Solved

3Com ADSL Modem Router with stand alone Firewall, inaccessible by IP address from the outside world

Posted on 2006-06-12
13
436 Views
Last Modified: 2008-02-01
I have a 3COM modem\router and a seperate 3com firewall.  
I have a block of static IP addresses from BT.  
I wish to set up my router so that my firewall's IP address is accessible publicly for SMTP\RDP etc...

at the moment the IP address from BT is setting as an 81.XX.XX.XX address.  so i have set the router's internal IP address to be my BT static router IP, this is allowing me to browse as the outside address of my firewall is also from my static addresses from BT.

However, these addresses are not viewable if i try and RDP or telnet to them from outside...

Any ideas
0
Comment
Question by:stevedews
  • 4
  • 4
  • 2
  • +1
13 Comments
 
LVL 2

Expert Comment

by:Psyco_666
ID: 16884389
What sort of ADSL package do you have from BT?
0
 
LVL 9

Expert Comment

by:jfrady
ID: 16885105
Which router and which firewall do you have?  It sounds like you are getting through the router fine.  Do you have any access rules on the firewall to enable RDP, Telnet etc.?  Also, verify that the firewall functionality is turned off in the router.
0
 

Author Comment

by:stevedews
ID: 16885174
i have a 3com router: 3Com Office Connect - 3CRWE754G72
and  this 3com firewall: OfficeConnect® VPN Firewall - 3CR870-95

i had the firewall on the router disabled but this didnt work, so i tried it with the firewall on but with all ports pointing to the hardware firewall through the virtual servers option.

and yes firewall is set up for all those ports.

I just want to be able to access the hardware firewall directly with its external static ip 217.XX.XX.XX instead using the router's external dynamic IP.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:stevedews
ID: 16885178
BT connection is a 1Mb ADSL with 5 static IP
0
 
LVL 2

Expert Comment

by:Psyco_666
ID: 16885247
Is the router setup with NAT by any chance?

It could be that the internal vlients can access the internet through NAT but that the router is not setup to route traffic to the firewall?
0
 

Author Comment

by:stevedews
ID: 16885282
NAT is currently enabled on the router should it be switched off?

There is also a IPSEC NAT-T Pass-through setting that is currently off?
0
 
LVL 9

Expert Comment

by:jfrady
ID: 16885552
Couple of things:

You probably know this but you will not be able to use the wireless portion of the Router if you want to use the VPN Firewall as your firewall.

The Router will do most everything that the VPN Firewall will do with the exception of hardware VPN accelleration and traffic shaping.

If you want to use the VPN Firewall I would suggest instead of disabling the firewall or doing virtual servers for every port, that you use the router in Bridge mode.  Essentially then it will just act as a modem and pass everything through to the VPN Firewall.

Depending on your connection type you will have to configure the appropriate VPI/VCI etc. on the DSL side.  BT should provide this info to you.

It is very atypical to do a router with dynamic addressing to a Firewall with static addressing as you mention.  A more typical scenario would be a modem or bridge with a dynamic or static assignment directly on your firewall.  Or a router with static addressing inside and outside.  The router you have does support though RFC 1481 routing as well as bridging.  My suspicion though is that you really need to bridge the connection to the firewall.

Another alternative would be to get a cheap modem to put in front of the VPN firewall.  This would allow you to possibly use the Wireless Router elsewhere or use the wireless portion only of the router inside the firewall on you LAN.

You generally do not want to allow management on the WAN interface of a firewall unless you are doing a secure connection.  Instead of trying to manage the firewall from the external side I would establish a VPN to the firewall and manage it.  As long as you are doing some level of encryption you can manage it with it's internal private IP address.

Also - use 3DES encryption on you VPN tunnels.  The hardware accellerator in this firewall is very nice.
0
 
LVL 9

Expert Comment

by:jfrady
ID: 16885576
NAT should be disabled.  When you put the router in bridge mode it will disable all router functions including NAT.
0
 

Author Comment

by:stevedews
ID: 16885902
Thanks was about to give that a go until disaster struck need to buy another router in the next 5mins:

Do you know if this modem router supports bridging too?
Netgear DG834G?

Thanks
0
 
LVL 9

Accepted Solution

by:
jfrady earned 500 total points
ID: 16886020
Uh-oh.  Hope it wasn't too bad a disaster!  

Just looked at the manual for that device.  In the tech specs it says it does support RFC 1483 bridging and routing.  Could find no other references to bridge mode in the manual however.  

That device would really be overkill anyway.  If you can find a plain old ADSL modem that would be the best thing.  The NetGear you mentioned has firewall, wireless, VPN etc.

I'm assuming you want to use the VPN Firewall for its hardware VPN capabilities.  Depending on where you are located any box type store would have an ADSL modem.  Best Buy, Circuit City, Office Depot, even Wal-Mart, Radio Shack etc.
0
 
LVL 18

Expert Comment

by:Sam Panwar
ID: 17508826
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I will leave the following recommendation for this question in the Cleanup topic area:
    Accept: jfrady {http:#16886020}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

ABS
EE Cleanup Volunteer

0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question