Need DSL PPoE AND static IPs AND NAT to work at same time

Discussion in 'Tomato Firmware' started by timingalls, Jan 22, 2007.

  1. timingalls

    timingalls LI Guru Member

    OK, maybe this is just me not understanding some things about networking, but here goes.

    I switched which ISP I connect to through Qwest DSL so that I could get static addresses so that: 1) I could put my Asterisk PBX server outside of NAT; and 2) so my ISP wouldn't keep changing my IP address for that machine. I got a block of 8 static IP addresses (6 usable) from my ISP today. I have a DSL modem/router from 2-Wire that I have put into "transparent bridging mode" so that it doesn't try to do NAT or routing, which I want my Tomato'd Linksys router do. I'm hoping to buy an Actiontec GT701-WG because I hear that it can have NAT easily turned off and go into transparent bridging mode.

    I bought and installed a Linksys WRT54GL and installed Tomato so I could use the QOS functions it provides. That should let me prioritize voice packets over everything else.

    Here's the problem. My ISP says I need to set the Linksys to use PPPoE so that I can get authenticated. Unfortunately, when I choose PPPoE for the WAN protocol, I don't have the option to input my static IP address and DNS mask that enables the block of IP addresses I have. If I choose "Static" from the WAN options, I can put in my static IP for the router and input the netmask of to show the other static IPs I got. I can also then choose a different LAN router address ( so I can do NAT for my regular machines that don't need a public IP address. In this configuration, however, I can't authenticate myself to my ISP, and, therefore, can't get out to the Net.

    Here's what I would like:
    1. One or more servers with static, public IPs that don't have to use NAT or DHCP but that can be accessed by my NAT-internal machines by DNS name as listed in the Linksys router (instead of having to use just their IP addresses to access them).

    2. I would like QOS for my Asterisk server. I need as low of latency as possible, so I'd like to do the whole thing with one router.

    3. I don't want my regular computers to be behind two routers (one routing the public IPs, and one handing out NAT-based IPs) because I perceive there would be a big bandwidth decrease and an increase in latency.

    4. I want my non-server computers to be behind a firewall with NAT for increased security.

    Does anyone have any suggestions on how to solve this problem? I'll be so grateful for any suggestions.
  2. Reiper

    Reiper LI Guru Member

    I have a Cisco 678 (yes, I know... Very Old) set up here at work connecting through Qwest DSL and authenticating with PPoE. Basically, when the Router authenticates with the ISP, the ISP should assign the router's static IP. As for the other Public IP's that you got, you should be able to statically assign them on the other devices manually (not through Tomato's GUI but on the other devices themselves). When you do this you'll want to set the default gateway on the other devices to the Router's LAN IP. For DNS on these devices, you could set it to the Router's LAN IP to make them register with the router but I'm not sure if you'll be able to see them from the NAT devices as they won't be on the same subnet as the NAT devices? Then for NAT devices just have them pick up their IP's from the Router's DHCP service and you should be good to go.
  3. timingalls

    timingalls LI Guru Member

    I just tried to set the IP address on the server itself, but it wasn't able to get out to the Net. I set the router as both the default gateway and as the DNS server.

    What I have done to fix the issue temporarily is to just set up this machine as the DMZ host. Unfortunately, that means that I still can't use a public IP address for it, but if it works, it works. Also, if I want to use a SIP softphone on one of my machines to receive calls directly from another computer across the Net, I think if setting up port forwarding for those applications will steal all of that signaling away from my asterisk box. If I could give my asterisk box a public IP, that would fix that problem.

    Another possible solution I came up with was to utilize another router I have sitting around. I would use the public IPs as LAN IPs on the Linksys and turn off DHCP serving, and assign the Asterisk box and the second router public IPs, and then connect all of my regular computers to the second router. The drawback I see to that plan is that I don't think the DNS server on the Linksys would be able to allow me to use hostnames on my LAN, but maybe it will.
  4. orangekay

    orangekay LI Guru Member

    I don't think you would see any "big bandwidth decrease" with the introduction of a separate router that doles out NAT IPs at all. That would actually probably be the best solution for what you're trying to accomplish. Some routers allow (or force) you to break their interfaces apart into separate subnets with their own DHCP ranges and whatnot, but they're very expensive and usually more trouble than they're worth as there are many side effects involved with doing this.

    If you want to reliably resolve NAT IPs across multiple subnets you're going to have to run your own nameserver.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice