my webserver is on e.g. 192.168.1.99, how can I
still access it from the internet? Also, can I still use apps like Azureus?

Any help very much appreciated.

iceman
 
D

Dom

Use NAT and port-forwarding. Everything will be peachy, as long as you
don't have two servers requiring the same port, such as two
publicly-accessible web servers on port 80.
 
J

Jack \(MVP-Networking\).

Hi

An External ISP type of IP cannot be configured to be use on the LAN side of
a regular Cable/DSL Router.

By using application that can be configured to use the ports of your choice,
you can use one External Static IP and direct the Traffic to the right
computer that is on an Internal IP (192.168.x.x).

This page was written for a specific application, but the principle might
apply to any application that interact through the Internet and has flexible
port configuration.

http://www.ezlan.net/vnc#portselect

Jack (MVP-Networking).
 
S

slebetman

Jack said:
Hi

An External ISP type of IP cannot be configured to be use on the LAN side of
a regular Cable/DSL Router.
Click to expand...

Oh yes it can! This is what routers are supposed to do, in the old
days, before NAT was invented. I guess today some consumer-level
routers have disabled this basic functionality. But my cheapo Aztech
DSL Router can do it. Routing != NAT. In fact, NAT has to be explicitly
enabled on a lot of routers to prevent external ISP type IP from being
used on the LAN.

You want to check out a site that has ALL computers
(servers/workstations/PCs) allocated an ISP type IP then check out my
alma mater: University of Essex. Each and every PC in the lab and in
offices runs on 'external' IP. I used to run ftp servers over the
weekends from the engineering lab ;-)

In fact the OP stated that that's how his current network is set up. So
it can be done and apparently works for him. He now wants to use NAT to
reduce his monthly bills.
By using application that can be configured to use the ports of your choice,
you can use one External Static IP and direct the Traffic to the right
computer that is on an Internal IP (192.168.x.x).

This page was written for a specific application, but the principle might
apply to any application that interact through the Internet and has flexible
port configuration.

http://www.ezlan.net/vnc#portselect
Click to expand...

Good suggestion.
 
I

iceman

Thanks for your help so far guys.

I would only have one web server on port 80, so no problem there.

However, I may have more than one PC on my LAN wanting to send and receive
email. Is this then going to cause a problem if both mail clients use the
same ports?

(Thinking about it, I've got quite a few apps that each PC would use - AVG
Virus updating, MS Antispyware updating, Spybot etc. Would there be a
problem there, or is it different because these apps initiate the
connection?)

iceman
 
D

Dom

Any modern NAT will also translate conflicting port numbers on outgoing
traffic. If two machines sent outbound traffic from port 1025, the NAT
would translate one of them to port 1026 for Internet traversal. Client
traffic will function quite nicely.
 
D

David H. Lipman

From: "iceman" <no.spam@please>

| Thanks for your help so far guys.
|
| I would only have one web server on port 80, so no problem there.
|
| However, I may have more than one PC on my LAN wanting to send and receive
| email. Is this then going to cause a problem if both mail clients use the
| same ports?
|
| (Thinking about it, I've got quite a few apps that each PC would use - AVG
| Virus updating, MS Antispyware updating, Spybot etc. Would there be a
| problem there, or is it different because these apps initiate the
| connection?)
|
| iceman
|

No. It's about incoming redirection. Outgoing is another story. It's not ant different
then ten PCs behind a NAT Router using TCPort 80 to Browse the web.

You can have upto 253 computers behind a NAT Router. All can can access Internet services
simultaneously and equally as well (not withstanding that the bandwidth is shared amongst
all LAN nodes).
 
I

iceman

Thanks again guys.

So, just to clarify. Apps that initiate internet communication (through the
router, using NAT) from the PC are not a problem at all.

The only issue is with regard to server functionality on my PCs - so if more
than one PC is providing the same server function (like a web server or ftp
server) then the router might have a problem performing NAT on INCOMING
internet transfers?

