My ISP is blocking my router through NAT - Can I get around this?

[jtmx29]

Thanks for the help. I will look into that. Many people around the halls have a wireless router and they don't seem to be having the problem, and I doubt all 10 or so know more than me about this problem.

It's strange how this network has a problem but other people are fine.



It's not that, it was possible before but they are detecting it through NAT. I have done that and they said the network is using a NAT device.

Thanks though.



Sounds interesting, however the halls that my friend is in doesn't have any contract with the university and where he is I don't think he's heard of any such group, but it is worth looking into.

Thanks.

Every router made today uses NAT. NAT is Network Address Translation. Basically what it does is turn one internal IP into an external IP. With NAT you must have as many external IP's as internal. So I can assure you they are not doing that.

They must be picking up that an internal address is trying to get an outside IP. If you could clone the MAC of the main router that gives you access you could set up a router.

 

[Ezio]

Every router made today uses NAT. NAT is Network Address Translation. Basically what it does is turn one internal IP into an external IP. With NAT you must have as many external IP's as internal. So I can assure you they are not doing that.

They must be picking up that an internal address is trying to get an outside IP. If you could clone the MAC of the main router that gives you access you could set up a router.

I'm sure they are detecting the router because it's using Nat, but I could be wrong.

I've tried cloning the mac address of his laptops to his router to no avail. Do you mean this or something totally different?

Thanks for the help btw.

 

[belvdr]

Every router made today uses NAT. NAT is Network Address Translation. Basically what it does is turn one internal IP into an external IP. With NAT you must have as many external IP's as internal.

Not true. It depends on the type of NAT you are doing and if you are doing PAT as well.

 

[jtmx29]

Not true. It depends on the type of NAT you are doing and if you are doing PAT as well.

True. It all depends on what the router is running. Most likely it is doing PAT because PAT is basically a greater NAT, that being said more options with PAT. Either way I still feel strong about the cloning MAC address. However, might be difficult.

 

[belvdr]

You said:

With NAT you must have as many external IP's as internal.

which is not true at all. Think of your average consumer router (AEBS, for example). It uses hide/dynamic NAT to translate all internal IPs behind another IP. Additionally, most, if not all, consumer routers do some sort of NAT and/or PAT. Other business routers may or may not be able to do this.

You can have one or more IPs (external or RFC1918, it doesn't matter) and NAT them in any way you wish. You can take one IP and hide/dynamic NAT 1,000,000 hosts behind it and static NAT a couple of hosts to a couple of other IPs, provided you have the hardware/software combo to do it.

True. It all depends on what the router is running. Most likely it is doing PAT because PAT is basically a greater NAT, that being said more options with PAT. Either way I still feel strong about the cloning MAC address. However, might be difficult.

I'm not sure what you're implying about PAT and NAT there. I don't see PAT as a greater NAT; you can translate both the address and the port at the same time, if you wish. They are just different; one is not greater/more functional than the other.

Cloning shouldn't be hard at all these days. Most every consumer router I've seen allows you to do it.

 

[Ezio]

Cloning mac address does not work, as I have tried that.

 

[jtmx29]

You said:



which is not true at all. Think of your average consumer router (AEBS, for example). It uses hide/dynamic NAT to translate all internal IPs behind another IP. Additionally, most, if not all, consumer routers do some sort of NAT and/or PAT. Other business routers may or may not be able to do this.

You can have one or more IPs (external or RFC1918, it doesn't matter) and NAT them in any way you wish. You can take one IP and hide/dynamic NAT 1,000,000 hosts behind it and static NAT a couple of hosts to a couple of other IPs, provided you have the hardware/software combo to do it.



I'm not sure what you're implying about PAT and NAT there. I don't see PAT as a greater NAT; you can translate both the address and the port at the same time, if you wish. They are just different; one is not greater/more functional than the other.

Cloning shouldn't be hard at all these days. Most every consumer router I've seen allows you to do it.

PAT can basically do what NAT can do and more. With NAT you need an external IP for every external IP trying to access the internet. For PAT you can have many IP's to one external IP by using port addressing. This alone makes it greater, most NAT routers are actually both NAT and PAT. I understand cloning a MAC is easy, however, he has to know what MAC he needs to clone to get IP's sent to his router to DHCP.

