SBC DSL - PPPOE - Static IP - Watchguard SOHO - SBS 2003

Posted on 2006-07-21
Last Modified: 2008-01-09
Hi All-
I am at a clients that just changed over from dynamic to static ips in the office.  We are putting in an SBS 2003 box.  The modem is a speadstream 5360 (which does not Authenticate PPPoE)  hence it needs a router in between it and the sbs to do the authentication.  grrrr. (ok technically not, but I've been down the PPPoE on an SBS route before)

So they have a Watchguard SOHO.  It is set to do PPPoE.  It logs on fine and I get internet.  However my Public IP from is the ip they provided as the gateway address.  I called sbc they said thats normal.  All you have to do is add the other IPs to your IP Table in the router/firewall.

OK sounds right.  But how?

Firewall 5.0.29
Dec 10 2001
Boot ROM 3.7
Platform WatchGuard SOHO

Since this is a 2 NIC sbs setup I'd like to just authenticate using the Watchguard and then send everythig to the server.  Can you bridge a SOHO? lol

The watchguard site is sloooww right now and I cant figure out how to
1.  add the ip addresses to the SOHO
2.  put the sbs in the DMZ.  

Also is there a way to mask the sbs?  so that when I send emails it has the external public ip and not the gateway address?

Question by:livegirllove
  • 6
  • 3

Expert Comment

ID: 17160510
I just dealt with SBC/Yahoo DSL and their "static IP" setup via PPPoE.  In fact they are "STICKY" IPs that are issued to you once you authenticate via PPPoE- but that isn't the main point here.

I was issued a Netopia router device, and in fact this box does do PPPoE authentication.  I setup a PIX 501 behind it, and found that no matter what, I was coming up as the gateway IP (just as you are).  This is after assigning static NATs, etc.

I was provided the login info for the router, and found that the router ITSELF was doing NAT.  Once I turned that off, I came up as the correct IP.  This is *AFTER* the SBC/Yahoo tech assured me I was all set to install my firewall, that NAT was off, etc - don't believe them, check for yourself!

Please also confirm that the device they issued you does not do PPPoE auth- that would be nice!



Author Comment

ID: 17160968
ah yes.  sticky ips.  thats what they call them.

The modem definately wont authenticate.  You cant bridge it or do anything to it.  As far as I know you cant even telnet into it to make ANY configuration changes.  It just sits there "stupid" and relies on whats behind it to do the auth.

I can get around the external gateway ip problem by forwarding all email out through the ISPs smarthost to avoid reverse dns pointer problems.

I can port forward everything I need into the server from the SOHO.

My main problem is how to add IPs to the SOHO.

Author Comment

ID: 17161042
5360 - Why You Don't Need to Configure it for TCP/IP

Because the Speedstream 5360 transports only MAC frames and does not ‘see’ any upper-layer protocol information encapsulated within these MAC frames, it is not capable of filtering or blocking any traffic based on IP information, port information or application layer information.  It simply passes ALL traffic bi-directionally from the end-user’s LAN to the service provider's network, and vice versa.

and here is the doc on the SOHO.

I don't understand how to add new ips to it.

Author Comment

ID: 17161107
I dont understand because I dont think I can.  Seems that it will do only one WAN ip interface.  

Fortunately I have an snapgear SG300 sitting here that I can use.  I can do IP aliasing with it.

Ill still accept any input...

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.


Expert Comment

ID: 17161310
Looking at the link you posted, it seems like it does.

Not being very familiar with that box, I would ask this:

- Can you add "hosts" and then adjust the hosts properties to reflect a different translation?
- Is there a NAT section, where you might change NAT properties to reflect another translation for another host?



Author Comment

ID: 17161672
yes and yes.  let me give you the specs.  I need to plug it back in.  I would rather use the watchguard as its theirs and already paid for.  the SG300 is mine and they aren't gonna like spending another $300 on it.

I've also been playing with making SBS do the Authentication, but it leaves the second nic with no IP and shows as not connected even though the DSL is connected (although its through the WAN Mini port (PPPoE).  I thought maybe I could bridge the 2 but it doesnt work. If I could bridge it I could just add the extra IPs to the NIC 2.

Author Comment

ID: 17161707
ok the watchguard has a section called static routes

in the "add route" area there is a dropdown to choose host or network
a box for address
a box for gateway


Accepted Solution

NYtechGuy earned 500 total points
ID: 17161931

no, that doesn't sound like what you are looking for.  It is simply the interface to add a static IP route- which is to say it is to show the firewall to reach other networks:

to get to go to the router with IP address  ... etc


Author Comment

ID: 17220421
resolution was to use a Cyberguard until the client purchased a netopia 3356.

thanks for the help

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Mimecast Bounce 3 30
Connecting LAN to a new leased line 2 26
Cisco IOS from ipbase to ipservices 10 31
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now