So if for each server function, it only exists on ONE of my PCs, I shouldn't
have any problem?

Cheers
 
D

Dom

Sounds 'bout right. The NAT will use port translation on outbound client
connections, so no worries there. You will be reduced to one public IP,
so you'll only have one of each port available for incoming server
connections. You could have two web servers accessible from the
Internet, but only one would be a able to utilize port 80. The other
would have to be on a different port.
 
D

David H. Lipman

From: "iceman" <no.spam@please>

| Thanks again guys.
|
| So, just to clarify. Apps that initiate internet communication (through the
| router, using NAT) from the PC are not a problem at all.
|
| The only issue is with regard to server functionality on my PCs - so if more
| than one PC is providing the same server function (like a web server or ftp
| server) then the router might have a problem performing NAT on INCOMING
| internet transfers?
|
| So if for each server function, it only exists on ONE of my PCs, I shouldn't
| have any problem?
|
| Cheers

Either the server would be placed in the DMZ of the Router or the protocol(s) of the service
would be port fowarded to the IP address of the server.

The problem arises if you have two http Daemons on two different platforms. Which one does
incoming port 80 go to ?

However, if one uses platform has a https Daemon the TCP port 80 incoming goes to one IP and
TCP port 443 incoming goes to another IP.
 
H

Hansang Bae

iceman said:
Thanks again guys.

So, just to clarify. Apps that initiate internet communication
(through the router, using NAT) from the PC are not a problem at all.

The only issue is with regard to server functionality on my PCs - so
if more than one PC is providing the same server function (like a web
server or ftp server) then the router might have a problem performing
NAT on INCOMING internet transfers?

So if for each server function, it only exists on ONE of my PCs, I
shouldn't have any problem?
Click to expand...

That's correct. But (you knew there would be a BUT....) it's entirely
possible that your ISP may set the TTL to 1. This means that you can't
introduce a router using NAT. This ONLY applies if your ISP is setting
the TTL to one. Easily verifiable by running Ethereal on one of the
PCs. Actually, there are cable modem routers that *RESET* the TTL to
get around this. But I can't remember the brand name at the moment.



--

hsb


"Somehow I imagined this experience would be more rewarding" Calvin
**************************ROT13 MY ADDRESS*************************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
********************************************************************
 
I

iceman

Thanks very much for all your help guys - much appreciated. I didn't even
know what solution to use at all to begin with, but I'll go off and read
more about NAT / Port Forwarding now to get up to speed.

Cheers once again

iceman
 
R

Rod Dorman

...
You can have upto 253 computers behind a NAT Router. ...
Click to expand...

Why the limitation or are you assuming a typical SOHO router that only
allocates out of a /24?
 
D

David H. Lipman

From: "Rod Dorman" <[email protected]>

|
| Why the limitation or are you assuming a typical SOHO router that only
| allocates out of a /24?
|

Yes. That's the assumption for SOHO devices.
Enterprise/Corporate devices may not have that limitation.
 
S

slebetman

Dom said:
Sounds 'bout right. The NAT will use port translation on outbound client
connections, so no worries there. You will be reduced to one public IP,
so you'll only have one of each port available for incoming server
connections. You could have two web servers accessible from the
Internet, but only one would be a able to utilize port 80. The other
would have to be on a different port.
Click to expand...

NO, NAT will NOT do port translation on outbound traffic. If CAN do it
on incoming traffic (often called NAPT). You are confused. Remember
that a service is identified by ip_addess+port combination. So there is
no need to do port translation on outbound traffic. TCP sockets are
identified by session id (something invisible to everyone but the
TCP/IP stack) so there is no confusion at the router or you PC.

