Solved

3Com ADSL Modem Router with stand alone Firewall, inaccessible by IP address from the outside world

Posted on 2006-06-12
13
413 Views
Last Modified: 2008-02-01
I have a 3COM modem\router and a seperate 3com firewall.  
I have a block of static IP addresses from BT.  
I wish to set up my router so that my firewall's IP address is accessible publicly for SMTP\RDP etc...

at the moment the IP address from BT is setting as an 81.XX.XX.XX address.  so i have set the router's internal IP address to be my BT static router IP, this is allowing me to browse as the outside address of my firewall is also from my static addresses from BT.

However, these addresses are not viewable if i try and RDP or telnet to them from outside...

Any ideas
0
Comment
Question by:stevedews
  • 4
  • 4
  • 2
  • +1
13 Comments
 
LVL 2

Expert Comment

by:Psyco_666
ID: 16884389
What sort of ADSL package do you have from BT?
0
 
LVL 9

Expert Comment

by:jfrady
ID: 16885105
Which router and which firewall do you have?  It sounds like you are getting through the router fine.  Do you have any access rules on the firewall to enable RDP, Telnet etc.?  Also, verify that the firewall functionality is turned off in the router.
0
 

Author Comment

by:stevedews
ID: 16885174
i have a 3com router: 3Com Office Connect - 3CRWE754G72
and  this 3com firewall: OfficeConnect® VPN Firewall - 3CR870-95

i had the firewall on the router disabled but this didnt work, so i tried it with the firewall on but with all ports pointing to the hardware firewall through the virtual servers option.

and yes firewall is set up for all those ports.

I just want to be able to access the hardware firewall directly with its external static ip 217.XX.XX.XX instead using the router's external dynamic IP.
0
 

Author Comment

by:stevedews
ID: 16885178
BT connection is a 1Mb ADSL with 5 static IP
0
 
LVL 2

Expert Comment

by:Psyco_666
ID: 16885247
Is the router setup with NAT by any chance?

It could be that the internal vlients can access the internet through NAT but that the router is not setup to route traffic to the firewall?
0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 

Author Comment

by:stevedews
ID: 16885282
NAT is currently enabled on the router should it be switched off?

There is also a IPSEC NAT-T Pass-through setting that is currently off?
0
 
LVL 9

Expert Comment

by:jfrady
ID: 16885552
Couple of things:

You probably know this but you will not be able to use the wireless portion of the Router if you want to use the VPN Firewall as your firewall.

The Router will do most everything that the VPN Firewall will do with the exception of hardware VPN accelleration and traffic shaping.

If you want to use the VPN Firewall I would suggest instead of disabling the firewall or doing virtual servers for every port, that you use the router in Bridge mode.  Essentially then it will just act as a modem and pass everything through to the VPN Firewall.

Depending on your connection type you will have to configure the appropriate VPI/VCI etc. on the DSL side.  BT should provide this info to you.

It is very atypical to do a router with dynamic addressing to a Firewall with static addressing as you mention.  A more typical scenario would be a modem or bridge with a dynamic or static assignment directly on your firewall.  Or a router with static addressing inside and outside.  The router you have does support though RFC 1481 routing as well as bridging.  My suspicion though is that you really need to bridge the connection to the firewall.

Another alternative would be to get a cheap modem to put in front of the VPN firewall.  This would allow you to possibly use the Wireless Router elsewhere or use the wireless portion only of the router inside the firewall on you LAN.

You generally do not want to allow management on the WAN interface of a firewall unless you are doing a secure connection.  Instead of trying to manage the firewall from the external side I would establish a VPN to the firewall and manage it.  As long as you are doing some level of encryption you can manage it with it's internal private IP address.

Also - use 3DES encryption on you VPN tunnels.  The hardware accellerator in this firewall is very nice.
0
 
LVL 9

Expert Comment

by:jfrady
ID: 16885576
NAT should be disabled.  When you put the router in bridge mode it will disable all router functions including NAT.
0
 

Author Comment

by:stevedews
ID: 16885902
Thanks was about to give that a go until disaster struck need to buy another router in the next 5mins:

Do you know if this modem router supports bridging too?
Netgear DG834G?

Thanks
0
 
LVL 9

Accepted Solution

by:
jfrady earned 500 total points
ID: 16886020
Uh-oh.  Hope it wasn't too bad a disaster!  

Just looked at the manual for that device.  In the tech specs it says it does support RFC 1483 bridging and routing.  Could find no other references to bridge mode in the manual however.  

That device would really be overkill anyway.  If you can find a plain old ADSL modem that would be the best thing.  The NetGear you mentioned has firewall, wireless, VPN etc.

I'm assuming you want to use the VPN Firewall for its hardware VPN capabilities.  Depending on where you are located any box type store would have an ADSL modem.  Best Buy, Circuit City, Office Depot, even Wal-Mart, Radio Shack etc.
0
 
LVL 18

Expert Comment

by:Sam Panwar
ID: 17508826
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I will leave the following recommendation for this question in the Cleanup topic area:
    Accept: jfrady {http:#16886020}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

ABS
EE Cleanup Volunteer

0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now