ADSL Modem/Router Question

[keith]

Archived from groups: comp.security.firewalls (More info?)

Hope someone can advise me here.

I have a client who has specific needs that the cheap ADSL Modem (Zoom X5)
he has purchased won't service. I am familiar with Cisco kit but he doesn't
want to spend Cisco money.

Can someone tell me if there is any lower-end kit which will do the
following:

His ADSL has a block of 4 Static public IP addresses (only 2 are useable -
..233 and .234).

..233 is assigned to the modem/router, the other is for a web server.

The modem/router needs to give him the ability to have a working internal
(private) lan which can use the internet, but also allow his web server to
accept traffic to the .234 address (on specific ports - 80, 443, 3892, 5631,
5632).

I guess what I am asking (if the above doesn't make sense) is are there any
modems/routers that will accept two static public IP addresses, allow a
device on that private LAN to have a static public IP and allow forwarding
of ports to that devide. As well as this, the internal LAN needs to be
natable so it can utilise this ADSL circuit.

An additional requirement (though not essential) would be the ability to VPN
into the private LAN from the www.

Sorry if this doesn't make sense (it does in my head while I am writing it).

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Keith wrote:

> Hope someone can advise me here.
>
> I have a client who has specific needs that the cheap ADSL Modem (Zoom X5)
> he has purchased won't service. I am familiar with Cisco kit but he doesn't
> want to spend Cisco money.
>
> Can someone tell me if there is any lower-end kit which will do the
> following:
>
> His ADSL has a block of 4 Static public IP addresses (only 2 are useable -
> .233 and .234).
>
> .233 is assigned to the modem/router, the other is for a web server.
>
> The modem/router needs to give him the ability to have a working internal
> (private) lan which can use the internet, but also allow his web server to
> accept traffic to the .234 address (on specific ports - 80, 443, 3892, 5631,
> 5632).
>
> I guess what I am asking (if the above doesn't make sense) is are there any
> modems/routers that will accept two static public IP addresses, allow a
> device on that private LAN to have a static public IP and allow forwarding
> of ports to that devide. As well as this, the internal LAN needs to be
> natable so it can utilise this ADSL circuit.
>
> An additional requirement (though not essential) would be the ability to VPN
> into the private LAN from the www.
>
> Sorry if this doesn't make sense (it does in my head while I am writing it).
>
>

I have a Zoom x3 (similar model, but I think the x5 has a built-in
switch and usb support?). I had the same problem when it came to me
choosing a new ISP, I went from the all too familiar single-IP and NAT
setup, to a new block of 8 IP's.

While researching for the most cost effective solution, I found that all
of the consumer model ADSL Modem/Routers are unable to effectively
integrate a NAT setup with multiple IPs. The only models that were able
to do this were rediculously expensive for home-use.

The way I ended up setting this up was to purchase an old ShortForFactor
Pentium2, insert 3 network cards, install Debian and setup a transparent
bridge using Netfilter/IPTables. I had never touched Linux in the past
and so was "jumping in the deep end" so to speak. Nevertheless after a
week I have now successfully bridged my networks togethor in a workable
solution. Typically named Red, Green and Orange as per firewall setups.
Red is the modem, Green is my internal LAN on a LAN subnet and Orange is
my Win2k web server with a static public IP. The Debian box also
allows me to block ports, monitor traffic through SNMP and MRTG graphs,
runs as a mail server, and is along with the win2k box I now have 2 DNS
servers to fully control the domain for the network.

Altogethor I am very proud of what I accomplished with little or no
knowledge of linux and just google as my handbook. At the cost of a
refurbished Pentium 2 + a couple of network cards, totalling £35 (hurray
for ebay

Hope you find a similarly working solution for your clients setup.

Steve.

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Stalks wrote:
> Keith wrote:
>
>> Hope someone can advise me here.
>>
>> I have a client who has specific needs that the cheap ADSL Modem (Zoom
>> X5)
>> he has purchased won't service. I am familiar with Cisco kit but he
>> doesn't
>> want to spend Cisco money.
>>
>> Can someone tell me if there is any lower-end kit which will do the
>> following:
>>
>> His ADSL has a block of 4 Static public IP addresses (only 2 are
>> useable -
>> .233 and .234).
>>
>> .233 is assigned to the modem/router, the other is for a web server.
>>
>> The modem/router needs to give him the ability to have a working internal
>> (private) lan which can use the internet, but also allow his web
>> server to
>> accept traffic to the .234 address (on specific ports - 80, 443, 3892,
>> 5631,
>> 5632).
>>
>> I guess what I am asking (if the above doesn't make sense) is are
>> there any
>> modems/routers that will accept two static public IP addresses, allow a
>> device on that private LAN to have a static public IP and allow
>> forwarding
>> of ports to that devide. As well as this, the internal LAN needs to be
>> natable so it can utilise this ADSL circuit.
>>
>> An additional requirement (though not essential) would be the ability
>> to VPN
>> into the private LAN from the www.
>>
>> Sorry if this doesn't make sense (it does in my head while I am
>> writing it).
>>
>>
>
> I have a Zoom x3 (similar model, but I think the x5 has a built-in
> switch and usb support?). I had the same problem when it came to me
> choosing a new ISP, I went from the all too familiar single-IP and NAT
> setup, to a new block of 8 IP's.
>
> While researching for the most cost effective solution, I found that all
> of the consumer model ADSL Modem/Routers are unable to effectively
> integrate a NAT setup with multiple IPs. The only models that were able
> to do this were rediculously expensive for home-use.
>
> The way I ended up setting this up was to purchase an old ShortForFactor
> Pentium2, insert 3 network cards, install Debian and setup a transparent
> bridge using Netfilter/IPTables. I had never touched Linux in the past
> and so was "jumping in the deep end" so to speak. Nevertheless after a
> week I have now successfully bridged my networks togethor in a workable
> solution. Typically named Red, Green and Orange as per firewall setups.
> Red is the modem, Green is my internal LAN on a LAN subnet and Orange is
> my Win2k web server with a static public IP. The Debian box also allows
> me to block ports, monitor traffic through SNMP and MRTG graphs, runs as
> a mail server, and is along with the win2k box I now have 2 DNS servers
> to fully control the domain for the network.
>
> Altogethor I am very proud of what I accomplished with little or no
> knowledge of linux and just google as my handbook. At the cost of a
> refurbished Pentium 2 + a couple of network cards, totalling £35 (hurray
> for ebay
>
> Hope you find a similarly working solution for your clients setup.
>
> Steve.

