Link to home
Start Free TrialLog in
Avatar of dissolved
dissolved

asked on

General questions on router setup (ISP)


68.34.76.6
 |
 |
Router
 |
 |  ----------Block of public IPs here from ISP
 |
Firewall (NAT)
 |
 |
Internal Network

1. If you have a webserver in this setup, what would the external address be?  The one assigned to the external interface of your router, or one of the IPs in between your router and firewall?
2. Does the "outside" interface of your firewall use one of the blocked IPs from your ISP? Or does it use a private address?
3. Is this a typical setup?
ASKER CERTIFIED SOLUTION
Avatar of JFrederick29
JFrederick29
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security Officer
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security Officer
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Les Moore
Les Moore
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of dissolved
dissolved

ASKER

Thanks.
How would this setup change if the firewall had multiple interfaces. ANd the DMZ was simply an interface that hung off the firewall? I'm assuming you will need one public IP for each public interface of the firewall you use?

ie:

12.34.56.8 (ext)
   |
   |
Firewall--(DMZ)----------12.34.56.9-------Webserver (w/private IP)
   |
192.168.1.1 (int)
   |
   |
Internal LAN
Avatar of JFrederick29
JFrederick29
Flag of United States of America image
Not necessarily, you could use private addressing in the DMZ and use static NAT's to forward external traffic to the DMZ servers.
Avatar of Les Moore
Les Moore
Flag of United States of America image
> I'm assuming you will need one public IP for each public interface of the firewall you use?
You sill only need one public IP for the outside interface.
The DMZ interface is just another INside interface that can be a private IP subnet different than the internal net.
You can use the same block of public IPs to nat to either a dmz host or an internal host.

12.34.56.8 (ext)
   |
   |
Firewall--(DMZ1)--172.16.16.1-------Webserver (w/private IP)
Firewall--(DMZ2)--172.16.17.1-------Specialserver (w/private IP)
   |
192.168.1.1 (int)
   |
   |
Internal LAN
Avatar of dissolved
dissolved

ASKER

Excellent, thank you