Announcement

Collapse
No announcement yet.

Multiple ips from ISP

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Multiple ips from ISP

    Excuse my ignorance. I am a routing novice. I know enough to be dangerous.

    Anyway, my ISP gave me a block of ips, currently I have a Netgear Firewall router connected. I have the WAN Mode set to NAT, not classical routing. My question is, how do I use the other ips to separate traffic within the network?

    Thanks.

  • #2
    Re: Multiple ips from ISP

    I'll tell you one way to do it (what I believe is the most common). That is to have an external switch immediately after your modem. In other words, your internet connection hits your modem and then from there you put a switch. Your firewall for your LAN will plug into one of those switch ports and any other device that you want to have an external IP address will populate one of the other switch ports. I believe there are ways to bind multiple IPs to a single interface and divert that traffic to specific hosts or subnets, but that is beyond my acumen at the moment.

    BTW, what type of modem are you using? What is the exact model of the router you are using?
    Wesley David
    LinkedIn | Careers 2.0
    -------------------------------
    Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
    Vendor Neutral Certifications: CWNA
    Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
    Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

    Comment


    • #3
      Re: Multiple ips from ISP

      Originally posted by louisvillecat View Post
      Excuse my ignorance. I am a routing novice. I know enough to be dangerous.

      Anyway, my ISP gave me a block of ips, currently I have a Netgear Firewall router connected. I have the WAN Mode set to NAT, not classical routing. My question is, how do I use the other ips to separate traffic within the network?

      Thanks.
      In your scenario you wont be able to. Seperating web traffic is determined by the routers ability to "route" traffic via diffrent WAN interfaces as well as the corresponding routers/DCE upstream (assuming it has the ability to do that). In your case you only have one DCE which is configured to NAT/PAT. If you want to seperate traffic within your network you will need to use VLAN's on a layer2/3 switch. Using public IP address's wont help your cause as you will be exposing those devices to the public internet with zero protection from your firewall because their routable.

      Comment


      • #4
        Re: Multiple ips from ISP

        Originally posted by scurlaruntings View Post
        In your scenario you wont be able to. Seperating web traffic is determined by the routers ability to "route" traffic via diffrent WAN interfaces as well as the corresponding routers/DCE upstream (assuming it has the ability to do that). In your case you only have one DCE which is configured to NAT/PAT. If you want to seperate traffic within your network you will need to use VLAN's on a layer2/3 switch. Using public IP address's wont help your cause as you will be exposing those devices to the public internet with zero protection from your firewall because their routable.
        So, if I get a Switch capable of VLAN, I can separate traffic?

        OK, I will break down what I have:

        • It is a Fiber 10x10 form the ISP
        • They have a Cisco ME 3400 Access Switch
        • It comes off into my Netgear Prosafe VPN Firewall SRXN3205

        The Cisco Access Switch has 2 outputs on it.

        Comment


        • #5
          Re: Multiple ips from ISP

          What do you mean by "separate traffic"? What are you trying to accomplish?

          Comment


          • #6
            Re: Multiple ips from ISP

            Originally posted by joeqwerty View Post
            What do you mean by "separate traffic"? What are you trying to accomplish?
            1.1.1.1
            1.1.1.2
            etc.

            Maybe multiple IIS servers, multplie email servers, in the same building with different ip addresses.

            Comment


            • #7
              Re: Multiple ips from ISP

              So you're not trying to separate the traffic, you want to set up internal resources (web server, email server, etc.) that are accessible from the outside world. Am I right?

              If so, then you'll need to create NAT statements on your router/firewall that NAT your public ip addresses to the appropriate internal ip addresses and set up router/firewall rules that allow web and email traffic (port 80, port 25, etc.)to those internal servers.

              Comment


              • #8
                Re: Multiple ips from ISP

                But I want to use multiple Public IPs. That is the question.

                Comment


                • #9
                  Re: Multiple ips from ISP

                  Exactly. Providing that your ISP has given you multiple ip addresses you'll need to create a separate NAT entry for each public ip address that you want to NAT to an internal ip address:

                  200.1.1.1 >> 10.1.1.1
                  200.1.1.2 >> 10.1.1.2

                  ETC., ETC.

                  Comment


                  • #10
                    Re: Multiple ips from ISP

                    Thank you. I will give it a go.

                    Comment


                    • #11
                      Re: Multiple ips from ISP

                      Originally posted by louisvillecat View Post
                      But I want to use multiple Public IPs. That is the question.
                      And thats fine. Just create a NAT rule that maps the public IP address to the private IP address. And just for the record that isnt seperating any of your web traffic. All your doing is telling it "where" to go.

                      Comment


                      • #12
                        Re: Multiple ips from ISP

                        Let us know how you make out with it.

                        Comment


                        • #13
                          Re: Multiple ips from ISP

                          Assuming it is a Netgear Prosafe router, adapt the article here:
                          kb.netgear.com/app/answers/detail/a_id/2296
                          or here:
                          ftp://downloads.netgear.com/files/Multi-NAT1_JR.pdf

                          Works fine with both their cable and adsl routers
                          Google for Netgear MultiNAT if you need more
                          Tom Jones
                          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                          PhD, MSc, FIAP, MIITT
                          IT Trainer / Consultant
                          Ossian Ltd
                          Scotland

                          ** Remember to give credit where credit is due and leave reputation points where appropriate **

                          Comment


                          • #14
                            Re: Multiple ips from ISP

                            Another way of doing it, assuming you have ADSL, is simply to configure the Netgear into bridge mode only, effectively just making it an ADSL modem. Then each computer or device plugged into it can have it's own externally routable IP address straight out to the internet.

                            We do this on our internal network. We have one IP assigned to an ISA server with our corporate domain behind it, another assigned to an external web server and a third assigned to a Cisco Pix, behind which is our guest and remote support network.
                            BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
                            sigpic
                            Cruachan's Blog

                            Comment


                            • #15
                              Re: Multiple ips from ISP

                              Originally posted by Ossian View Post
                              Assuming it is a Netgear Prosafe router, adapt the article here:
                              kb.netgear.com/app/answers/detail/a_id/2296
                              or here:
                              ftp://downloads.netgear.com/files/Multi-NAT1_JR.pdf

                              Works fine with both their cable and adsl routers
                              Google for Netgear MultiNAT if you need more
                              This worked beautiful. I now have it setup properly. Thanks for the info. I appreciate it.

                              Comment

                              Working...
                              X