|
Multiple IP on firewall?
Hello all
My apologies if this has been asked before but I can's see anything using a search. We have just had our 1MB business service installed by NTL (35 days late!) and we have a Samsung cable modem. Our service includes 5 IP addresses which, very stragely, are not contigious. The firewall has multiple IP addresses allocated to the network card and we will be putting public facing machines on the DMZ with private addresses and the relevant ports forwarded. The auto registration process will only allow us to allocate one of the IP addresses to the MAC of the firewall. Does anyone know of a way round this please? NTL help desk suggest putting a hub/switch on the cable modem and our other machines on this. What's the point of having a firewall if we do this or should we find a firewall that has 6 network cards? Any help appreciated. Andrew |
Re: Multiple IP on firewall?
Im...confused, or am I stupid? Your firewall....has a MAC address? Or am I missing this? Is it a hardware firewall?
EDIT : Hang on now is this a NAT router with ethernet ports, not network cards and a built in firewall ? |
Re: Multiple IP on firewall?
Well
Your confused, what do you think we are after all of that :p SAC, maybe try rewording it a little, as I dont get what you mean fully either TBH I may be stupid, like Moony above, but you'll need to reword for us both to try again :) |
Re: Multiple IP on firewall?
Quote:
A completely different approach would be to have a different style of firewall: one which is transparent to IP, and works at Layer 2 by sniffing the passing traffic and diverting it as necessary. Then your five public machines could have their real NTL IP addresses. |
Re: Multiple IP on firewall?
Or someone like Robin could look at this post and make me and Mr.Moony look stupid :p
lol Over to you Mr Walker ;) |
Re: Multiple IP on firewall?
I now see the word Business in the first sentance (hangs head in shame)
|
Re: Multiple IP on firewall?
Doh, I missed that too :/
(/Joins Moony in the dunce corner) |
Re: Multiple IP on firewall?
i missed the business bit but the samsung modem was a dead giveaway! :D
|
Re: Multiple IP on firewall?
The speed of the responses is impressive...thanks.
Yes, it's a hardware firewall (SmoothWall). I've installed these before on ADSL lines with multiple IP addresses without problems. Thinking about it, the ADSL lines have a router and a whole subnet which may explain things. Employing a layer 2 device will be a pain as the firewall provides several features we use such as IPSEC VPN and QoS. It's frustrating seeing the IP address and MAC table when I log onto the NTL Business Essentials site with no way of adding them manually. I'm also wondering how to use these multiple IP addresses at all without having the machines directly connected to the cable modem...and therefore the Internet. Am I supposed to install ZoneAlarm on eveything? Come on out of the dunces corner if you have any more ideas. Cheers |
Re: Multiple IP on firewall?
Quote:
Alternatively, if the Smoothwall is a NAT box, do you really need 5 IP addresses? |
Re: Multiple IP on firewall?
Quote:
Can he not just setup the nic to be multihomed/multi IP ??? |
Re: Multiple IP on firewall?
i use a hotbrick600 router, and that can be set to act as a transparent bridge, then you set your pc's on the dmz range to obtain an ip auto from ntl (you can do this with 4 machines, as you need an ip for the lan side), and your lan side is done on 192.168.x.x (or whatever you choose) on the remaining ip.
i am not sure if the smoothwall can do similar though. |
Re: Multiple IP on firewall?
I think that 5 WAN IPs is the way to do it, shame on ntl for allocating non contigeous addresses though, why can't they get it right like other isps?
Of course, as Robin said, the Smoothwall can probably NAT just one of those IPs to your whole LAN. If it cant then you will need a whole load of rulesets/proxies for the 5 different addresses! Do let us know how this pans out, I'm sure the info will be helpful to others, remember a little bit of practical experience passed on is worth pages of speculation by us armchair experts ;-) Terry |
Re: Multiple IP on firewall?
i have 5 IPs on my service
i have 2 servers hanging off this service each one needs its own external IP (for mail etc) my options were: get a dumb hub assign static ips to north facing nic and polug them both into hub get a linux box with 3 nic's in it to deal with all the traffic get 1 hub and 2 routers hanging off it one for each server get an expensive hardware firewall that does multiple NAT or allows me to have more the 1 external IP such as a sonic wall etc.. no cable routers will allow you to do what you need adsl routers will :( anyway i went for the cheap hub and 2 routers option as a i had an old hub and router to use already |
Re: Multiple IP on firewall?
Using something like Bering/LEAF you can get your firewall to provide 1-to-1 NAT, ie. map each public IP address to a different private address. I had to do this at work when a group of machines was moved to an office on a different subnet, and it was not practicable to change their internal IP addresses.
Sorry if this misses the point of what you are trying to do, as I am not familiar with NTLs business offering. |
Re: Multiple IP on firewall?
I've had a quick read of the recent posts and there still seems to be some mis-understanding. Let me try and clarify.
The SmoothWall has all 5 IP's allocated to it's network card (connected to the cable modem) so is multi-homed. The crux of the problem is that NTL's system won't let me tell it that all these IP addresses correspond to the one card (and therefore the same MAC). If we wanted to hosts machines behind the firewall then we could manage with a single IP. When we want to have two web servers both on port 80 then can't forward port 80 to both (this is an example as we are planning other things too). Hence the need for the multiple IPs. With ADSL the problem seems to be avoided as the customer is allocated a subnet, then BT's network forwards any traffic for that subnet to the site router. With NTL we have 5 seperate IP address with are part of a bigger subnet so each IP address has to have a MAC associated, much like on a LAN. I'm thinking along these lines now : Is there some way of conning the NTL autoreg into allocating the same MAC to all my IPs? Can I allocate multiple MACs to my network card (doubtful!)? Ultimately, this business service from NTL isn't really. The IP addressing on their cable network appears not to have been planned for any customers wanting to do anything more advanced. While it is fine for home users. We were quoted less than 10 days to have this service installed and it took nearly 2 months. BT won't provide ADSL locally as there is not enough demand. Even if we had ADSL reliability is pants. Leased lines are too expensive. Satellite is crap......I know, I've tried it. Once again...thanks for everyone's time in bothering to join in. Must go and sit in a dark room to calm down now!! That dunces corner looks nice and quiet. Andrew |
Re: Multiple IP on firewall?
Quote:
So the sledgehammer solution is to fit 5 WAN interfaces to your SmoothWall, connect them to a switch and thence to the cable modem. Pretty ghastly, but should fix it. |
Re: Multiple IP on firewall?
Having a quick check on google, it looks like you may be able to assign multiple MAC addresses to a tulip NIC.
http://www.ussg.iu.edu/hypermail/lin...10.1/0006.html http://www.geocrawler.com/archives/3...2/4/0/8274555/ http://www.geocrawler.com/archives/3...2/3/0/8072245/ |
| All times are GMT. The time now is 08:33. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2026, vBulletin Solutions Inc.
All Posts and Content are © Cable Forum