Sorry, I meant "SmallFormFactor" heh.

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

In article <VWlqc.5631$NK4.558265@stones.force9.net>, "Keith" <@.>
says...
> Hope someone can advise me here.
>
> I have a client who has specific needs that the cheap ADSL Modem (Zoom X5)
> he has purchased won't service. I am familiar with Cisco kit but he doesn't
> want to spend Cisco money.
>
> Can someone tell me if there is any lower-end kit which will do the
> following:
>
> His ADSL has a block of 4 Static public IP addresses (only 2 are useable -
> .233 and .234).
>
> .233 is assigned to the modem/router, the other is for a web server.
>
> The modem/router needs to give him the ability to have a working internal
> (private) lan which can use the internet, but also allow his web server to
> accept traffic to the .234 address (on specific ports - 80, 443, 3892, 5631,
> 5632).
>
> I guess what I am asking (if the above doesn't make sense) is are there any
> modems/routers that will accept two static public IP addresses, allow a
> device on that private LAN to have a static public IP and allow forwarding
> of ports to that devide. As well as this, the internal LAN needs to be
> natable so it can utilise this ADSL circuit.
>
> An additional requirement (though not essential) would be the ability to VPN
> into the private LAN from the www.
>
> Sorry if this doesn't make sense (it does in my head while I am writing it).

If you can't find a "cheap" router, get two and put them in the same
local network. You can assign a fixed IP to each router, put them in the
same subnet and then port forward from both routers to the internal
fixed IP address of the server.

If he run's DSN on the server and assigns his local computer with that
address, he can create entries for the web server and hit it from inside
the network. As for VPN, just set that up on the web server, or use the
IPSec config in most of the VPN routers (Linksys makes a VPN router
that's about $100) you could use one VPN router and one non-VPN router
to save some money if needed.

A better solution would be to purchase a firewall that allows for
multiple external IP and goes VPN also, but a good little firewall is
going to cost about $800.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[keith]

Archived from groups: comp.security.firewalls (More info?)

I have been racking my brains trying to figure out if the Cisco 837 Router
will do what I am after - I have set these up befor but never for this type
of scenario so I do not know if they can handle two public IPs for this type
of setup. Does anyone else know?



"Keith" <@.> wrote in message
news:VWlqc.5631$NK4.558265@stones.force9.net...
> Hope someone can advise me here.
>
> I have a client who has specific needs that the cheap ADSL Modem (Zoom X5)
> he has purchased won't service. I am familiar with Cisco kit but he
doesn't
> want to spend Cisco money.
>
> Can someone tell me if there is any lower-end kit which will do the
> following:
>
> His ADSL has a block of 4 Static public IP addresses (only 2 are useable -
> .233 and .234).
>
> .233 is assigned to the modem/router, the other is for a web server.
>
> The modem/router needs to give him the ability to have a working internal
> (private) lan which can use the internet, but also allow his web server to
> accept traffic to the .234 address (on specific ports - 80, 443, 3892,
5631,
> 5632).
>
> I guess what I am asking (if the above doesn't make sense) is are there
any
> modems/routers that will accept two static public IP addresses, allow a
> device on that private LAN to have a static public IP and allow forwarding
> of ports to that devide. As well as this, the internal LAN needs to be
> natable so it can utilise this ADSL circuit.
>
> An additional requirement (though not essential) would be the ability to
VPN
> into the private LAN from the www.
>
> Sorry if this doesn't make sense (it does in my head while I am writing
it).
>
>

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Some may be missing the point... he wants the internal lan to NAT outbound
on the IP address assigned to the modem/router.. and the web server to be on
the second IP..

Why does he want to do that?
what would be usual is to have the first IP on the router and then a small
firewall unit behind that. this has the second IP and nats for the LAN
behind it and port-forwards the HTTP and other ports that should be going to
the server.
Does the customer think he's going to loose performance or security doing it
this way? you may need to reassure/educate..

Make sense so far?

Now if you want to also use the address that is assigned to the router for
the web server, the router will need better/more capabilities. Hence why
most people are sugesting a single unit with port forwarding.

Sorting the men from the boys..
Try looking at the draytek Vigor router/firewall/vlan/vpn/adsl/voip/wlan
range..
the V2600p has
adsl modem built in
4-port switch
VLAN segmentation on the 4-port switch
extensive VPN capabilities, including PPTP, L2TP dial-in, lan-to-lan, IPSec,
3des...
support for multi-nat
DMZ host
....
....
This may come close to what you are looking for and retails at £149 here in
the UK...

Alternatively you can run the modem in 'ip-less' mode and have 2
firewall/routers behind that..
eg the Vigor V2104p which retails for £79 here in the UK.. one runs the LAN
and the other runs the web server..

There may be some quirk with the ISP that requires that the ADSL modem has
an IP address, but here in the UK it's more common for the ISP to only give
you ONE IP address, and hence we tend to run the modems 'ip-less' with the
address assigned to the host/firewall behind it.