Recent Comments

Print This Post Print This Post

One to One NAT and Telus

I mentioned in my previous blog entry the fun I was having getting my new Firewall/Router (LinkSys RV016) working properly. My original plan was to set up my web server behind the RV016 and use one to one network address translation (NAT) and firewall rules to manage access.

Unfortunately, I couldn’t get this to work. And it started to dawn on me that really, it *couldn’t* work with the way Telus assigns IP addresses to devices. Telus’s home and Business ADSL services use a tool whereby you identify the MAC (physical layer) address of your device, and Telus uses that to provide an IP address to that device via DHCP. Since the RV016 has a single MAC address, Telus can’t assign it two IP addresses and allow the RV016 to route appropriately: in essence, Telus is assuming you are either directly connected to their network, or behind a simple one to many NAT device.

I got this confirmed by Telus technical support today. Now, I’m not saying I trust the technical response since they really didn’t confirm that my understanding of why it wasn’t working was correct. They just indicated that I *was* correct in assuming that there was no way with their standard service to allow one MAC address to service multiple IP addresses. According to them, I’d need to upgrade to managed ADSL to get this capability.

I have a call in with Telus now, but my recollection of Telus’ managed ADSL service suggests that I’d likely be looking at about $500 a month to get it. That won’t fly for me- that’s insanely expensive. I won’t find out until the new year when Telus will hopefully call me back.

Technorati Tags: , ,

12 comments to One to One NAT and Telus

  • Dan Nelson

    Hi,
    Just curious, did you ever get a response from the T-word? I am attempting the exact same thing and have found that their OCA Website won’t allow me to map the same MAC to both my IPs. Any work around? Thanks.
    –Dan

  • Greetings, Dan!

    Yeah I got a call back from Telus. It’s a few months ago now, but as I recall the gist was that I was right. If I wanted support for one to one NATing, I’d need to go with managed ADSL and it was about $500 a month.

    I started to check out another service provider, Smarttnet. They have a true “static IP” managed ADSL service for under $100 a month that looked like it would do the trick. But functionally I was able to get what I wanted more or less working, and I didn’t want to go through the hassle of changing providers.

    Smarttnet (yes, there are two “t”s in the name) is in business in BC and Alberta- they might be worth checking out if you are looking for the service.

  • John Roy

    Originally found this post cause I was pissed off at Telus for the very same issue. Thank you Kelly Adams for your find. I signed up with SmarttNet with a $80 dollar package…Telus quoted me more than $450. I’ve saved TONS!

    Why isn’t CRTC doing anything? It’s not right for Telcos to advertise one rate (as low as $15) but then charge you when you need additional stuff. Actually, paying $15 or even $50 more is okay. But close to $500? They do it because they know you are desperate.

  • Thanks for commenting here, John!

    It is good to hear a comment from someone using SmarttNet. I’m still with Telus- actually, I now have both Shaw Cable and Telus, and am using a load balancing router.

    Regarding the fees Telus charges- big companies sometimes do that more out of being process-bound than out of any real malicious intent. They might have everything automated for setting up a “standard” ADSL service, and then have to kick you over to another department with more manual services and of course much higher costs for anything out of the ordinary. I’m not sure if this is the case at Telus, but it *seems* that way.

    In any case, I’m glad to hear you have had good luck with SmarttNet. I’ll keep them on my list for any future changes to my network.

  • Kenn Cook

    Did you try to clone the MAC of your server on the RV016? You can choose to clone a MAC for each Internet connection. This would allow you to have more than the single MAC.

  • Hello, Kenn, and welcome to my blog…

    It has been a long time since I last looked at this, but I think we are talking about two different things. MAC cloning allows you to over-ride the embedded MAC address on a device, and replace it with the MAC address from another device.

