NAT, or Routing problems with multi subnets

mocap · Sep 17, 2010, 6:27 AM

Ok so i have 2 NICs(WAN and LAN) on the lan i have 5 subnets. I have tried using the aliases and adding custome routing and nat entries but every time i ping the router from a machiene set to a subnet IP address all i get is "Destination host unreachable"(slax)

…idk what the deal is...

GruensFroeschli · Sep 17, 2010, 8:27 AM

How did you get 5 subnets on the LAN?

mocap · Sep 17, 2010, 8:49 AM

woops, i think i used the wrong wording, there Vlans. Im trying to replace a cisco 2610 with a pfsense box. The current configuration has 5 vlans running on it att set up staticly. im hoping to just set up the pf box the same way the old router was beacuse i cant get to all the pc's to change them to a new setup.

GruensFroeschli · Sep 17, 2010, 10:48 AM

Can you post a diagram of how you've set things up.
Also screenshots of your firewall rules and modifications to the NAT rules you did.

mocap · Sep 18, 2010, 8:12 AM

I dont have any diagramming software so here goes:

Router->
Switch->
Computer Group A (Eth)
Switch-(cisco catalyst 2610>
Computer group B (WiFi)
Charter modem

As for the NAT and Firewall rules i will need to get those later as i currently dont have access to the computer cabinet(under lock and key)

This is all the subnets that the current router has(I hate IOS…but the router is to old to support any GUI software)

interface Ethernet0/0
description [xcon to sw-main][fa0/0-fa0/1][1st floor maint room demarc]
no ip address
load-interval 30
full-duplex
!
interface Ethernet0/0.10
description [vlan10][out-of-band equipment network]
encapsulation dot1Q 10
ip address 10.90.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
!
interface Ethernet0/0.20
description [vlan20][conference room access network]
encapsulation dot1Q 20
ip address 10.80.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
!
interface Ethernet0/0.30
description [vlan30][guest network access vlan]
encapsulation dot1Q 30
ip address 10.80.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
service-policy output shape-downstream-wifi
!
interface Ethernet0/0.40
description [vlan40][business office network]
encapsulation dot1Q 40
ip address 10.1.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
!
interface Ethernet0/0.50
description [vlan50][DVR]
encapsulation dot1Q 50
ip address 10.90.2.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
!
interface Ethernet0/0.100
description [vlan100][charter cable modem]
encapsulation dot1Q 100
ip address 24.196.64.238 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
service-policy output shape-upstream
!
ip nat translation tcp-timeout 300
ip nat translation pptp-timeout 300
ip nat translation udp-timeout 60
ip nat translation finrst-timeout 10
ip nat translation syn-timeout 10
ip nat translation dns-timeout 10
ip nat translation icmp-timeout 30
ip nat translation port-timeout tcp 80 600
ip nat translation port-timeout tcp 25 120
ip nat translation port-timeout tcp 443 600
ip nat translation port-timeout tcp 22 3600
ip nat translation port-timeout tcp 23 3600
ip nat translation max-entries 10000
ip nat inside source list nated_prefixes interface Ethernet0/0.100 overload
ip nat inside source static tcp 10.1.1.11 3389 24.196.64.238 3389 extendable
ip nat inside source static tcp 10.90.2.2 80 24.196.64.238 80 extendable
ip nat inside source static tcp 10.90.2.2 8234 24.196.64.238 8234 extendable
ip nat inside source static tcp 10.1.1.96 5661 24.196.64.238 5661 extendable
ip nat inside source static tcp 10.1.1.85 5631 24.196.64.238 5631 extendable
ip nat inside source static tcp 10.1.1.96 5662 24.196.64.238 5662 extendable
ip nat inside source static tcp 10.1.1.85 5632 24.196.64.238 5632 extendable
ip nat inside source static tcp 10.90.2.2 6808 24.196.64.238 6808 extendable
ip nat inside source static tcp 10.90.2.2 8235 24.196.64.238 8235 extendable
ip nat inside source static tcp 10.80.2.2 80 24.196.64.238 9999 extendable
ip http server
ip http authentication local
ip classless
ip route 0.0.0.0 0.0.0.0 24.196.64.237

Also just for kicks:
http://www.facebook.com/photo.php?pid=5214660&l=632ddf823c&id=504891818

mocap · Sep 18, 2010, 8:15 AM

…Also, i know less about phone systems than i do about astrophysics, but some how our phone lines and network are tied together...