15 May
2017
15 May
'17
4 a.m.
Some consumer quality routers assume that all LAN
addresses *MUST* be
in an RFC1918 range, e.g., 192.168.n.n. The routers usually allow the
user to set the third octet, but not the first or second, and they
reserve the last octet for DHCP and/or local fixed addresses. IIRC,
most allow the user to set the subnet mask's last octet too, but
that's as much flexibility as users get.
Some ISPs manage the router and assign a fixed address to the LAN.
Sometimes, the same restrictions apply to the other
devices on the
LAN, especially printers, and so it's often easier to put a 44net
address on the "WAN" side of a router and do NAT.
Well, I think the main reason why people are doing this is limitations in typical
consumer-quality operating systems. One widely used OS appears to have been
dumbed down to the level that it is no longer possible to set a second address
on a network interface (was possible in older versions!), let alone to configure
policy routing.
People want to be able to access the AMPRnet using their devices that they
also use for internet browsing. It would be straightforward to set an extra
44.x.x.x address on the network and a route for 44.0.0.0/8 pointing to the
router used for that, and it would basically work.
I do this on my workstation but I also have policy routing to send traffic
with my AMPRnet source address to the AMPRnet. So I can also allow access
from internet addresses and send the return traffic the right way. But that
widely used OS cannot do that, at least not from the GUI (registry hacks
probably still work).
There are ways to work around it: you can install a second network card, or
you can add a VLAN to your network. Unfortunately, that again is not a feature
of the rudimentary network code of that OS, it is to be provided in the drivers
of the network card. Sometimes it is possible to download drivers from the
card manufacturer site and do VLAN, but when the manufacturer does not care
about that or places this in a different market segment, you are out of luck.
With all those limitations, I can understand why people install a more capable
router (e.g. MikroTik) to let it handle the job that is too difficult for MS,
and resort to NAT to make their systems available on both internet and AMPRnet.
But, doing it that way is even more tricky. It can work correctly, but you
carefully have to consider all the possible paths and handle them correctly
using suitable NAT rules, routing policy, and multiple route tables.
Unfortunately even some professional "firewall devices" are unable to operate
in transparent mode and always assume they have to do NAT. There are examples
of that in our network as well. People take home left-over big name devices
from work and try to use them in our HAMNET, usually encountering all kinds of
limitations and also bugs due to the old firmware. Support has ended or there
never has been any support without separate, expensive, contract.
It is normally more cost-effective to buy e.g. a MikroTik hEX3 and use that,
if only because of the huge savings in energy costs...
Rob
2748
days inactive
2748
days old
0 comments
1 participants
participants (1)
-
Rob Janssen