[CLUE-Tech] cisco 675 config for static IP's?

Dave Price davep at kinaole.org
Sun Jan 13 17:16:10 MST 2002 

Gang,

I have a cisco 675 DSL router and a block of 6 usable IP addresses from
Qwest.

Right now, the WAN interface sems to be dynamically configured to an
address on subnet 216.160.164.0/24 and my eth0 is at 63.225.11x.xxx/29

According to cbos, the wan address appears to be dynamically assigned
by Qwest.

<excerpt from running config>

[[ PPP Device Driver = Section Start ]]
PPP Port Option = 00, IPCP,IP Address,3,Auto,Negotiation Not
Required,Negotiable,IP,0.0.0.0

</excerpt>

This works OK, and I have a NAT firewall that passes 192.168.1.0/24 to
local hosts.

I also have hosts on 63.225.11x.xxx./29 which are not firewalled as
currently running.

I would like to revise my firewalling to include these 'public hosts' as
well as provide NAT for others.

1> can i change my cisco's eth0 to something like 192.168.2.1/24,
and run my firewall eth0 as 192.168.2.1/24 - and provide a static
route in the cisco box to pass the 63.225.11x.xxx/29 traffic on to
the firewall at the new private address without messing things up?

As i understand it, my firewall's eth1 (inside) would then take on the
63.225.11x.xxx/29 address now assigned to the cisco's eth0.  Is this
valid?

2> if so, it seems as though i will in effect gain the use of 1
additional static address, which is currently 'wasted' by the cisco's
eth0? am i correct?  Of course since this address will be physically on
the firewall box, i realize that it's use would be 'dubious' at best.

3> assuming the above are true? what is the syntax required to set up
the new route?  i am guessing that this can all happen without Qwest
needing to do anything different?

My cbos settings are below ... hmmm i notice that although it is working
now, my subnet mask seems to be set wrong on eth0 (it looks like it is
/24 when it SHOULD be /29.  (guess i ought to change that).   

cbos#show route
[TARGET]         [MASK]           [GATEWAY]       [M] [TYPE]    [IF]
[AGE]
0.0.0.0          0.0.0.0          0.0.0.0          1  SA        WAN0-0
0   
63.225.11x.0     255.255.255.0    0.0.0.0          1  LA        ETH0
0   
216.160.164.0    255.255.255.0    0.0.0.0          1  A         WAN0-0
0   

cbos#sho int
           IP Address         Mask
eth0       63.225.11x.xxx     255.255.255.0      

vip0       0.0.0.0            255.255.255.0      

vip1       0.0.0.0            255.255.255.0      

vip2       0.0.0.0            255.255.255.0      

wan0       Physical Port: Trained

           Dest IP Address    Mask
wan0-0     216.160.164.254    255.255.255.255    

( yes, i put in x's in some of the addresses, since the actual numbers
are irrelavent to the issue at hand )

aloha (& TIA),
dave

More information about the clue-tech mailing list