SBC DSL - PPPOE - Static IP - Watchguard SOHO - SBS 2003

Posted on 2006-07-21
Last Modified: 2008-01-09
Hi All-
I am at a clients that just changed over from dynamic to static ips in the office.  We are putting in an SBS 2003 box.  The modem is a speadstream 5360 (which does not Authenticate PPPoE)  hence it needs a router in between it and the sbs to do the authentication.  grrrr. (ok technically not, but I've been down the PPPoE on an SBS route before)

So they have a Watchguard SOHO.  It is set to do PPPoE.  It logs on fine and I get internet.  However my Public IP from is the ip they provided as the gateway address.  I called sbc they said thats normal.  All you have to do is add the other IPs to your IP Table in the router/firewall.

OK sounds right.  But how?

Firewall 5.0.29
Dec 10 2001
Boot ROM 3.7
Platform WatchGuard SOHO

Since this is a 2 NIC sbs setup I'd like to just authenticate using the Watchguard and then send everythig to the server.  Can you bridge a SOHO? lol

The watchguard site is sloooww right now and I cant figure out how to
1.  add the ip addresses to the SOHO
2.  put the sbs in the DMZ.  

Also is there a way to mask the sbs?  so that when I send emails it has the external public ip and not the gateway address?

Question by:livegirllove
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3

Expert Comment

ID: 17160510
I just dealt with SBC/Yahoo DSL and their "static IP" setup via PPPoE.  In fact they are "STICKY" IPs that are issued to you once you authenticate via PPPoE- but that isn't the main point here.

I was issued a Netopia router device, and in fact this box does do PPPoE authentication.  I setup a PIX 501 behind it, and found that no matter what, I was coming up as the gateway IP (just as you are).  This is after assigning static NATs, etc.

I was provided the login info for the router, and found that the router ITSELF was doing NAT.  Once I turned that off, I came up as the correct IP.  This is *AFTER* the SBC/Yahoo tech assured me I was all set to install my firewall, that NAT was off, etc - don't believe them, check for yourself!

Please also confirm that the device they issued you does not do PPPoE auth- that would be nice!



Author Comment

ID: 17160968
ah yes.  sticky ips.  thats what they call them.

The modem definately wont authenticate.  You cant bridge it or do anything to it.  As far as I know you cant even telnet into it to make ANY configuration changes.  It just sits there "stupid" and relies on whats behind it to do the auth.

I can get around the external gateway ip problem by forwarding all email out through the ISPs smarthost to avoid reverse dns pointer problems.

I can port forward everything I need into the server from the SOHO.

My main problem is how to add IPs to the SOHO.

Author Comment

ID: 17161042
5360 - Why You Don't Need to Configure it for TCP/IP

Because the Speedstream 5360 transports only MAC frames and does not ‘see’ any upper-layer protocol information encapsulated within these MAC frames, it is not capable of filtering or blocking any traffic based on IP information, port information or application layer information.  It simply passes ALL traffic bi-directionally from the end-user’s LAN to the service provider's network, and vice versa.

and here is the doc on the SOHO.

I don't understand how to add new ips to it.
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.


Author Comment

ID: 17161107
I dont understand because I dont think I can.  Seems that it will do only one WAN ip interface.  

Fortunately I have an snapgear SG300 sitting here that I can use.  I can do IP aliasing with it.

Ill still accept any input...


Expert Comment

ID: 17161310
Looking at the link you posted, it seems like it does.

Not being very familiar with that box, I would ask this:

- Can you add "hosts" and then adjust the hosts properties to reflect a different translation?
- Is there a NAT section, where you might change NAT properties to reflect another translation for another host?



Author Comment

ID: 17161672
yes and yes.  let me give you the specs.  I need to plug it back in.  I would rather use the watchguard as its theirs and already paid for.  the SG300 is mine and they aren't gonna like spending another $300 on it.

I've also been playing with making SBS do the Authentication, but it leaves the second nic with no IP and shows as not connected even though the DSL is connected (although its through the WAN Mini port (PPPoE).  I thought maybe I could bridge the 2 but it doesnt work. If I could bridge it I could just add the extra IPs to the NIC 2.

Author Comment

ID: 17161707
ok the watchguard has a section called static routes

in the "add route" area there is a dropdown to choose host or network
a box for address
a box for gateway


Accepted Solution

NYtechGuy earned 500 total points
ID: 17161931

no, that doesn't sound like what you are looking for.  It is simply the interface to add a static IP route- which is to say it is to show the firewall to reach other networks:

to get to go to the router with IP address  ... etc


Author Comment

ID: 17220421
resolution was to use a Cyberguard until the client purchased a netopia 3356.

thanks for the help

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Internet Business Fax to Email Made Easy - With  eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Suggested Courses

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question