Multiple IP on firewall? - Page 2

SAC · 13-01-2004, 11:26

I've had a quick read of the recent posts and there still seems to be some mis-understanding. Let me try and clarify.

The SmoothWall has all 5 IP's allocated to it's network card (connected to the cable modem) so is multi-homed. The crux of the problem is that NTL's system won't let me tell it that all these IP addresses correspond to the one card (and therefore the same MAC).

If we wanted to hosts machines behind the firewall then we could manage with a single IP. When we want to have two web servers both on port 80 then can't forward port 80 to both (this is an example as we are planning other things too). Hence the need for the multiple IPs.

With ADSL the problem seems to be avoided as the customer is allocated a subnet, then BT's network forwards any traffic for that subnet to the site router. With NTL we have 5 seperate IP address with are part of a bigger subnet so each IP address has to have a MAC associated, much like on a LAN.

I'm thinking along these lines now :

Is there some way of conning the NTL autoreg into allocating the same MAC to all my IPs?

Can I allocate multiple MACs to my network card (doubtful!)?

Ultimately, this business service from NTL isn't really. The IP addressing on their cable network appears not to have been planned for any customers wanting to do anything more advanced. While it is fine for home users.

We were quoted less than 10 days to have this service installed and it took nearly 2 months. BT won't provide ADSL locally as there is not enough demand. Even if we had ADSL reliability is pants. Leased lines are too expensive. Satellite is crap......I know, I've tried it.

Once again...thanks for everyone's time in bothering to join in.

Must go and sit in a dark room to calm down now!! That dunces corner looks nice and quiet.

Andrew

rdhw · 13-01-2004, 11:56

Quote:

Originally Posted by SAC

The IP addressing on their cable network appears not to have been planned for any customers wanting to do anything more advanced.

I don't have certain knowledge of the Business offering, but I'm extrapolating from what I do know. Although you have been offered five IP addresses (allegedly fixed IP addresses, but I think you will find they change if NTL's local cable system is hugely reorganised), they are still (I think) allocated by DHCP: they are not true static IP addresses, just DHCP-allocated addresses which will stay the same each time the linked MAC address broadcasts for a DHCP configuration. So there has to be a unique one-to-one mapping between MAC addresses and IP addresses, in order that DHCP can tell which card is calling. DHCP servers can't cope with allocating more than one IP address to the same MAC address, so multiple appearances of the same MAC address in their database is normally an error condition.

So the sledgehammer solution is to fit 5 WAN interfaces to your SmoothWall, connect them to a switch and thence to the cable modem. Pretty ghastly, but should fix it.

beardsley · 13-01-2004, 13:01

Having a quick check on google, it looks like you may be able to assign multiple MAC addresses to a tulip NIC.

http://www.ussg.iu.edu/hypermail/lin...10.1/0006.html
http://www.geocrawler.com/archives/3...2/4/0/8274555/
http://www.geocrawler.com/archives/3...2/3/0/8072245/