Disabling NAT?

element05

Hi all,

OK, first off, I'm a bit of a n00b when it comes to all this broadband stuff. I only have it a few weeks, and I'm still finding my feet, so if this post is stoopid, I apologise Oh and I tried searching for topics covering this, but the search term "NAT" is too short apparently for the board system to bother looking for apparently

I have the Cayman 3341 ADSL modem (Eircom broadband package), which by default has NAT enabled. From what I can see, NAT seems to act something like a firewall, in that I have to open ports in it to get hosted software to work. However, the Cayman's web interface isn't great, and I already have a decent software firewall (not the XP one ) - if you use one of those web-based firewall testers, like the one at http://scan.sygate.com/, the modem seems to respond to the port requests before my firewall has a chance to react, and most of the ports show up as closed, instead of being stealthed, which I'm not happy about. Also, having to open up ports in both my firewall and the modem's NAT settings when I want to host a game server for the first time is a total headache, particularly when there's problems getting it to work, and the modem has to be restarted every time you make a change to its settings...

I tried disabling NAT on the modem, but then I lost internet access. I couldn't get to any machine outside of my local network, so I had to turn it back on.

So I'm wondering, is there any way to successfully disable NAT, so that I only have to deal with my software firewall, but can still access the internet?

douglasman

The Cayman Netopia 3341 can be configured either as a modem or as a router. The default is as a router using NAT. It can be changed to be a modem without NAT. In the latter configuration, the PC then has to run the PPPoE session, Windows XP has built in software to do this. Essentially, the PC then has the real internet IP address so everything talks to your software firewall on the PC then and the netopia is nothing more than a modem. This is how I have my setup and it works really well. Make sure you have a really good firewall though, as you will be vulnerable to internet attacks otherwise. This is the config on my Cayman, basically everything off except whats needed to run it as a modem only. I've upgraded the OS to 7.4.0r1 (the current build) from netopia.com so if certain options are not there in your config, don't worry about it. Hope this helps. Oh, you telnet to the netopia to see this config, telnet 192.168.1.254

========================================
top

======================================
atm
option on
vcc 1
option on
vpi 8
vci 35
encap ether-llc
qos
service-class ubr
peak-cell-rate 0

======================================
bridge
option on
dsl vcc1
option off

======================================
dhcp
option off

======================================
dmt
type dmt
autoConfig off
wiringMode tip_ring

======================================
dns
proxy-enable on
domain-name ""
primary-address 0.0.0.0
secondary-address 0.0.0.0

===============================================
dslf-cpewan
option off

===============================================
dslf-lanmgmt
option on

===============================================
ethernet
ethernet A
mode auto

===============================================
ip
option on
ethernet A
option on
address 192.168.1.254
broadcast 192.168.1.255
netmask 255.255.255.0
restrictions none
rip-send v1
rip-receive v1
dsl vcc1 option off
gateway
option off
igmp-forwarding off
ipsec-passthrough off
prioritize off
sip-passthrough on
static-routes
static-arp

===============================================
ip-maps

===============================================
nat-default
mode off

===============================================
pinhole

===============================================
ppp

===============================================
security
state-insp
udp-timeout 180
tcp-timeout 14400
dsl vcc1
option off
xposed-addr

===============================================
servers

web-http 80
telnet-tcp 23

===============================================
snmp
community
read "public"
write ""
trap ""
traps
ip-traps
sysgroup
contact ""
location ""
v3
enable off

===============================================
system
name "Cayman-3000"
diagnostic-level high
heartbeat
option off
ntp
option off option off

===============================================
upnp
option on

syslog

element05

Cool, thanks for the info - I didn't know the modem could act as a router as well... we're thinking of getting a wireless router here down the road, so I'll really want to disable the router stuff on the modem then

I'm going to do a bit of reading up on all of the options here, and when I get around to changing my config, I'll post my results here; maybe someone else will find them useful.

Again, thanks!

tea

A neater solution would be to use the 'IP Passthrough' option in the router configuration menu. (under Configure/Advanced/Default Server)

The 'IP Passthrough' option in this menu allows you to select for one machine connected to the router to get the public IP address of the connection (others will get NAT'ted addresses). You'll need the MAC address of your PC handy.

Nicer than using the Windows XP PPP stack, IMHO