On Thu, 14 Mar 2002, Luis.F.Correia wrote: > I guess you can't do a double NAT. > > I've also tried that to no avail... > > You must try to get them to configure the Cisco 1720 > as Bridge with at least one public IP on your side. > > Then you can use LEAF to do the rest of the job.
Won't happen, not in a million years. There's dozens of reasons why it won't, but for the most part it boils down to the fact that they own the Cisco, and if they change that over to a bridge-mode (not even sure if you CAN do that with a 1720; probably can, but it'd be messy) then they have absolutely no way to access the router remotely. This means that they'd have to rely on the end user (someone who freely admits he doesn't know everything) or a consultant (who REFUSES to admit that he really knows nothing) for spotty diagnostics. And for that matter, the end user or consultant would have to console into the 1720 to get the info needed, which is not precisely easy to do either. It IS possible to get them to cut a /30 out for use between the Cisco and the E2B box; whether they'll do it is another story. For the most part, they probably will but the IPs will incur another charge. Onward to the problem! > I have tried to configure the LRP box directly to WWW using the fixed > address provided to me. I was told it wouldn't work by my ISP (and it > doesn't) - not sure why?? Assumed FTP won't work because of NAT done by > the Cisco router. Any suggestions? I'm going to take a guess here, as I really can't say for sure. Login to the LEAF box, and exit to a command prompt. then run 'lsmod' and it should tell you which modules are loaded. Look and see if there's an entry in the list that says "ip_masq_ftp" or something to that effect. If there is, then I'm at a loss. FTP was always a particularly difficult service to implement on 2.2 series kernels behind NAT, and I never delved into it specifically. Also, you don't state whether or not you're trying to set up FTP so that other people can access FTP from your site, or whether or not you're having issues reaching FTP sites on the internet. The distinction is pretty important there. =) > I would like to add a DMZ and (possibly later VPN) off the LRP > box. Winstar said they will reconfigure the Cisco router if I ask them > (not sure what to ask them though). Not sure where to start. Any > suggestions on setup options? Most likely what you would be asking them to do is forward a port for FTP from the Cisco's external IP to the LRP's external IP. (You may in fact need to do this to solve the first problem as well.) You can then add a third Network card to the LEAF machine for the DMZ, and set that part up as you normally would. (Check the FAQs on the LEAF site.) > Sorry if my terminology/explanation is poor - my occupation has nothing to > do with computers and I learn by reading only. Believe me, after having worked support for high-speed internet for two years, the very fact that you know there's stuff you don't know puts you ahead of the curve. =) -- George Metz Commercial Routing Engineer [EMAIL PROTECTED] "We know what deterrence was with 'mutually assured destruction' during the Cold War. But what is deterrence in information warfare?" -- Brigadier General Douglas Richardson, USAF, Commander - Space Warfare Center _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