Lets illustrate what happens if what you say is true:

1. CLIENT1 wants to connect to MY_SERVER using HTTP
2. CLIENT1 initiates a TCP connection to MY_SERVER at port 80
3. The packet goes to the router which forwards it to MY_SERVER port 80
4. MY_SERVER sees a packet on port 80 and replies to HTTP request
5. At the same time, CLIENT2 wants to also connect to MY_SERVER port 80
6. Dom's router sees a port conflict and send it instead to MY_SERVER
port 81
7. MY_SERVER does not see a packet on port 81 since no software is
running to listen on port 81 (actually its ethernet card recieves the
packet on port81 but is ignored by the OS)
8. CLIENT2 gets frustrated and says: "sh**! this router is stupid!!!"
 
D

Dom

"PAT translates multiple local addresses to a single global IP address.
Specifically, the FWSM translates the local address and local port for
multiple connections and/or hosts to a single global address and a
unique port (above 1024). When a local host connects to the destination
network on a given source port, the FWSM assigns the global IP address
to it and a unique port number. Each host receives the same IP address,
but because the source port numbers are unique, the responding traffic,
which includes the IP address and port number as the destination, can be
sent to the correct host."

http://www.cisco.com/univercd/cc/td..._icn/fwsm/fwsm_2_2/fwsm_cfg/nat.htm#wp1146468
 
A

Alun Jones

NO, NAT will NOT do port translation on outbound traffic. If CAN do it
on incoming traffic (often called NAPT). You are confused. Remember
that a service is identified by ip_addess+port combination. So there is
no need to do port translation on outbound traffic. TCP sockets are
identified by session id (something invisible to everyone but the
TCP/IP stack) so there is no confusion at the router or you PC.
Click to expand...

You are confused.

There are two IP addresses, there are two ports.

There is an IP address and a port at each end, and it is this four-tuple
that uniquely identifies the socket.

The NAPT will - MUST - be able to translate ports from internal to external,
if it hosts two systems that each want to source their traffic at the same
port number.

Your example is flawed, because you assume that there is one port, not two,
involved in a TCP connection.

A better example would be:

Client 1 connects from address 192.168.0.1, port 1025, to Server 1 at
address 10.1.1.1, port 80.
Client 2 connects from address 192.168.0.2, port 1025, to Server 1 at
address 10.1.1.1, port 80.

The external facing address of the NAPT device is, say, 192.168.100.1 - but
you can't have two connections from 192.168.100.1:1025 to 10.1.1.1:80, so
one client (the first to start its connection request) gets that socket, and
the other gets (probably) 192.168.100.1:1026 to 10.1.1.1:80.

Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
 
D

Dom

A table may offer a better example...

OUTBOUND NAT
translated
src ip:port src ip:port dest ip:port
192.168.0.2:1025 1.2.3.4:1025 2.3.4.5:80
192.168.0.3:1025 1.2.3.4:1026 2.3.4.5:80
192.168.0.4:1025 1.2.3.4:1027 3.4.5.6:110
192.168.0.5:1025 1.2.3.4:1028 4.5.6.7:443
192.168.0.6:1025 1.2.3.4:1029 5.6.7.8:143

INBOUND NAT
translated
src ip:port dest ip:port dest ip:port
2.3.4.5:1025 1.2.3.4:80 192.168.0.7:80
3.4.5.6:1025 1.2.3.4:80 192.168.0.7:80
4.5.6.7:1025 1.2.3.4:25 192.168.0.8:25
5.6.7.8:1025 1.2.3.4:110 192.168.0.8:110
 
E

Eric

Dom said:
Use NAT and port-forwarding. Everything will be peachy, as long as you
don't have two servers requiring the same port, such as two
publicly-accessible web servers on port 80.
Click to expand...

You can get around that and have multiple web sites via virtual hosts but
yeh, only 1 server. From the web surfer's viewpoint it looks the same as if
you had multiple servers.
Eric
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Configuring IP address 1
Static IP addresses 2
Help with IP Address 1
Dumb IP address question 5
Assigning Static IP Address Help 18
Lose Internet Connection when making IP static 8
How do I convert my second Router into an Access Point 0
Can no longer Obtain IP Address Automatically In WindowsXP 3

Top