    One to One NAT is quite a different animal entirely. Normally, Network Address Translation is “one to many”: it puts a single IP address on the WAN side of your router. Any in-bound traffic (E.G.: from the Internet) sees just that single IP address, regardless how many devices you have on the other side of the router. If you want (for example), HTTP traffic to go to a particular server behind your router, you use “port mapping”: all the port 80 related inbound traffic can be directed to a single IP address on your LAN.

    But what would you do if you wanted to have multiple servers inside your LAN that could handle port 80 traffic? That’s where one to one NAT comes in. Your router responds to several different IP addresses on the WAN side. Traffic to a given specific WAN IP address can then be directed to a specific LAN IP address…. one (WAN) IP to one (LAN) IP.

    Now watch: you probably know everything I just explained, and were saying something completely different than what I thought you were…that’s the way communication goes some times πŸ™‚

  • He may have, but I didn’t. And now I know. πŸ˜‰

  • Grant Cooper

    I’ve been having the same problem. I believe you can acomplish the same thing if you use a cisco router that allows virtulization of the mac address. Funny thing is. I’m a pretty smart guy ( I have my CCNA ) and I feel like Telus owes me for all the technical experience I’ve given there help desk. You would think they could help you out. But they are so un helpful if the question isn’t in their “Telus Guide for Dummies”.

  • Welcome to my blog, Grant! MAC address virtualization is something I might have to check out one day. I’m pretty sure it wasn’t available in the range of routers I buy for home office use, at least as of a couple of years ago.

    Regarding your comments about Telus, I’ve often felt the same way when dealing with various technical support services. Actually, what gets me is when I know exactly what I want/need them to do, and yet they still proceed through their “script” of useless questions and ignorant “fixes”.

    I can’t really blame the tech support people, though: they are almost exclusively rated on how many calls per hour they close, not on technical depth/expertise. They are generally actively discouraged from getting into more complicated issues. Their TTC (time to close) measures are usually set at under 2 minutes, with 60 calls per hour being a fairly standard target.

    Unfortunately, when I call with a problem it is usually something that goes beyond what a normal help desk person can deal with. I know their script well enough that generally I can get them to check off their list without wasting too much time by eliminating all the “complexities” of my more-advanced-than-usual home network. I.e.: disconnect my load balancing dual WAN firewall and connect a PC directly to their modem.

    And every once in a while the person on the other end of the line surprises me by solving a problem for me.

  • Bennet Tan

    Sorry for bringing this thread up again, I’m running into this exact situation in my office now. My question is how does it work with Smarttnet if it only assigns “one true static ip”? Isn’t the whole point of it is to have multiple public ip addresses routed by the RV016 through one-to-one NAT? So how does it perform the NAT operation if there’s only one public static ip to work with?

  • Greetings, Bennet. This is so long ago that I don’t even have an RV016 any longer. But here is my stab at your question. If your ISP only issues you a single IP address, then you can only use traditional NATing i.e.: one external (WAN; the IP provided by your ISP) to multiple internal (LAN: the IP addresses on your home network. In this configuration, an inbound request from the Internet on a particular port such as HTTP can be directed to a single address on your LAN via port mapping.

    However, what do you do if you have multiple machines on your LAN that you want to respond to that port (e.g.: multiple HTTP servers on port 80)? That’s where one to one NAT would come in. Your ISP would have to provide you with multiple IP addresses assigned to your single MAC; the router would detect each IP address and direct it to a different LAN IP, so you could have multiple HTTP servers (for example), each responding to a different inbound IP address.

    As I recall, the RV016 can perform either function: traditional, or one to one. Obviously, if your ISP only gives you the single IP address, you only have one choice.

  • Bennet Tan

    I’m with Telus now and as mentioned in your previous posts, they tie one public IP address to one device MAC address. Currently we have 2 routers so we have 2 external IPs. But I would like to purchase a CISCO router that can handle multiple public addresses through one-to-one NAT, thus replacing the two routers. Problem is I don’t believe I can map multiple public IP addresses to one MAC address on their device registration page (correct me if I’m wrong).

Leave a Reply to John Roy Cancel reply

%d bloggers like this: