?
Solved

Dealing with a multiple public IP's.

Posted on 2006-05-23
36
Medium Priority
?
811 Views
Last Modified: 2013-11-30
Hi,
I'm completely confused with a multiple public IP's. I have 13 usable public IP's from ISP. There's Netopia 4622XL-T T1 VPN Router (Covad), connected to NETGEAR GSM7224 Layer 2 Managed Gigabit Switch. So now Netopia is acting as DHCP server. If I connect, let's say 5 desktops, to the switch, each one has a public IP assigned by Netopia. It looks like the switch itself doesn't exist. So the question: Can I use the switch as another router? What I'd like to get, is to create a few local networks (like 192.168.0.1, 192.168.1.1, 192.168.2.1, etc), using each public IP. There's nothing about it on the Netgear support page. Please, help.
0
Comment
Question by:vadim63
  • 19
  • 12
  • 4
  • +1
36 Comments
 
LVL 10

Expert Comment

by:naveedb
ID: 16746442
No, you can not use the Netgear switch to create Private network. You will need to get router/firewall and connect it between the Netopia 4622XL and Netgear Switch, assign it one of the usable public IPs and on the internal side, enable DHCP and Network Address Translation (NAT).

0
 
LVL 10

Expert Comment

by:naveedb
ID: 16746482
Looking at 4622XL, it also supports NAT, you can configure it to use Network Address translation, and assing Private addresses 192.168.0.1 to your inside networks, which will give firewall protection. This will eliminate the use of 2nd Firewall between the Netopia and Switch.

Have a look at the following link:

http://www.netopia.com/support/hardware/4622xlt.html

0
 
LVL 10

Author Comment

by:vadim63
ID: 16746691
Thank you for quick response. I already read it. But I did not understand, how can I use the NAT, if I have a few public IP's?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 10

Expert Comment

by:naveedb
ID: 16747319
What subnet do you plan to use inside network?

Do you plan to run any servers that should be available to outside world like web, ftp etc.?
0
 
LVL 10

Author Comment

by:vadim63
ID: 16747470
Yes. Web, mail and ftp.
0
 
LVL 10

Expert Comment

by:naveedb
ID: 16747592
Same machine, of different machines?
0
 
LVL 10

Author Comment

by:vadim63
ID: 16747708
There's 3 different small Dell servers, 5 user's desktops.
0
 
LVL 6

Expert Comment

by:bkoehler-mpr
ID: 16748403
Assuming you plan on using the firewall on the router you could follow the instructions in the User Guide to set up Multiple Network Address Translation (page 78). Just set up static NAT for your servers and forward the ports you are planning on using.

http://www.netopia.com/support/hardware/manuals/FirmwareUserGuideV85.pdf
0
 
LVL 2

Expert Comment

by:Thanatos2k
ID: 16749067
Set up the Netopia using only your first static IP address for the Netopia's WAN side, and add 192.168.1.1 for the Netopia's LAN side. Then give servers or whatever you want to have a static IP an internal static address of 192.168.1.10 for example. Then follow http://www.netopia.com/support/hardware/technotes/NQG_024.html to set up a static IP map for each public IP you want forwarded to a private IP. I set it up a few times on SDSL connects with 8-13 IPs and a couple 4622 T1s with 32 IPs, runs like a champ.
0
 
LVL 2

Expert Comment

by:Thanatos2k
ID: 16749094
Oh my mistake, you wanted several separate networks, not just static IPs routed to specific hosts.

In that case, you can just set up multiple LAN interfaces on the Netopia under IP Setup>Define Additional Subnets, and add a few like as 192.168.1.1/24, 192.168.2.1/24, 192.168.3.1/24. etc.

Then follow the instuctions in my link above to set up NAT on separate public IPs for each LAN subnet you created. You will just have to create a Single IP "Public Range" for each subnet and then manually select "NAT Map List" in each local subnet under your Internet connection profile.
0
 
LVL 10

Author Comment

by:vadim63
ID: 16751763
Thanatos2k,

Can you help me with an additional subnets? Now, the screen "IP Setup>Define Additional Subnets" shows me:

                                     IP Subnets


                        IP Address          Subnet Mask
                        ---------------     ---------------
                   #1:  207.xxx.xxx.145      255.255.255.240

                   #2:  0.0.0.0             0.0.0.0

                   #3:

                   #4:

                   #5:

                   #6:

                   #7:

                   #8:


and the screen "IP Address Serving" shows:

         IP Address Serving Mode...         DHCP Server

         Number of Client IP Addresses:     13
         1st Client Address:                  207.xxx.xxx.146
         Client Default Gateway...          207.xxx.xxx.145


         Serve DHCP Clients:                Yes
         DHCP Lease Time (Hours):           24
         DHCP NetBIOS Options...

