Sign in with
Sign up | Sign in
Your question

Router for Port Forwarding Multiple Public IP Addresses

Last response: in Networking
Share
November 19, 2013 2:30:34 PM

We have a small family business. I'm currently making some hardware changes and need advice on networking equipment and best practices. We have Comcast Business Class internet with 5 Static IPs (Plus the Static IP assigned to the gateway). The modem/router they gave us is a SMCD3G and the configuration options are minimal. The hardware that sits behind the modem is as follows: 2-Gigabit Switches (8 Port), 2-Dell Poweredge 1900 Servers, FreeNAS box, and a couple of desktop computers. As far as other networking equipment I have available but not in use: Linksys E4200(Stock Firmware) & Linksys WRT160N (DD-WRT).

One of our Dell servers runs Windows Server 2008 handling all our critical services. I have started to separate different services we use onto the other Dell server using XenServer (Ubuntu Server 12.04 VMs) so that all our services (Web, FTP, Database, etc.) aren't sitting on one machine/OS. My question is what is the best way to use our 5 Static IPs with all of these new VMs? I would prefer not to waste an IP on each VM. I can use port forwarding on the SMCD3G, but that is only available for the IP assigned to the gateway. I have tried assigning a Static IP (1-to-1 NAT) to a router sitting behind the Comcast Modem and then port forward to each VM from that, but that seems wrong and only gives me port forwarding for one additional Static IP. Is there a router out there that can port forward for multiple Public IPs? I don't want to spend more than $200 to accomplish this. I am guessing that bypassing the Comcast modem's router features in favor of better hardware is ideal. I am willing to consider building a router using pfsense, smoothwall, DD-WRT, or something similar if that is the best option. Features that I need out of the setup: Firewall, VPN Capability, Wireless, and guest access separate from business network. Thanks for any advice!
November 20, 2013 6:30:40 AM

I don't think what you want is possible or at least I've never seen it done before. That's the whole reason to request additional IP's from your ISP is so that you can route properly to servers/services.
November 20, 2013 9:51:04 AM

Be nice if you could put a real router in place of the comcast. And your trick to using a second router does work but having a second router for each ip gets expensive.

Even the oldest commercial cisco router can do this (juniper will work too). A friend of mine has a similar setup in his house (not sure why he "Needs" multiple ip). We could not find a way to outright replace the main comcast router. It seams to somehow cheat and use proxy arp or something to map all these ip to the single interface. It does not work like a commercial connection where you have some form of point to point and then they route you the whole subnet. It somehow has the complete subnet on the wan interface.

So what we did was put a cisco 2621 (about $100 on ebay) behind the comcast. We then mad a dummy 10.x.x.x network for the connection between the comcast router and the cisco and put in static routes in the comcast for each of the other addresses pointing to the 10.x.x.x address corresponding to the outside (ie wan) inteface of 2621. Then it is just a matter of static nat entries in the cisco. The main reason nat on a cisco IOS router is hard is it has lots and lots of options.

The largest issue I would suspect will be how much thoughput you need. Things like used 2621 are cheap because they are old and only can pass maybe 30m of NAT traffic. You would have to go to still old 2800 series routers to get faster and then to the current 2900 series routers if you really need the speed. Something like a 2911 though will cost you almost $1100 for a basic one.
Related resources
November 20, 2013 12:43:46 PM

fwiw, in my area (nashville, TN) and i'm presuming everywhere, Comcast forces you to use that SMC (i have the same one as well) if you have static IP(s). If you could get a router that could do interface aliasing (i.e., more than 1 IP on a particular interface) that might work, though I don't know how the SMC will react to that.... aliasing is a built-in feature of most *nix OSes, but most SOHO routers don't even begin to expose such things.

You're prolly best off using multiple routers. Enterprise-class routers would most likely give you an equivalent of multiple external interfaces and multiple internal ones, but I would think that would be pricey (4 digits and up)
November 22, 2013 11:38:19 AM

bill001g said:
Be nice if you could put a real router in place of the comcast. And your trick to using a second router does work but having a second router for each ip gets expensive.

Even the oldest commercial cisco router can do this (juniper will work too). A friend of mine has a similar setup in his house (not sure why he "Needs" multiple ip). We could not find a way to outright replace the main comcast router. It seams to somehow cheat and use proxy arp or something to map all these ip to the single interface. It does not work like a commercial connection where you have some form of point to point and then they route you the whole subnet. It somehow has the complete subnet on the wan interface.

So what we did was put a cisco 2621 (about $100 on ebay) behind the comcast. We then mad a dummy 10.x.x.x network for the connection between the comcast router and the cisco and put in static routes in the comcast for each of the other addresses pointing to the 10.x.x.x address corresponding to the outside (ie wan) inteface of 2621. Then it is just a matter of static nat entries in the cisco. The main reason nat on a cisco IOS router is hard is it has lots and lots of options.

The largest issue I would suspect will be how much thoughput you need. Things like used 2621 are cheap because they are old and only can pass maybe 30m of NAT traffic. You would have to go to still old 2800 series routers to get faster and then to the current 2900 series routers if you really need the speed. Something like a 2911 though will cost you almost $1100 for a basic one.


Thanks for the info. I took a look at all the routers you recommended and some seemed like overkill. They were a little too configurable for me at the moment :)  However, this lead me to a router (Cisco RV082 V3) that had a bunch of features I needed and included dual wan capability. I ended up getting one off eBay for 1/3 the price so I figured it couldn't hurt to try it. I will try the method that you and your friend used on this router and write back with my results.
November 22, 2013 12:37:16 PM

Not sure this one will work this is technically a linksys router with a cisco name on it. I really have no idea if you can configure nat in the way you need on this router...you might be able to.

I guess I should have said you need a IOS based router from cisco. They do make things like 1700 and 1800 as well as 1900 but you tend to run into throughput issues very quickly on those.
November 22, 2013 5:06:08 PM

bill001g said:
Not sure this one will work this is technically a linksys router with a cisco name on it. I really have no idea if you can configure nat in the way you need on this router...you might be able to.

I guess I should have said you need a IOS based router from cisco. They do make things like 1700 and 1800 as well as 1900 but you tend to run into throughput issues very quickly on those.


The one I purchased is rid of the Linksys name and apparently Cisco has reworked the firmware and made it their own. I guess I'll find out :) 
!