Need a Router...

[rawinn]

I am looking for Brand X that sells a simple router. I
only need a WAN port and a LAN port but I would take a 4
port. I do not want or need NAT or DHCP or any firewall
rules.

Does anybody know of a reasonably priced product that can
do this? All I want is the following:

WAN IP: 10.200.59.1
LAN IP: 10.200.8.1

Client1: 10.200.8.5
Client2: 100.200.8.6

If 10.200.8.6 makes and HTTP request that passes through
the router I don't want the 10.200.8.6 to be NAT'd. I need
it intact as it will go through a firewall with rules set
up per client IP address.

----------------------------------------------->FOR EXAMPLE
Client2(Makes HTTP)10.200.8.6--->--- (10.200.8.1) ROUTER (10.200.59.1) --->--- (Still Intact)--->10.200.8.6--->FIREWALL
----------------------------------------------->FOR EXAMPLE

If such a product exists, please let me know.

Best Regards,

Rex Winn

 

[camieabz]

US?

UK?

Other?

<b><font color=blue>~ <A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=324&s=58e94ba84a16bedfebbf0f416d5bac48" target="_new">System Specs</A> ~<font color=blue></b>

 

[rawinn]

United States.

 

[Unolocogringo]

Looking at your diagram I beliee a SWITCH is what you want.

It will take a couple times using it for it to "remember which clients are on which ports. But after that you are set.

A SWITCH only sends the data to the port that the IP address is on. A hub is a repeater that broadcasts the packets on all ports.

I aint signing nothing!!!

 

[jihiggs]

a switch doesnt do anything based on ip address, its the mac address.

wpdclan.com cs game server - 69.12.5.119:27015

 

[camieabz]

You say you don't want one of the clients NAT'ed? The other is to be NAT'ed in that case?

Sounds interesting.

Could you explain a little more about the clients' purposes/requirements?

<b><font color=blue>~ <A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=324&s=58e94ba84a16bedfebbf0f416d5bac48" target="_new">System Specs</A> ~<font color=blue></b>

 

[Unolocogringo]

My bad. I learn a little more every day here.

I aint signing nothing!!!

 

[rawinn]

No ALL CLIENTS should not be NAT'd. I just use one as an example. It is hard to explain but think of my network being contained by larger networks. The entire system is all IP based on a client basis. No NAT takes place on any firewalls except the public one going out to the net at the far end. I.E. :

Client1 -> Fire1(!NAT) -> Fire2(!NAT) -> Fire3(!Nat) -> Fire4 (NAT'd) -> WORLD WIDE WEB

Fire1, Fire2, Fire3 all have client based rules so the IP address of the client must pass through all 3 firewalls without being NAT'd. Problem is, my firewall wants to NAT them if I have different Public/Private IP's. If I have sampe IP's Public/Private then I can disable NAT. Therefor I need a router on the outside of my firewall to translate for 10.200.8.X to 10.200.59.X.

Does this help?

 

[camieabz]

Any old router should do. Look for reviews. I imagine it's as simple as forwarding incoming packets for 10.200.8.x out of the 10.200.59.x port. If you plan the use of a multi port one make sure it has a switch inside rather than a hub.

Persoanlly I'd get something which can adapt to as many ideas that you maight throw at it in it's lifetime.

<b><font color=blue>~ <A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=324&s=58e94ba84a16bedfebbf0f416d5bac48" target="_new">System Specs</A> ~<font color=blue></b>

 

[rawinn]

Forward the packets from 10.200.8.X to 10.200.59.X? Can you explain this a little bit? How would I go about doing this and not have the packets NAT'd?

 

[camieabz]

You can set it a firewall rule on said router (assuming the router has one).

For example, on a cisco router, you would attach the following rules to the 10.200.59.x port:

access-list 206 permit tcp all 10.200.8.x 0.0.0.255
access-list 207 permit udp all 10.200.8.x 0.0.0.255

This will allow both TCP and UDP packets trying to access anything with the IP 10.200.8.x, regardless of origin or logical port number. These rules are actually a bit dangerous, cos you're allowing anything to the 10.200.8.x network, but packet to any other networks would be dropped.

You could preceed these rules with:

access-list 201 deny tcp any any eq 23

which would block all telnet access

access-list 202 deny tcp any any eq 139

which would block all NETBIOS packets.


The trick is to put the filtering on the outgoing physical ports, as opposed to the incoming. You may want to put "block all x" on the incoming physical port, as all your outgoing physical ports would be protected there, but the actual sorting and filtering works best by placing the rules on the applicable physical port.

Just to specify...physical port = ethernet, logical port = FTP, Telnet, HTTP etc.

<b><font color=blue>~ <A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=324&s=58e94ba84a16bedfebbf0f416d5bac48" target="_new">System Specs</A> ~<font color=blue></b>