SBC DSL - PPPOE - Static IP - Watchguard SOHO - SBS 2003

Hi All-
I am at a clients that just changed over from dynamic to static ips in the office.  We are putting in an SBS 2003 box.  The modem is a speadstream 5360 (which does not Authenticate PPPoE)  hence it needs a router in between it and the sbs to do the authentication.  grrrr. (ok technically not, but I've been down the PPPoE on an SBS route before)

So they have a Watchguard SOHO.  It is set to do PPPoE.  It logs on fine and I get internet.  However my Public IP from is the ip they provided as the gateway address.  I called sbc they said thats normal.  All you have to do is add the other IPs to your IP Table in the router/firewall.

OK sounds right.  But how?

Firewall 5.0.29
Dec 10 2001
Boot ROM 3.7
Platform WatchGuard SOHO

Since this is a 2 NIC sbs setup I'd like to just authenticate using the Watchguard and then send everythig to the server.  Can you bridge a SOHO? lol

The watchguard site is sloooww right now and I cant figure out how to
1.  add the ip addresses to the SOHO
2.  put the sbs in the DMZ.  

Also is there a way to mask the sbs?  so that when I send emails it has the external public ip and not the gateway address?

Who is Participating?
NYtechGuyConnect With a Mentor Commented:

no, that doesn't sound like what you are looking for.  It is simply the interface to add a static IP route- which is to say it is to show the firewall to reach other networks:

to get to go to the router with IP address  ... etc

I just dealt with SBC/Yahoo DSL and their "static IP" setup via PPPoE.  In fact they are "STICKY" IPs that are issued to you once you authenticate via PPPoE- but that isn't the main point here.

I was issued a Netopia router device, and in fact this box does do PPPoE authentication.  I setup a PIX 501 behind it, and found that no matter what, I was coming up as the gateway IP (just as you are).  This is after assigning static NATs, etc.

I was provided the login info for the router, and found that the router ITSELF was doing NAT.  Once I turned that off, I came up as the correct IP.  This is *AFTER* the SBC/Yahoo tech assured me I was all set to install my firewall, that NAT was off, etc - don't believe them, check for yourself!

Please also confirm that the device they issued you does not do PPPoE auth- that would be nice!


livegirlloveAuthor Commented:
ah yes.  sticky ips.  thats what they call them.

The modem definately wont authenticate.  You cant bridge it or do anything to it.  As far as I know you cant even telnet into it to make ANY configuration changes.  It just sits there "stupid" and relies on whats behind it to do the auth.

I can get around the external gateway ip problem by forwarding all email out through the ISPs smarthost to avoid reverse dns pointer problems.

I can port forward everything I need into the server from the SOHO.

My main problem is how to add IPs to the SOHO.
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

livegirlloveAuthor Commented:
5360 - Why You Don't Need to Configure it for TCP/IP

Because the Speedstream 5360 transports only MAC frames and does not ‘see’ any upper-layer protocol information encapsulated within these MAC frames, it is not capable of filtering or blocking any traffic based on IP information, port information or application layer information.  It simply passes ALL traffic bi-directionally from the end-user’s LAN to the service provider's network, and vice versa.

and here is the doc on the SOHO.

I don't understand how to add new ips to it.
livegirlloveAuthor Commented:
I dont understand because I dont think I can.  Seems that it will do only one WAN ip interface.  

Fortunately I have an snapgear SG300 sitting here that I can use.  I can do IP aliasing with it.

Ill still accept any input...

Looking at the link you posted, it seems like it does.

Not being very familiar with that box, I would ask this:

- Can you add "hosts" and then adjust the hosts properties to reflect a different translation?
- Is there a NAT section, where you might change NAT properties to reflect another translation for another host?


livegirlloveAuthor Commented:
yes and yes.  let me give you the specs.  I need to plug it back in.  I would rather use the watchguard as its theirs and already paid for.  the SG300 is mine and they aren't gonna like spending another $300 on it.

I've also been playing with making SBS do the Authentication, but it leaves the second nic with no IP and shows as not connected even though the DSL is connected (although its through the WAN Mini port (PPPoE).  I thought maybe I could bridge the 2 but it doesnt work. If I could bridge it I could just add the extra IPs to the NIC 2.
livegirlloveAuthor Commented:
ok the watchguard has a section called static routes

in the "add route" area there is a dropdown to choose host or network
a box for address
a box for gateway

livegirlloveAuthor Commented:
resolution was to use a Cyberguard until the client purchased a netopia 3356.

thanks for the help
All Courses

From novice to tech pro — start learning today.