How do you setup a firewall on it's own IP using a /29 subnet?

Posted on 2006-05-22
Last Modified: 2010-03-19
I'm still trying to wrap my mind around subnetting and was hoping somebody here could point me in the right direction. I am setting up a mail server and hardware firewall (Sonicwall) behind a DSL router. The ISP has given me a "/29" subnet which should have 6 usable IP addresses. They gave me the following information about these IP's (I've hidden the first 3 blocks for privacy):
x.x.x.32 = Subnet
x.x.x.33-39 = Usable IP's
x.x.x.40 = Broadcast

I want the firewall to have it's own WAN IP (.33 perhaps?) that is seperate from the DSL router's WAN IP.

I have another site that is already configured with this setup and was planning on copying their configuration but I wanted to understand exactly what I'm doing. At this other site, they have the DSL router's WAN subnet mask set to and the LAN subnet mask set to They also have the WAN subnet mask on the firewall set to with it's own WAN IP. Can anybody explain how all of this works or point me to a good link? Thanks!
Question by:Amfab Steel
    LVL 13

    Accepted Solution

    First of all, here is a wonderful online tutorial on subnetting.  If you go through this guy's whole tutorial, you'll know IP subnetting:

    When I used to teach TCP/IP for Windows NT 4.0, this was a resource I would point students to.

    Regarding your question:

    First of all, if you've got a /29 subnet, that means that your subnet mask is  This means that there are 8 host ID's that are in that subnet, and only 6 are useable.  If your fourth octet is .32, then your IP addresses are:

    w.x.y.32 - Network ID (unuseable)
    w.x.y.33 - Useable
    w.x.y.34 - Useable
    w.x.y.35 - Useable
    w.x.y.36 - Useable
    w.x.y.37 - Useable
    w.x.y.38 - Useable
    w.x.y.39 - Broadcast ID (unuseable)

    The w.x.y.40 address that you listed is actually the network ID of the next block of addresses (the network ID is always in increments of 8 with that subnet mask).

    The thing to remember is that each device must have its own IP address.  This includes the external interface on your firewall and the router's IP.  The first thing you need to do is find out which IP address the router is using.  Most likely, it's w.x.y.38, but it could be any of the 6 useable addresses.  Then, you can assign the address you want to your firewall's external interface.  I would use w.x.y.33, but it's all personal perference at that point.

    The next step is setting up the mail server.  You can do one of two things (depending on what the Sonicwall firewall allows).  One option is to simply map the external IP address of the firewall (w.x.y.33, or whatever you chose) to the mail server and then open TCP port 25 (SMTP) on that external IP address.  Or, you can assign another external address (say, w.x.y.34 or any of the other useable ones) to the mail server and open the port.  Either way is fine.

    Hope this helps.


    LVL 5

    Author Comment

    by:Amfab Steel
    Thank you!

    Featured Post

    Give your grad a cloud of their own!

    With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

    Join & Write a Comment

    Some time ago I was asked to set up a web portal PC to put at our entrance. When customers arrive, they could see a webpage 'promoting' our company. So I tried to set up a windows 7 PC as a kiosk PC.......... I will spare you all the annoyances I…
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now