ADSL wifi router without NAT and Firewall

Discussion in 'Mac Basics and Help' started by John Jacob, Sep 8, 2007.

  1. John Jacob macrumors 6502a

    John Jacob

    Joined:
    Feb 11, 2003
    Location:
    Columbia, MD
    #1
    Hello Everybody!!

    We have a 256Kbps DSL line at home, and it is shared by my roommate and I. We use a Beetel 440TX (similar to this one) wifi router. The router has a LAN IP address of 192.168.1.1, and a WAN address of whatever the ISP gives it. We use DHCP, so my Powerbook and my roommate's Vaio get an IP address of either 192.168.1.2 or 192.168.1.3. Pretty bog standard configuration so far, don't you think?

    THE PROBLEM
    I have a VPN client that I can use to connect to my employer's network, to work from home. The VPN client uses port 5001 and 10001, so I have opened these in my Powerbook's sharing settings in System Preferences. However, the VPN client always says "negotiating with host failed" and I can't get it to connect with my employer. I realized that the ADSL router also has a firewall and NAT enabled, which is probably why the VPN connection fails. However, there is no option to enable port forwarding in my model of ADSL router. A quick Google search shows that others have also faced the same problem, with no results.

    While the router doesn't seem to support port forwarding, it does have an option in its configuration settings to turn off NAT and the firewall completely. I think that would be ok, since we both have firewalls on our laptops. But even when I tried disabling the firewall and NAT on the router, I was still not able to connect with the VPN client. From the log files, I was able to figure out that the problem was something with my IP address (192.168.1.2). So that begs the questions:

    1. With NAT disabled on my wifi router, what IP address should I configure on my Powerbook? I can give myself a static IP address, if necessary.

    2. How will things work when we have two users behind the wifi router, and no NAT? If I open MacRumors in Firefox on my Powerbook, and my roommate opens PornRumors in Internet Explorer on his Vaio at the same time, could I end up seeing PornRumors loading in Firefox while he sees MacRumors load in IE? That would be funny.

    PS: Unfortunately, the Mac OS X and Linux clients are officially unsupported by the IS department at my employer (they only support the Windoze version, grrrr :mad:) which is why I am asking the question here.

    PPS: The VPN client is Contivity by Apani networks, in case that matters.
     
  2. robbieduncan Moderator emeritus

    robbieduncan

    Joined:
    Jul 24, 2002
    Location:
    London
    #2
    1. With NAT disabled there will be no translation of internal address to real internet IP addresses. You cannot use this mode without having your own real IP addresses. You don't have these.

    2. Unless you have real IP addresses this won't work at all.
     
  3. John Jacob thread starter macrumors 6502a

    John Jacob

    Joined:
    Feb 11, 2003
    Location:
    Columbia, MD
    #3
    Thanks, Robbie. So it seems I'm SOL.

    Unless... could I use NAT but without a firewall on the router, atleast to get the VPN client to connect? The NAT and firewall options are separate checkboxes in the configuration options, so presumably I can have one without the other. Would this work, or do I still need port forwarding?
     
  4. robbieduncan Moderator emeritus

    robbieduncan

    Joined:
    Jul 24, 2002
    Location:
    London
    #4
    Don't know: would depend on the VPN client/server and the router. Some routers have a VPN passthrough checkbox that needs to be checked to prevent them mangling VPN packets...
     

Share This Page