* I wasn't aware that NAT allowed for those types of things, thanks for the clarification. From what I've learned was that NAT routers are similarly PAT routers.

 

[Ezio]

Does this NAT and PAT talk help me in any shape or form?

 

[belvdr]

PAT can basically do what NAT can do and more. With NAT you need an external IP for every external IP trying to access the internet. For PAT you can have many IP's to one external IP by using port addressing. This alone makes it greater, most NAT routers are actually both NAT and PAT. I understand cloning a MAC is easy, however, he has to know what MAC he needs to clone to get IP's sent to his router to DHCP.

* I wasn't aware that NAT allowed for those types of things, thanks for the clarification. From what I've learned was that NAT routers are similarly PAT routers.

NAT and PAT are just translating the IP address and port, respectively. PAT doesn't do NAT and vice versa. You are correct that most consumer routers are doing both NAT and PAT. However, the two technologies aren't competing. They have their uses and are commonly used together.

For example, on my gear, I can hide everyone behind one IP for web browsing. Behind the scenes, it is doing some PAT on the source ports of the clients in order to track who is accessing what. Depending on the documentation you read, some call it dynamic NAT, while others call it hide NAT. You don't need a one-to-one ratio of translated IP to each internal IP.

Now on the higher end gear, you can NAT an internal IP to one external IP (and do this many times if you have a public subnet at your disposal). This is called a static NAT. For example, public IP A maps to internal IP A and public IP B maps to internal IP B. Then you can allow TCP 80 (HTTP) inbound to both of those without doing any PAT at all. In other words you can web browse to public IP A or B without specifying the port.

 

[belvdr]

Does this NAT and PAT talk help me in any shape or form?

Basically yes. I believe they are monitoring the traffic going through the network and are noticing you have a NAT device. No matter what cloning or modifications you do, your router will decrement the packet TTL by one and they'll see that.

 

[jtmx29]

NAT and PAT are just translating the IP address and port, respectively. PAT doesn't do NAT and vice versa. You are correct that most consumer routers are doing both NAT and PAT. However, the two technologies aren't competing. They have their uses and are commonly used together.

For example, on my gear, I can hide everyone behind one IP for web browsing. Behind the scenes, it is doing some PAT on the source ports of the clients in order to track who is accessing what. Depending on the documentation you read, some call it dynamic NAT, while others call it hide NAT. You don't need a one-to-one ratio of translated IP to each internal IP.

Now on the higher end gear, you can NAT an internal IP to one external IP (and do this many times if you have a public subnet at your disposal). This is called a static NAT. For example, public IP A maps to internal IP A and public IP B maps to internal IP B. Then you can allow TCP 80 (HTTP) inbound to both of those without doing any PAT at all. In other words you can web browse to public IP A or B without specifying the port.

I see, however, wouldn't the easier and more logical way to do that said example is to use PAT? You'd use up many of your IP addresses if you did the 1:1 NAT on a campus.

For example you could have multiple hardware devices serving one IP that would PAT for x amount of users in the dorm building?

 

[Ezio]

Basically yes. I believe they are monitoring the traffic going through the network and are noticing you have a NAT device. No matter what cloning or modifications you do, your router will decrement the packet TTL by one and they'll see that.

Is there any way to bypass this problem?

I see, however, wouldn't the easier and more logical way to do that said example is to use PAT? You'd use up many of your IP addresses if you did the 1:1 NAT on a campus.

For example you could have multiple hardware devices serving one IP that would PAT for x amount of users in the dorm building?

Thank you both btw for the help.

 

[dmmcintyre3]

Is there any way to bypass this problem?

DDWRT like mentioned earlier if you have a supported router.

 

[Ezio]

DDWRT like mentioned earlier if you have a supported router.

I never quite understood this, his router is a linksys if that helps.
What do I need to do, input some codes?

 

[belvdr]

I see, however, wouldn't the easier and more logical way to do that said example is to use PAT? You'd use up many of your IP addresses if you did the 1:1 NAT on a campus.

For example you could have multiple hardware devices serving one IP that would PAT for x amount of users in the dorm building?

