Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Is this correct config
  •  
swity

Messages: 7
Karma: 0
Send a private message to this user
Hi There,

XP Home SP2
Computer with two nic:

First nic:
ip : 10.0.0.1
sub: 255.255.255.0
gw: 10.0.0.0.138

Second nic:
ip: 192.168.0.1
sub:255.255.255.0
gw: none

First nic: Connection to internet ADSL, configured as router.
Second nic: Connected to HUB.



I know i am mixing network classes, its is just the way the adsl modem is configured, i would not go into reconfiguration of adsl.


Now all my clients are getting the configuration.

Sample of one:

ip: 192.168.0.2
sub:255.255.255.0
gw: 192.168.0.1

All configuration is working, Internet, Email, FTP, MSN.
Users accessing websites only if logged.

Can i have it this way ?

Thank you,
Swity
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
You now have two NAT-ing routers, you'd be better of with just one (KWF). Can't you get rid of the ADSL-router and use an ADSL-modem instead? That would make everything a lot better.

Then you'd simply ahve the 'external NIC' with the public IP address as provided by your ISP and the internet NIC to whatever local IP segment you like. The KWF setup wizard will then do all the rest...
  •  
swity

Messages: 7
Karma: 0
Send a private message to this user
Hi There,

Thank you for your reply.
This is ADSL modem speed touch 510, it can be setup to bridged connection

If i setup my modem to bridged connection, will that make it better?

Thank you,
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Well, I was just remarking on your two NAT-ing routers.

Your post doesn't actually state any problem. So what is it you're asking exactly?
  •  
swity

Messages: 7
Karma: 0
Send a private message to this user
Hi There,

Thank you for quick reply.
I have created bridged connection.

Well, the question was if i have right configuration?

I guess its answered now.

In my ADSL i have adress 10.0.x.x. address, and my internal network is 192.168.x.x.

You are guessing my question here, can i have different address types, and how safe is to operate like this ?


Sorry for bad english.

Switty
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Not only can you have different segments on the LAN and WAN side of KWF, you should have different segments. KWF is a router and routing is done between different networks (=subnets).

Still, best thing is if KWF is the first 'thing' an IP packet hits if coming from outside (and the last when going outside). This means that the WAN interface in KWF should have a public IP address (the IP address your ISP is giving you). Currently you say it has an address in the range 10.0.x.x and this is by definition a private address. So your ADSL modem is still NAT-routing.

Even so, most things should still work with two NAT-routers between your clients and the Internet. But things that are bound not to work (or only very slow) are p2p-connections (such as used by chat programs [MSN] when sending files or videoconferencing, or bittorrent, etc.). If you can accept that...

So in the end: yes. All should work. Obviously. Best thing is just to try it out and see what happens.
  •  
swity

Messages: 7
Karma: 0
Send a private message to this user
Hi There,

Thank you for helping me,

Modem still routing, i dont want that.
Its not even connected to hub, its has its ow cable which is connected to adsl.

Look at the picture !!!

Thank you,

switty


  •  
an2ny79

Messages: 109
Karma: 2
Send a private message to this user
It's your choice...
Your configuration might work but the full capability of a KWF won't be achieved with your current settings.
  •  
swity

Messages: 7
Karma: 0
Send a private message to this user
Hi There,

Can you please tell me what to change in order to have it
with full functions?

You seen my picture, what will you change there?
IP addresses ?

Or external connection?

Thank you,

Switty

  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
As said: try to get the modem to stop routing and let KWF's external NIC have a public IP address. That would be ideal.

Else: it will work, but with limitations. (Not a specific problem with KWF, but in general it's limiting when having two NAT-ing routers between you and the Internet.)
  •  
swity

Messages: 7
Karma: 0
Send a private message to this user
Please find attached,

I dont see nat entries !
Where they are located?

Thank you,

Switty

  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
You're wouldn't find it there. You don't even need to find it there. 10.0.x.x is by definition a private IP range, so as long as your external NIC in KWF has such an address: you have two NAT-ing routers.

Because of your questions (and you're also showing a page of NAPT, which is totally not relevant here), I have a feeling you're not to knowledgeable about networks and TCP/IP... Maybe it's not such a good idea to use a 'bare-bones' professional firewall/router in such a case...
  •  
swity

Messages: 7
Karma: 0
Send a private message to this user
Hi there,

I am not very much of networking guy, you are very right about that. So i am here asking for help from you, who are very good with networking.

My ADSL modem has all routing turned off, as its setup with bridged connection,

Taken from here:http://support.iprimus.com.au/index.php?option=com_cont ent&task=view&id=517&Itemid=214

"Double-NAT is an issue where two routers that use Network Address Translation are placed one after the other, this is a common network setup mistake made by people who wish to add wireless without replacing their existing ADSL Modem."

......


Solution, from same source:

"The solution for this issue is to either replace both routers with a single unit that can connect to the Internet and route the traffic to the wireless and wired network, or turn the first modem/router into a bridged modem.

Most ADSL Modems support "bridged" or "half-bridge" modes, which disables all routing & network address translation in the modem. In the case of "bridged" mode you need to establish the PPPoE connection from the second router, if the second router does not support PPPoE then you'll need to use "half-bridge". Half Bridge works by the modem still doing PPPoE/PPPoA to get on-line, except that it pushes the Public IP Address onto the Ethernet connection so it can be used by the second router's wan interface."


Modem is using setup bridged mode, PPPoE connection created.
All working just fine.

Thank you for your support,

Switty


Previous Topic: McAfee virusscan failed on download
Next Topic: how correctly to adjust NAT?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 19:42:59 CET 2017

Total time taken to generate the page: 0.00461 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.