Combining NAT and Static IPs in Comtrend & performance

Internet access discussion, including Fusion, IP Broadband, and Gigabit Fiber!
9 posts Page 1 of 1
by mazieres » Sat Jul 16, 2011 4:24 am
I recently got Fusion service with a Comtrend NexusLink 5631 and 8 Static IP addresses assigned to me. Since I have more than 8 devices on my network, I would like to assign 7 of the IP addresses to machines I access remotely, and use the 8th IP address as a public IP address of a NAT box.

This works fine with an external NAT box, but all else equal I'd rather have fewer devices, so it would be nice if I could use the Comtrend modem as both a bridge and a NAT device.

After fiddling with the settings, I found that I could create *two* WAN interfaces with the same VPI/VCI, so I created one bridge interface, and one MER. The bridge interface let me use my static IP addresses, while the MER interface let me configure NAT and a DHCP server. I'm running Sonic's IP addresses and my own RFC1918 ones on the same Ethernet, which works fine.

The problem I'm running into is that the NATted IP addresses are significantly slower than the public ones--like 18% slower. Using a public IP address, I see download rates of 4.25 MB/sec. With an RFC1918 one, I can only get 3.5 MB/sec.

Is creating two WAN interfaces the right way to do what I want to do, or is there a better way to configure the modem? Does the Comtrend just have a poor NAT implementation, or does this depend on the order in which I define WAN interfaces or something? Can someone give me any suggestions on how to avoid this NAT penalty?

Thanks.
by gp1628 » Sat Jul 16, 2011 5:46 am
Is that the one that has WiFi also? I tried for a long time to get mine to work with direct IP for my server. I ended up switching to the lesser version and making it just a bridge to a cheap dumb router that acts as a splitter and one of the splits going to a fancier router for NAT

I would be very interested in your results.
by mazieres » Sat Jul 16, 2011 11:35 am
No Wifi. Both tests are over wired Ethernet.
by mazieres » Sun Jul 17, 2011 1:13 pm
Well, I actually ran into some troubles with this configuration. Sometimes when bringing a client on-line, the client tries to re-bind a DHCP lease and gets a NAK from Sonic's DHCP servers, which confuses it. I'm not sure why I can even reach Sonic's DHCP servers, given that I have static IP addresses. However, if Sonic has servers that respond to broadcast packets (other than ARP), this outcome is not surprising.

To address the problem, I tried playing with the "Port Mapping" menu of the comtrend modem. I put my NATted ports in the default group (which includes the modem's own eth0), and added a "bridged" port group with an Ethernet port and the WAN interface (nas_0_0_35). This way the interface through which the modem offers DHCP and NAT is not bridged to the WAN.

This almost works, except... Now I can't reach my static IP addresses from that NATted network. Logging into the comtrend with ssh makes it obvious why. Both the default route and the route to the local network is going out interface nas_0_0_35 instead of br1, where br1 is the bridge that contains nas_0_0_35 and the Ethernet port I'm using for static IP addresses. Moreover, none of the interfaces let me add a static route through interface br1, just br0. As a result, this setting is even worse that bridging everything together (which works most of the time). Thus, I think I will revert to the old setting.

However, this does bring up the question of when port mapping is ever useful. If you can never route out a bridge other than br0, the only uses would seem to be using the Wireless AP (or one of the guest wireless networks) in a way that's disconnected from the WAN, or maybe esoteric settings with multiple ATM VCs. Has anyone done anything useful with the port mapping feature?
by dane » Mon Jul 18, 2011 11:44 pm
Odd that this works - wouldn't be a supported configuration. We would suggest for multi-IP static that you bridge the Comtrend, then place a router behind it one on of the static IPs to deliver NAT to your additional devices.

-Dane
Dane Jasper
Sonic
by luoqi » Tue Aug 09, 2011 11:55 pm
We're using the same trick to fully utilize our static block AND the Comtrend, otherwise we'd have to get another router and waste a perfectly working AP. We don't have the problem of accessing the bridged static IPs from the NATted network, it is taken care of with an alternate internal route and split horizon dns settings.
by gp1628 » Wed Aug 10, 2011 5:03 am
That is what I ended up doing also. But in the process, I lost WiFi. Has anyone gotten all 3 to work? Static, dhcp, and wifi?
by luoqi » Wed Aug 10, 2011 12:02 pm
We have all 3 working here. Did you put the wlan in the default group (behind the NAT)?
by gp1628 » Thu Aug 11, 2011 4:52 am
Actually I dont remember now. When I tried it even the Sonic support techs gave up and just sent me another modem I could use as a dumb bridge because I wanted a raw feed to my server (dedicated static IP).

I just wanted to know if anyone had worked it out at all. That makes me hopeful and sometime in the future I would be willing to try it again just to have more toys. And play with some SmartHome devices.
9 posts Page 1 of 1

Who is online

In total there are 41 users online :: 1 registered, 0 hidden and 40 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: Ahrefs [Bot] and 40 guests