NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Classical Routing - Assistance needed
I am trying to get routing mode (Note: not NAT mode) working through my Netgear Firewall. It's an FVS336G v2. I have the following CIDR Block and IP Address from my ISP - COX.
My block is as follows:
Customer: (My range of static IPs)
68.xxx.xxx.65 < Gateway
255.255.255.224 < Mask
Usable: 68.xxx.xxx.66-92
WAN: (IP and Gateway provided by COx for their Endpoint)
57.224.xxx.100 : WAN IP
255.255.255.240 : Mask
57.224.xxx.97: Gateway
If i setup my Netgear with the above IP info and then set my laptop to use 1 of the IPs in my Range (Customer) - I am not able to ping anything or browse any websites - Using classical routing as the WAN mode.
However if i change nothing else on my laptop and set the netgear to use NAT Mode it works fine. The problem is my ISP's (WAN IP) is showing and not one of my static IPs.
I have several servers that need to have static IPs and cannot use NAT. I bought this firewall beucase it says it supports classical routing.
When in classical routing mode if i use the diagnostics page and ping 4.2.2.1 (from within the firewall) it works as expected yet i cannot ping 4.2.2.1 using my laptop - unless i am set the netgear to NAT mode.
any ideas?
Thanks
My block is as follows:
Customer: (My range of static IPs)
68.xxx.xxx.65 < Gateway
255.255.255.224 < Mask
Usable: 68.xxx.xxx.66-92
WAN: (IP and Gateway provided by COx for their Endpoint)
57.224.xxx.100 : WAN IP
255.255.255.240 : Mask
57.224.xxx.97: Gateway
If i setup my Netgear with the above IP info and then set my laptop to use 1 of the IPs in my Range (Customer) - I am not able to ping anything or browse any websites - Using classical routing as the WAN mode.
However if i change nothing else on my laptop and set the netgear to use NAT Mode it works fine. The problem is my ISP's (WAN IP) is showing and not one of my static IPs.
I have several servers that need to have static IPs and cannot use NAT. I bought this firewall beucase it says it supports classical routing.
When in classical routing mode if i use the diagnostics page and ping 4.2.2.1 (from within the firewall) it works as expected yet i cannot ping 4.2.2.1 using my laptop - unless i am set the netgear to NAT mode.
any ideas?
Thanks
13 Replies
- With the router configured for classic routing, can you ping the following from the laptop...
a) 68.xxx.xxx.65
b) 57.224.xxx.100
c) 57.224.xxx.97 fordem wrote: With the router configured for classic routing, can you ping the following from the laptop...
a) 68.xxx.xxx.65
b) 57.224.xxx.100
c) 57.224.xxx.97
I can ping my 68.xxx.xxx.65 network just fine (same one my laptop is on). And i can ping the the "WAN Side" of my firewall .100 however i cannot ping my WAN Sides Gateway .97 (from my laptop)
Also from the diagnostics page op the netgear i can ping all IPs as requested without issue it only seems to be ping from my "LAN" side (the customer address) where i have the problem.
If i ping 4.2.2.1 (From the LAN Side of the firewall) I see that the packet leaves the network (request) but never receives a reply.
I cant tell if the breakdown is on my side or the providers side. I am still not sure if i need to add routes here but i dont think i do as both networks are physically connected the networks in question.- You should not need to add a static route for the 57.224 network because it is directly connected to the network, and you should be able to ping anything there from both the router & the laptop.
Can you PM me the full addresses that Cox gave you for the 57.224 network? - So for some additional troubleshooting i checked the MAC Address of my .97 IP. IT was correct on my current firewall (TMG2010) and then validated that it was correct on my Netgear. but still the same issue.
So i called COX and explained the situration and asked for the guy to validate my config... it all looks good...
However the ROUTED CIDR Block isnt actually Routed yet and so we opened a ticket and hopefully they will fix it. fordem wrote: You should not need to add a static route for the 57.224 network because it is directly connected to the network, and you should be able to ping anything there from both the router & the laptop.
Can you PM me the full addresses that Cox gave you for the 57.224 network?
Ok so based on my description and i can provide IPs in a PM if needed. This should be working as my IPs are basicallyt transparent correct?
That is am i supposed to NAT eventhough i have a routed CIDR block? Or is that not a requirement beucase i i have my own block?
I just want to be very clear on this and normally i dont do this type of Advanced networking.- Never mind about the ip addresses - I'm starting to think the gateway on the ISP side (57.224.xxx.97 maybe incorrectly configured.
When pinged from the router itself it responds, because it is being pinged from a host on a network that is directly attached, but when pinged within from your network it does not know where to send the reply (back to your router) and maybe sending it forward to it's own default gateway.
Do you have the facilities to connect a sniffer to the WAN interface of the FVS336G? Either a network tap or an old hub (if you can find one) and a laptop running wireshark would let you see the traffic to confirm if the gateway at .97 is responding. - Never mind about the ip addresses - I'm starting to think the gateway on the ISP side (57.224.xxx.97 maybe incorrectly configured.
When pinged from the router itself it responds, because it is being pinged from a host on a network that is directly attached, but when pinged within from your network it does not know where to send the reply (back to your router) and maybe sending it forward to it's own default gateway.
Do you mean that COX does not know to send the packet back to my netgear or to my cable modem?
Do you have the facilities to connect a sniffer to the WAN interface of the FVS336G? Either a network tap or an old hub (if you can find one) and a laptop running wireshark would let you see the traffic to confirm if the gateway at .97 is responding.
I do have the captures from the WAN side of the firewall, those are done in the diagnostics page. I do not have a HUB and no TAPs so i cant do more than that. - Classical routing & NAT should be considered as an "either/or" situation, meaning that you can't do both with the one device at the same time.
Classic routing is used in a situation where you have been provided with an adequate number of public ip addresses that you can assign one to each computer, allowing each one to be accessible at it's own address - NAT is used when you have only one public ip address and need to share it amongst multiple systems.
NAT can also be used when you have a limited number of public addresses and only need some of the computers to be accessible.
If Cox is saying that the routed CIDR block isn't actually routed yet, that may be the cause of your problem. - So i am still waiting for COX to fix my IPs. They claimed that my IPs were fixed however then in the same breath they re-escalated the ticket.
When checking the Packt capture - i still see the same scenario:
(my source ip, ext) - (dst ip - 4.2.2.1) - ICMP Request... No reply!
I have tried the same thing above using different IPs including my own default gateway (COX WAN Side). and i still cannot ping that either.
So i am curious to see what COX has to come back with on this one. But thanks so far for assisting i appreciate it. At least i know i am not high and this should be working. - What you're seeing is "evidence" that your system knows how to reach the outside world, the ping request is being sent from the system, to the FVS336G, which is passing it on to the next hop device, but if the next hop (in this case the cox gateway at 57.224.xxx.97) does not have a route back to your network (68.xxx.xxx.64) it will be unable to send the response back.
The fact that you cannot ping the 57.224.xxx.97 device from within your network is the tip off - if you were not seeing that request leaving your network, the next step would have been to add a static route - in fact, it would probably wouldn't hurt to try it.
Destination ip - 0.0.0.0
Subnet mask - 0.0.0.0
Interface - Wan1 or 2 as required
Gateway - 57.224.xxx.97
Metric - 1
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
