[CLUE-Tech] cisco 675 config for static IP's?
Dave Price
davep at kinaole.org
Sun Jan 13 17:16:10 MST 2002
Gang,
I have a cisco 675 DSL router and a block of 6 usable IP addresses from
Qwest.
Right now, the WAN interface sems to be dynamically configured to an
address on subnet 216.160.164.0/24 and my eth0 is at 63.225.11x.xxx/29
According to cbos, the wan address appears to be dynamically assigned
by Qwest.
<excerpt from running config>
[[ PPP Device Driver = Section Start ]]
PPP Port Option = 00, IPCP,IP Address,3,Auto,Negotiation Not
Required,Negotiable,IP,0.0.0.0
</excerpt>
This works OK, and I have a NAT firewall that passes 192.168.1.0/24 to
local hosts.
I also have hosts on 63.225.11x.xxx./29 which are not firewalled as
currently running.
I would like to revise my firewalling to include these 'public hosts' as
well as provide NAT for others.
1> can i change my cisco's eth0 to something like 192.168.2.1/24,
and run my firewall eth0 as 192.168.2.1/24 - and provide a static
route in the cisco box to pass the 63.225.11x.xxx/29 traffic on to
the firewall at the new private address without messing things up?
As i understand it, my firewall's eth1 (inside) would then take on the
63.225.11x.xxx/29 address now assigned to the cisco's eth0. Is this
valid?
2> if so, it seems as though i will in effect gain the use of 1
additional static address, which is currently 'wasted' by the cisco's
eth0? am i correct? Of course since this address will be physically on
the firewall box, i realize that it's use would be 'dubious' at best.
3> assuming the above are true? what is the syntax required to set up
the new route? i am guessing that this can all happen without Qwest
needing to do anything different?
My cbos settings are below ... hmmm i notice that although it is working
now, my subnet mask seems to be set wrong on eth0 (it looks like it is
/24 when it SHOULD be /29. (guess i ought to change that).
cbos#show route
[TARGET] [MASK] [GATEWAY] [M] [TYPE] [IF]
[AGE]
0.0.0.0 0.0.0.0 0.0.0.0 1 SA WAN0-0
0
63.225.11x.0 255.255.255.0 0.0.0.0 1 LA ETH0
0
216.160.164.0 255.255.255.0 0.0.0.0 1 A WAN0-0
0
cbos#sho int
IP Address Mask
eth0 63.225.11x.xxx 255.255.255.0
vip0 0.0.0.0 255.255.255.0
vip1 0.0.0.0 255.255.255.0
vip2 0.0.0.0 255.255.255.0
wan0 Physical Port: Trained
Dest IP Address Mask
wan0-0 216.160.164.254 255.255.255.255
( yes, i put in x's in some of the addresses, since the actual numbers
are irrelavent to the issue at hand )
aloha (& TIA),
dave
More information about the clue-tech
mailing list