• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 404
  • Last Modified:

How do you setup a firewall on it's own IP using a /29 subnet?

I'm still trying to wrap my mind around subnetting and was hoping somebody here could point me in the right direction. I am setting up a mail server and hardware firewall (Sonicwall) behind a DSL router. The ISP has given me a "/29" subnet which should have 6 usable IP addresses. They gave me the following information about these IP's (I've hidden the first 3 blocks for privacy):
x.x.x.32 = Subnet
x.x.x.33-39 = Usable IP's
x.x.x.40 = Broadcast

I want the firewall to have it's own WAN IP (.33 perhaps?) that is seperate from the DSL router's WAN IP.

I have another site that is already configured with this setup and was planning on copying their configuration but I wanted to understand exactly what I'm doing. At this other site, they have the DSL router's WAN subnet mask set to and the LAN subnet mask set to They also have the WAN subnet mask on the firewall set to with it's own WAN IP. Can anybody explain how all of this works or point me to a good link? Thanks!
Amfab Steel
Amfab Steel
1 Solution
Joseph HornseyPresident and JanitorCommented:
First of all, here is a wonderful online tutorial on subnetting.  If you go through this guy's whole tutorial, you'll know IP subnetting:


When I used to teach TCP/IP for Windows NT 4.0, this was a resource I would point students to.

Regarding your question:

First of all, if you've got a /29 subnet, that means that your subnet mask is  This means that there are 8 host ID's that are in that subnet, and only 6 are useable.  If your fourth octet is .32, then your IP addresses are:

w.x.y.32 - Network ID (unuseable)
w.x.y.33 - Useable
w.x.y.34 - Useable
w.x.y.35 - Useable
w.x.y.36 - Useable
w.x.y.37 - Useable
w.x.y.38 - Useable
w.x.y.39 - Broadcast ID (unuseable)

The w.x.y.40 address that you listed is actually the network ID of the next block of addresses (the network ID is always in increments of 8 with that subnet mask).

The thing to remember is that each device must have its own IP address.  This includes the external interface on your firewall and the router's IP.  The first thing you need to do is find out which IP address the router is using.  Most likely, it's w.x.y.38, but it could be any of the 6 useable addresses.  Then, you can assign the address you want to your firewall's external interface.  I would use w.x.y.33, but it's all personal perference at that point.

The next step is setting up the mail server.  You can do one of two things (depending on what the Sonicwall firewall allows).  One option is to simply map the external IP address of the firewall (w.x.y.33, or whatever you chose) to the mail server and then open TCP port 25 (SMTP) on that external IP address.  Or, you can assign another external address (say, w.x.y.34 or any of the other useable ones) to the mail server and open the port.  Either way is fine.

Hope this helps.


Amfab SteelAuthor Commented:
Thank you!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now