         Serve BOOTP Clients:               Yes

         Serve Dynamic WAN Clients          Yes

How it should looks like?
0
 
LVL 2

Expert Comment

by:Thanatos2k
ID: 16754384
You would change the 207.xxx.xxx.145 to 192.168.1.1/255.255.255.0, and then add under #2 192.168.2.1/255.255.255.0 and number 3 192.168.3.1/255.255.255.0 and so on for as many separate networks as you want to have.

I think you might have a problem with setting multiple DHCP scopes. Basically you need 1 DHCP "server" for each subnet, but I am not sure if the netopia can do that. Do you have the ability to set up a windows or linux server with a network interface for each subnet?
0
 
LVL 2

Expert Comment

by:Thanatos2k
ID: 16754441
Out of curiosity, what are you trying to accomplish in setting up separate subnets on the LAN side? There might be an easier way address the problem you are trying to solve that wouldn't require a DHCP server on each subnet.
0
 
LVL 10

Author Comment

by:vadim63
ID: 16754694
Actually, what am I trying to do, is to make like a four VLANs:

VLAN1: all desktops, wireless access point;
VLAN2: Web server;
VLAN3: Mail server;
VLAN4: FTP server.

All VLANs should see internet, network printer and file server. Where should I start?

0
 
LVL 10

Author Comment

by:vadim63
ID: 16754727
What I have now:

Netopia 4622XL-T T1 VPN Router (Covad);
NETGEAR GSM7224 Layer 2 Managed Gigabit Switch;
NETGEAR WAG302 ProSafe wireless access point.

Should I buy more equip?
0
 
LVL 10

Author Comment

by:vadim63
ID: 16754773
BTW, all servers run Windows Server 2003 and I'm planning to connect one more server with SQL.
0
 
LVL 2

Expert Comment

by:Thanatos2k
ID: 16754871
Would something like this work?

Set up the following IPs on 1 internal subnet:
192.168.1.1 - Netopia 4622
192.168.1.10 - Web Server
192.168.1.11 - Mail Server
192.168.1.12 - FTP Server
192.168.1.13 - File/Print Server
192.168.1.100-200 - Clients (via DHCP from Netopia 4622)

The 1 Static IP on the WAN side of the netopia will be used for all clients internet access, and then map 1 Static IP to each of the Web, Mial, and FTP servers. All machiens on your network can see and communicate with eachother, but each "service" that needs to be accessible from the outside has a dedicated static IP. (web, ftp, mail, etc).

So all machines are on the same network on the inside so they can all communicate, share files/printers, etc, but from the outside all the servers have their own static IPs, and all the clients share 1 static IP.
0
 
LVL 10

Author Comment

by:vadim63
ID: 16754950
Thank you very much, Thanatos2k! It looks like exactly what I need! So, please, help me with Netopia settings. And another question. Do I need the Netgear switch in this scenario? Or I should remove it from network?
0
 
LVL 2

Accepted Solution

by:
Thanatos2k earned 2000 total points
ID: 16755087
First change the 207.xxx.xxx.145 to 192.168.1.1 and the 255.255.255.240 to 255.255.255.0.

Then go to http://www.netopia.com/support/hardware/technotes/NQG_024.html and follow those instructions under "IP Map Configuration". For First Public Address, enter the IP you had under IP Subnets before (207.xxx.xxx.145) and for Last Public Address, enter the ending public IP in your 13 IP range.

Then on step 7, for first private address, enter 192.168.1.10 and for last public address enter 192.168.1.22. This will map all 13 of your useable IP addresses to 192.168.1.10 - 192.168.1.22. All you have to do is give a static IP to one of your servers in that range, and they will have a publicly accessible static IP.

Also, update your DHCP settings on the netopia to:
Number of Client IP Addresses:     100
1st Client Address:                  192.168.1.100
Client Default Gateway...          192.168.1.1

Let me know if it works!
0
 
LVL 10

Author Comment

by:vadim63
ID: 16756614
Thanatos2k, I'll try it tomorrow. Just one question. For changing Netopia settings, how should I be connected? Via console? I guess, if I'd start all changes from my desktop, I'd loose the connection. Am I right?
0
 
LVL 2

Expert Comment

by:Thanatos2k
ID: 16756674
Yeah console cable would be best so you dont have to reconnect with the new IP
0
 
LVL 10

Author Comment

by:vadim63
ID: 16756739
Thank you, I'll try it tomorrow.
0
 
LVL 10

Author Comment

by:vadim63
ID: 16764440
Thanatos2k, I've tried your solution. What I couldn't do is to change DHCP settings on the netopia to:
Number of Client IP Addresses:     100               -   it still show 13 as before
1st Client Address:                  192.168.1.100    -   it still show 207.xxx.xxx.146 as before
What's wrong? And another question. What IP should I enter For First Public address? 207.xxx.xxx.146?
0
 
LVL 2

Expert Comment

by:Thanatos2k
ID: 16764798
Did you first change the LAN IP address from 207.xxx.xxx.146/255.255.255.240 to 192.168.1.1/255.255.255.0 on the IP setup screen? You may have to reboot the router after you change that, I don't recall. The DHCP settings should be auto-populated based on the LAN ip address and subnet mask. In your case, the subnet mask was 255.255.252.240, which meant there were only 13 IPs that can communicate with that same subnet.