You're still confusing the two technologies; they are separate and they are different. You don't PAT everyone behind a device; you NAT them behind it. Examining a packet, NAT transforms the source or destination IP address (or even both). PAT transforms the source or destination port (or even both). So PAT does not do what NAT does and vice versa.

NAT does not necessarily mean you translate one IP to one other IP (A to A, B to B, etc). There are two types of NAT: static and dynamic (also called hide). You can mix and match these two.

In consumer routers, both NAT and PAT are taking place, even without enabling port forwarding. PAT is occurring on the source ports of the clients behind the router, so the router knows who is accessing what data.

 

[belvdr]

http://www.dd-wrt.com/wiki/index.php/Linksys_WRT54G/GL/GS/GX#Identifying_Your_Version

I think you just install it and run the command on the earlier post by me, but I'm not sure.

I never quite understood this, his router is a linksys if that helps.
What do I need to do, input some codes?

The top link is what you want. It is actually installing an alternate firmware on your router. Not all Linksys models are supported and if you mess this up, you can render your router useless.

 

[Eric M]

there is another option...

...instead of buying/ordering a hub you could just invest in something like this and just configure it to share the connection - since it's virtually silent and cheaper than many routers (just bough mine for £44 of eBay)
...just a suggestion I'm not affiliated

 

[belvdr]

...instead of buying/ordering a hub you could just invest in something like this and just configure it to share the connection - since it's virtually silent and cheaper than many routers (just bough mine for £44 of eBay)
...just a suggestion I'm not affiliated

That will still decrement the TTL, and, if that's how they are identifying him, then this will still cause an issue. Using a switch (preferred) or hub and not routing is the only way to keep the clients on the same subnet as the university.

 

[Ezio]

Thanks for the help guys, I don't think I'll do the command thing as I do not want to put his router at risk, as I could easily get it wrong.

I think he's going to pay extra so he can put his other laptop and console on, however they do allow wireless hubs so he could use them at the same time, could he use his router as a wireless hub by switching the dchp off?

Is that possible?

 

[belvdr]

Thanks for the help guys, I don't think I'll do the command thing as I do not want to put his router at risk, as I could easily get it wrong.

I think he's going to pay extra so he can put his other laptop and console on, however they do allow wireless hubs so he could use them at the same time, could he use his router as a wireless hub by switching the dchp off?

Is that possible?

Yes. Switch DHCP off _first_. Then connect the university jack into one of the LAN ports on the router.

 

[Ezio]

Yes. Switch DHCP off _first_. Then connect the university jack into one of the LAN ports on the router.

So it should work wirelessly after doing that?
It sucks for him really as if I do a scan around the halls a load of people have their routers working and I doubt it was this difficult for them.

Thanks for the help though pal.

 

[jtmx29]

You're still confusing the two technologies; they are separate and they are different. You don't PAT everyone behind a device; you NAT them behind it. Examining a packet, NAT transforms the source or destination IP address (or even both). PAT transforms the source or destination port (or even both). So PAT does not do what NAT does and vice versa.

NAT does not necessarily mean you translate one IP to one other IP (A to A, B to B, etc). There are two types of NAT: static and dynamic (also called hide). You can mix and match these two.

In consumer routers, both NAT and PAT are taking place, even without enabling port forwarding. PAT is occurring on the source ports of the clients behind the router, so the router knows who is accessing what data.

Yeah I meant something across those lines. I was just not giving NAT its claim. Thanks for clearing that up!

 

[belvdr]

So it should work wirelessly after doing that?
It sucks for him really as if I do a scan around the halls a load of people have their routers working and I doubt it was this difficult for them.

Thanks for the help though pal.

Yes, but let me be very clear. Make very very sure you have disabled DHCP on the router first and test that before you recable.

If you leave DHCP on, you can bring down network access for other users, and I'm sure you'll get noticed very quickly.

 

[Ezio]

Yes, but let me be very clear. Make very very sure you have disabled DHCP on the router first and test that before you recable.

If you leave DHCP on, you can bring down network access for other users, and I'm sure you'll get noticed very quickly.

Sorted it.

Thanks a lot mate, cheers for everything.