• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 340
  • Last Modified:

How do you setup a firewall on it's own IP using a /29 subnet?

I'm still trying to wrap my mind around subnetting and was hoping somebody here could point me in the right direction. I am setting up a mail server and hardware firewall (Sonicwall) behind a DSL router. The ISP has given me a "/29" subnet which should have 6 usable IP addresses. They gave me the following information about these IP's (I've hidden the first 3 blocks for privacy):
x.x.x.32 = Subnet
x.x.x.33-39 = Usable IP's
x.x.x.40 = Broadcast

I want the firewall to have it's own WAN IP (.33 perhaps?) that is seperate from the DSL router's WAN IP.

I have another site that is already configured with this setup and was planning on copying their configuration but I wanted to understand exactly what I'm doing. At this other site, they have the DSL router's WAN subnet mask set to 255.255.255.248 and the LAN subnet mask set to 255.255.255.252. They also have the WAN subnet mask on the firewall set to 255.255.255.248 with it's own WAN IP. Can anybody explain how all of this works or point me to a good link? Thanks!
0
Amfab Steel
Asked:
Amfab Steel
1 Solution
 
Joseph HornseyPresident and JanitorCommented:
First of all, here is a wonderful online tutorial on subnetting.  If you go through this guy's whole tutorial, you'll know IP subnetting:

http://www.learntosubnet.com

When I used to teach TCP/IP for Windows NT 4.0, this was a resource I would point students to.

Regarding your question:

First of all, if you've got a /29 subnet, that means that your subnet mask is 255.255.255.248.  This means that there are 8 host ID's that are in that subnet, and only 6 are useable.  If your fourth octet is .32, then your IP addresses are:

w.x.y.32 - Network ID (unuseable)
w.x.y.33 - Useable
w.x.y.34 - Useable
w.x.y.35 - Useable
w.x.y.36 - Useable
w.x.y.37 - Useable
w.x.y.38 - Useable
w.x.y.39 - Broadcast ID (unuseable)

The w.x.y.40 address that you listed is actually the network ID of the next block of addresses (the network ID is always in increments of 8 with that subnet mask).

The thing to remember is that each device must have its own IP address.  This includes the external interface on your firewall and the router's IP.  The first thing you need to do is find out which IP address the router is using.  Most likely, it's w.x.y.38, but it could be any of the 6 useable addresses.  Then, you can assign the address you want to your firewall's external interface.  I would use w.x.y.33, but it's all personal perference at that point.

The next step is setting up the mail server.  You can do one of two things (depending on what the Sonicwall firewall allows).  One option is to simply map the external IP address of the firewall (w.x.y.33, or whatever you chose) to the mail server and then open TCP port 25 (SMTP) on that external IP address.  Or, you can assign another external address (say, w.x.y.34 or any of the other useable ones) to the mail server and open the port.  Either way is fine.

Hope this helps.

<-=+=->

0
 
Amfab SteelAuthor Commented:
Thank you!
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now