If that wasn't it, you may have to start over from the main menu and do an "Easy Setup". If you have to do that, use tftp to backup the config by sending it to a copy of SolarWinds free tftp server on your local computer. Make sure you have your WAN IP address and gateway info to go through the easy setup wizzard, and then when prompted for LAN IP address or Local IP Address, enter 192.168.1.1.


For first public IP, it would be 207.xxx.xxx.145 because that is the first address in your range. The netopia no longer needs the .145 address because its only address now is 192.168.1.1. It can start routing to your servers with the first public IP, which is .145
0
 
LVL 10

Author Comment

by:vadim63
ID: 16764910
Thank you, Thanatos2k. There was my mistake. I didn't change 255.255.255. to 0. But when I fixed it, I was able to set up DHCP as you said. After restarting Netopia, I've got 192.168..... network, but I couldn't connect to internet, though I entered 146 as a first public IP in range. I'll try 145.
0
 
LVL 10

Author Comment

by:vadim63
ID: 16765090
No, It doesn't work. No internet. I did exactly as you said, step by step. But, unfortunately, something's wrong. Any idea?
BTW, now it looks like I have 14 usable IPs? In my old config I had .145 for Netopia ethernet and .146-.158 (13 IPs) for myself. If I enter range .145-.158, it looks like 14 IPs and map should be 192.168.1.10 - 192.168.1.23? Is that mistake?
0
 
LVL 2

Expert Comment

by:Thanatos2k
ID: 16765322
Check to make sure NAT is enabled on the interface. Before since you weren't using it it was not enabled, so you are going to have to manually turn it on. I think it is under NAT from the quick menus if I remember correctly.

If that doesnt work, I think you should just write down your WAN IP, subnet, and gateway, reset the router to factory defaults, and run through the Easy Setup Wizard. It will ask you if you want to use NAT and make all the necessary changes to enable it. After that is done and you have internet access from the LAN side, you can add the static IP maps like in that document.

0
 
LVL 2

Expert Comment

by:Thanatos2k
ID: 16765340
Useable addresses are 207.xxx.xxx.145 - 207.xxx.xxx.158, so yeah, 14 total. Normally the router takes 1 but in this case it won't.
0
 
LVL 10

Author Comment

by:vadim63
ID: 16765346
OK, I'll try it now. What about IPs? Is there 13, or 14? 192.168.1.10 - 192.168.1.22, or 192.168.1.10 - 192.168.1.23?
0
 
LVL 10

Author Comment

by:vadim63
ID: 16765387
Got it!
0
 
LVL 10

Author Comment

by:vadim63
ID: 16765493
OK, I got it work. I have an internet now. But the server doesn't work as a server. I've added my web server to the servers list, 192...100 is assigned to 207....157, but it doesn't work. It has a public IP:  64.32 ....  
0
 
LVL 2

Expert Comment

by:Thanatos2k
ID: 16765711
Is the firewall turned on? Make sure traffic is not beign blocked at that level. You can shut off the firewall temporarily to test if that was the problem. If that isn't it, then the NAT isn't set up correctly.

Did you say teh server is 192.168.1.100? I thought it was set up to forward the public IPs starting at 192.168.1.10? The servers should be 192.168.1.10 - 192.168.1.23 and have static IPs you set up manually. Then the clients have 192.168.1.100 IPs from the DHCP server.
0
 
LVL 10

Author Comment

by:vadim63
ID: 16765740
Oh, yes! I'm such an idiot! Of course, it should be 192.168.1.10 not 192.168.1.100. I'll check it tomorrow. Thank you very much.
0
 
LVL 10

Author Comment

by:vadim63
ID: 16771223
Thank you very much, Thanatos2k! You are the Genius, you are the Man. The points are yours. Just one last question. Is that possible to increase the points over 500? If yes, I'll do it with pleasure.
0
 
LVL 2

Expert Comment

by:Thanatos2k
ID: 16772886
Heh thank you. 500 is the max, but based on the grade you give those points are multiplied. An "A" for example is a 4x multiplier, so I would actually receive 2,000 expert points but it still only "costs" you 500.
0
 
LVL 10

Author Comment

by:vadim63
ID: 16772941
Thank you very much!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question