Will this work?
My new ISP Be have given me 8 IP's but rather than be a CIDR subnet to myself like BT had given me, it is just 8 non consecutive IPs in a /22 subnet.
The be box router they supply doesnt provide for routing with these IPs, and the cisco 877 I bought to try to deal with it doesnt seem to work with Annex M, and wont sync at my full 2 meg upstream.
So, what Ive thought about doing is using an old netgear dg834gt which supports annex M and syncs nice and fast as just the modem with DMZ set to the Cisco, and then using the cisco router behind that to deal with the IPs and ACL and stuff
The layout I have in mind is something like this:
My questions are basically:
Will this work?
Do I need to have 2 WAN IPs between the Netgear and the Cisco or can I make them part of the 192.168.2.0 network?
Ive tried using the old BT Business hub to deal with the multiple IPs but it doesnt seem to work like it did with the BT IP range.
I think that it may be possible if the Netgear supports passthrough where it just acts as a raw modem and does not deal with the ip information (layer 2). You could then have the Cisco connect it with PPPoE and setup mutiple subinterfaces on the external interface to assign the ip addresses and give it the points to route from and to.
If the netgear does not support passthrough and does support multiple IPs then you could use internal addresses on the link back to your cisco router but it would also need to support static routes for each external address to each internal address.
Your diagram is a little confusing so please clarify if I have got your intentions wrong.
I hadnt planned on using the ADSL interface of the cisco router at all, just the 4 Ethernet ports.
The netgear doesnt support multiple IPs, but it will allow for creating basic static routes.
What I was planning on was the ADSL interface of the Netgear having 1 static IP, and connecting to the DSLAM.
And then the Ethernet port connecting to the Cisco and then having the cisco route NAT traffic for the 192.168.2.0 lan via 1 ethernet interface, and then to the Servers with the WAN Ips through another interface.
edit: also the cisco routers WAN interface is pppoA or IPoA not pppoE
If the Netgear router does not support multiple ips on its external interface and it is still set to be active, ie not passthrough the only reachable IP address from the internet will be the one it claims. The router will simply ignore traffic pointed at any of your other external ips.
The method that I was talking about does not use the ADSL link on the Cisco unit but instead the netgear is connected to a single ethernet port and set to act as a dumb modem. The ethernet port on the cisco provedes logon credentials and dialing instructions to the dumb modem using the standard PPPoE authentication method. This way any traffic at all recived by the modem will be passed back to the cisco unit which can then be setup with multiple subinterfaces on the ethernet port connected to the modem.
Each of these subinterfaces will corrospond to each external IP that you have and can then be NATed, firewalled and routed individually to your internal hosts. Your internal network could use the 192.168.1.x network for the staticly mapped DMZed hosts and the 192.168.2.x network for your normal hosts.
I will have a look and see if the netgear can be set to be passive.
My ISP doesnt require any login credentials or anything, it uses IPoA.
I dont think the method you suggest will work for what I need however...
Am I correct in thinking all outgoing traffic from the network would appear as coming from the 1 static ip?
ie. Services on the servers couldnt bind to various IPs as the servers would only have local IPs?
Nope it would depend on how you setup NAT, you could have each of the internal hosts that you wanted NATed individually to separate external ip addresses. If your want to group others just put them on a subnet and use overloaded nat to make them share an IP. Cisco NAT is vastly more capible than the kind you get in dirty little consumer routers.
Originally Posted by RabbieBurns
The servers could still bind to their internal IPs as everything would appear to them as if it was addressed to the internal IP rather than the external one. With this kind of NATing you can even load balance easily across two internal servers that offer the same content.
I am not sure how you would go about pipeing the IP addresses directly to the clients using the cisco device as I am not sure about the authentication method that your ISP uses, there is a chance that you could just have a dumb modem plugged into a switch bypassing the router alltogether and have each of your DMZ hosts attached to your switch. All firewalling would then be left solely up to the hosts themselves then though.
There again it may be easier to just get a new WIC for the Cisco unit that supports the standard that you want to use.
I thought the Be box went into bridge mode (ie, doesn't do anything but be a modem) when you had it configured for many IPs?
dunno i ditched the bebox after a week it wouldnt hold a connection for more than a couple of hours and the sync speeds werent very good
Hmm. You should be able to use another modem in the same way though, I would have thought.
I'm using a bebox with multiple ip's, hooked up to a draytek vigor 3300 router. There is a multi ip profile that will do as you are suggesting. I don't have an issues with dropped connections and the line syncs at 14/2. Be do tend to be helpful if you've got sync problems. Maybe you should revert back to the bebox and raise a support call?
Ive put some custom firmware on the netgear which lets me turn it into modem only mode. However, I cant seem to set more than 1 IP on the cisco ethernet. It treats all 4 ports as Layer2 and the only interface i can set an IP on is the Vlan1 interface.
Is it possible to have a vlan1/1 or so sub interface type thing?