livegirllove
asked on
SBC DSL - PPPOE - Static IP - Watchguard SOHO - SBS 2003
Hi All-
I am at a clients that just changed over from dynamic to static ips in the office. We are putting in an SBS 2003 box. The modem is a speadstream 5360 (which does not Authenticate PPPoE) hence it needs a router in between it and the sbs to do the authentication. grrrr. (ok technically not, but I've been down the PPPoE on an SBS route before)
So they have a Watchguard SOHO. It is set to do PPPoE. It logs on fine and I get internet. However my Public IP from dnsstuff.com is the ip they provided as the gateway address. I called sbc they said thats normal. All you have to do is add the other IPs to your IP Table in the router/firewall.
OK sounds right. But how?
Firewall 5.0.29
Dec 10 2001
Boot ROM 3.7
Platform WatchGuard SOHO
Since this is a 2 NIC sbs setup I'd like to just authenticate using the Watchguard and then send everythig to the server. Can you bridge a SOHO? lol
The watchguard site is sloooww right now and I cant figure out how to
1. add the ip addresses to the SOHO
and/or
2. put the sbs in the DMZ.
Also is there a way to mask the sbs? so that when I send emails it has the external public ip and not the gateway address?
I am at a clients that just changed over from dynamic to static ips in the office. We are putting in an SBS 2003 box. The modem is a speadstream 5360 (which does not Authenticate PPPoE) hence it needs a router in between it and the sbs to do the authentication. grrrr. (ok technically not, but I've been down the PPPoE on an SBS route before)
So they have a Watchguard SOHO. It is set to do PPPoE. It logs on fine and I get internet. However my Public IP from dnsstuff.com is the ip they provided as the gateway address. I called sbc they said thats normal. All you have to do is add the other IPs to your IP Table in the router/firewall.
OK sounds right. But how?
Firewall 5.0.29
Dec 10 2001
Boot ROM 3.7
Platform WatchGuard SOHO
Since this is a 2 NIC sbs setup I'd like to just authenticate using the Watchguard and then send everythig to the server. Can you bridge a SOHO? lol
The watchguard site is sloooww right now and I cant figure out how to
1. add the ip addresses to the SOHO
and/or
2. put the sbs in the DMZ.
Also is there a way to mask the sbs? so that when I send emails it has the external public ip and not the gateway address?
ASKER
ah yes. sticky ips. thats what they call them.
The modem definately wont authenticate. You cant bridge it or do anything to it. As far as I know you cant even telnet into it to make ANY configuration changes. It just sits there "stupid" and relies on whats behind it to do the auth.
I can get around the external gateway ip problem by forwarding all email out through the ISPs smarthost to avoid reverse dns pointer problems.
I can port forward everything I need into the server from the SOHO.
My main problem is how to add IPs to the SOHO.
The modem definately wont authenticate. You cant bridge it or do anything to it. As far as I know you cant even telnet into it to make ANY configuration changes. It just sits there "stupid" and relies on whats behind it to do the auth.
I can get around the external gateway ip problem by forwarding all email out through the ISPs smarthost to avoid reverse dns pointer problems.
I can port forward everything I need into the server from the SOHO.
My main problem is how to add IPs to the SOHO.
ASKER
5360 - Why You Don't Need to Configure it for TCP/IP
Because the Speedstream 5360 transports only MAC frames and does not ‘see’ any upper-layer protocol information encapsulated within these MAC frames, it is not capable of filtering or blocking any traffic based on IP information, port information or application layer information. It simply passes ALL traffic bi-directionally from the end-user’s LAN to the service provider's network, and vice versa.
and here is the doc on the SOHO.
http://www.watchguard.com/help/SmallOffice/5.0/sohohelp.htm
I don't understand how to add new ips to it.
Because the Speedstream 5360 transports only MAC frames and does not ‘see’ any upper-layer protocol information encapsulated within these MAC frames, it is not capable of filtering or blocking any traffic based on IP information, port information or application layer information. It simply passes ALL traffic bi-directionally from the end-user’s LAN to the service provider's network, and vice versa.
and here is the doc on the SOHO.
http://www.watchguard.com/help/SmallOffice/5.0/sohohelp.htm
I don't understand how to add new ips to it.
ASKER
I dont understand because I dont think I can. Seems that it will do only one WAN ip interface.
Fortunately I have an snapgear SG300 sitting here that I can use. I can do IP aliasing with it.
Ill still accept any input...
thanks
Fortunately I have an snapgear SG300 sitting here that I can use. I can do IP aliasing with it.
Ill still accept any input...
thanks
Looking at the link you posted, it seems like it does.
Not being very familiar with that box, I would ask this:
- Can you add "hosts" and then adjust the hosts properties to reflect a different translation?
- Is there a NAT section, where you might change NAT properties to reflect another translation for another host?
Thanks,
Justin
Not being very familiar with that box, I would ask this:
- Can you add "hosts" and then adjust the hosts properties to reflect a different translation?
- Is there a NAT section, where you might change NAT properties to reflect another translation for another host?
Thanks,
Justin
ASKER
yes and yes. let me give you the specs. I need to plug it back in. I would rather use the watchguard as its theirs and already paid for. the SG300 is mine and they aren't gonna like spending another $300 on it.
I've also been playing with making SBS do the Authentication, but it leaves the second nic with no IP and shows as not connected even though the DSL is connected (although its through the WAN Mini port (PPPoE). I thought maybe I could bridge the 2 but it doesnt work. If I could bridge it I could just add the extra IPs to the NIC 2.
I've also been playing with making SBS do the Authentication, but it leaves the second nic with no IP and shows as not connected even though the DSL is connected (although its through the WAN Mini port (PPPoE). I thought maybe I could bridge the 2 but it doesnt work. If I could bridge it I could just add the extra IPs to the NIC 2.
ASKER
ok the watchguard has a section called static routes
in the "add route" area there is a dropdown to choose host or network
a box for address
a box for gateway
in the "add route" area there is a dropdown to choose host or network
a box for address
a box for gateway
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
resolution was to use a Cyberguard until the client purchased a netopia 3356.
thanks for the help
thanks for the help
I was issued a Netopia router device, and in fact this box does do PPPoE authentication. I setup a PIX 501 behind it, and found that no matter what, I was coming up as the gateway IP (just as you are). This is after assigning static NATs, etc.
I was provided the login info for the router, and found that the router ITSELF was doing NAT. Once I turned that off, I came up as the correct IP. This is *AFTER* the SBC/Yahoo tech assured me I was all set to install my firewall, that NAT was off, etc - don't believe them, check for yourself!
Please also confirm that the device they issued you does not do PPPoE auth- that would be nice!
Thanks,
Justin