Nating with Public address

I have a situation with a friend whose company is using a public address, such as 205.1.1.5. They have about 80 PC's and have access to the internet.

Ipconfig gives them:

IP address: 205.1.1.5
Subnet Mask: 255.255.255.0
Default Gateway:

As you can see, there is no default gateway. I also can't ping it from the outside. They do have direct access to the internet (not sure how, assume DSL). It is a small company. The IT person is not available (they are having a problem with him and are trying to figure out what they have before he is gone).

I had thought they were Nating, but was curious about the Public instead of Private address and without a default gateway, how is it getting out to the internet?

Any ideas what to look for or how this is being done? Can you Nat with a Public address?

Thanks

Tom.

TFS,

I assume the ipconfig you pasted was from one of the workstations in the internal lan.

If this is the case then the most possible way they have internet access (meaning web access - http) would be through a web proxy which is in the same lan as the workstations, hence the workstations wouldnt require any gateway to be set (this assumes only HTTP is used).

Check the proxy configuration on the same workstation and you should find an entry there.

Other applications, such as email , would most certainly use a local mail server to send and receive email, which wouldnt require a gateway.

If on the other hand you tried to ping from the workstation to an address on the Intenret, I would give it a 99% chance it would fail, cause for the icmp packet to find its way to the Internet, it must go through a gateway.

This is most probably the answer to your question, but in the case it isn't (cause I have seen some very wired stuff happening in networks), a packet sniffer would allow you to find the answer. Run the packet sniffer on the workstation you have access to and sniff the packets generated from the various Internet applications, from there you can see where the packets are sent internally and track down how the whole Internet access system works.

A packet sniffer is any network admin's best friend!

Though I probably won't be able to write back until next week, which is when I get back from my holidays, I'm sure everyone would like to know how it went.

p.s You need to have a public IP in order to perform NAT. The public IP must be configured on your gateway or device that is performing NAT for the internal clients.

See the NAT section if in doubt.

Good luck.

Cheers,

Yes, the ipconfig was from one of the workstations. I don't have access at the moment, so I can't hook up my Analyser (Observer). Hopefully, I will be able to down the line.

Where do you set up the proxies? Do you set them up in each of the Apps the workstation uses? For example, IE or Eudora (email)? I assume this would be necessary as there is no gateway. But in IE, I can't seem to find a place to set up a proxy (IE 5.5). I looked in Tools/Internet Options and can't find it there.

Just curious here on the difference between Nat and proxy, as I have never used a proxy before. I figured it was about the same as Nating, where Nating works at Layer 3 and Proxies are supposed to work at Layer 7. Someone had mentioned that another difference was that the Nating just changed the IP address of a packet and Proxies took the Proxy and handled it for you, meaning that you handed off to the Proxy and the Proxy sent the packet for you with its address and the packet was returned to the Proxy and the Proxy returned the packet to you. This meant that there would be no direct access from the outside to anything but the Proxy.

To me, this is just sematics as you can say the same thing about a Nating router. You hand the packet (with your private address) to the router, the router now handles it for you (similar to the Proxy). The router changes the IP address to its address and hands the packet to the destination and the destination sends the packet back to the router ( thinking this is the real destination - just like when the destination sends the packed to the proxy). The router now puts back the real destination address (private) and forwards the packet to the correct workstation. I assume the Proxy does a similar thing, where it must keep some type of table to know where to send the returning packet - just like the Nating router does.

I am probably incorrect in my handling of the Proxy packets. It seems to me, however, that the main difference between them - other than the Layer at which they work - is that Nating handles all packets and Proxies handles only specified packets (HTML, FTP, etc).

I haven't been able to try pinging from the workstation to the internet yet, but I will try tomorrow.

I did try to ping from the outside - from my machine - and wasn't able to get a response. I suppose their router could tell it not to respond to pings.

I am confused as follows: Why would all of the workstations have different public addresses (about 80 workstations). Would an ISP give out that many addresses? This is a small organization with a limited budget and I assume that 80 addresses would be rather expensive.

I will be looking into the issue further this week.

Thanks,

Tom.

First off, yes it is strange that they all have a public ip address !! and when you couple that with no gateway.. its ever stranger, however I think Chris nailed the answer (I was stumped when I first read your post)

The difference in terms of proxy vs NAT is as you said.. which layers they act at.. the proxy as such is protocol aware.. thus an HTTP proxy understands HTTP requests, and can do things like make the user authenticate before allowing requests, strip activex from the webpage etc.

The NAT device (keep in mind the 3 modes.. an overload NAT is the closest you come to a proxy) if its just doing purely NAT work, it will stamp all over any packet you give it and chuck it to the destination.. its a bit like our indian postal service vs a courier service..
the postman will stamp any letter you give him and chuck it in the out bin (after forcing you to stick about 100 stamps on it) whereas the courier will make you sign for things, provide you details of your package, treat different packages differently etc

(wow i must say im pretty impressed with my little analogy hehe, chris if you ever write an article on sometihng similar you have full permission to use the 'sahir postal network analogy' as it will henceforth be called.)

Tom - yes the proxy settings are application specific.. just open up the web browser and if its IE its under Tools >> internet options >> connections

Another thing you might try is traceroute to an internet address and see where those packets are wandering.


Cheers,
Sahir