Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

SBC DSL - PPPOE - Static IP - Watchguard SOHO - SBS 2003

Posted on 2006-07-21
9
Medium Priority
?
1,119 Views
Last Modified: 2008-01-09
Hi All-
I am at a clients that just changed over from dynamic to static ips in the office.  We are putting in an SBS 2003 box.  The modem is a speadstream 5360 (which does not Authenticate PPPoE)  hence it needs a router in between it and the sbs to do the authentication.  grrrr. (ok technically not, but I've been down the PPPoE on an SBS route before)

So they have a Watchguard SOHO.  It is set to do PPPoE.  It logs on fine and I get internet.  However my Public IP from dnsstuff.com is the ip they provided as the gateway address.  I called sbc they said thats normal.  All you have to do is add the other IPs to your IP Table in the router/firewall.

OK sounds right.  But how?

Firewall 5.0.29
Dec 10 2001
Boot ROM 3.7
Platform WatchGuard SOHO


Since this is a 2 NIC sbs setup I'd like to just authenticate using the Watchguard and then send everythig to the server.  Can you bridge a SOHO? lol

The watchguard site is sloooww right now and I cant figure out how to
1.  add the ip addresses to the SOHO
and/or
2.  put the sbs in the DMZ.  

Also is there a way to mask the sbs?  so that when I send emails it has the external public ip and not the gateway address?

0
Comment
Question by:livegirllove
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
9 Comments
 
LVL 9

Expert Comment

by:NYtechGuy
ID: 17160510
I just dealt with SBC/Yahoo DSL and their "static IP" setup via PPPoE.  In fact they are "STICKY" IPs that are issued to you once you authenticate via PPPoE- but that isn't the main point here.

I was issued a Netopia router device, and in fact this box does do PPPoE authentication.  I setup a PIX 501 behind it, and found that no matter what, I was coming up as the gateway IP (just as you are).  This is after assigning static NATs, etc.

I was provided the login info for the router, and found that the router ITSELF was doing NAT.  Once I turned that off, I came up as the correct IP.  This is *AFTER* the SBC/Yahoo tech assured me I was all set to install my firewall, that NAT was off, etc - don't believe them, check for yourself!

Please also confirm that the device they issued you does not do PPPoE auth- that would be nice!

Thanks,

Justin
0
 
LVL 1

Author Comment

by:livegirllove
ID: 17160968
ah yes.  sticky ips.  thats what they call them.

The modem definately wont authenticate.  You cant bridge it or do anything to it.  As far as I know you cant even telnet into it to make ANY configuration changes.  It just sits there "stupid" and relies on whats behind it to do the auth.

I can get around the external gateway ip problem by forwarding all email out through the ISPs smarthost to avoid reverse dns pointer problems.

I can port forward everything I need into the server from the SOHO.

My main problem is how to add IPs to the SOHO.
0
 
LVL 1

Author Comment

by:livegirllove
ID: 17161042
5360 - Why You Don't Need to Configure it for TCP/IP

Because the Speedstream 5360 transports only MAC frames and does not ‘see’ any upper-layer protocol information encapsulated within these MAC frames, it is not capable of filtering or blocking any traffic based on IP information, port information or application layer information.  It simply passes ALL traffic bi-directionally from the end-user’s LAN to the service provider's network, and vice versa.

and here is the doc on the SOHO.

http://www.watchguard.com/help/SmallOffice/5.0/sohohelp.htm

I don't understand how to add new ips to it.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:livegirllove
ID: 17161107
I dont understand because I dont think I can.  Seems that it will do only one WAN ip interface.  

Fortunately I have an snapgear SG300 sitting here that I can use.  I can do IP aliasing with it.

Ill still accept any input...

thanks
0
 
LVL 9

Expert Comment

by:NYtechGuy
ID: 17161310
Looking at the link you posted, it seems like it does.

Not being very familiar with that box, I would ask this:

- Can you add "hosts" and then adjust the hosts properties to reflect a different translation?
- Is there a NAT section, where you might change NAT properties to reflect another translation for another host?

Thanks,

Justin
0
 
LVL 1

Author Comment

by:livegirllove
ID: 17161672
yes and yes.  let me give you the specs.  I need to plug it back in.  I would rather use the watchguard as its theirs and already paid for.  the SG300 is mine and they aren't gonna like spending another $300 on it.

I've also been playing with making SBS do the Authentication, but it leaves the second nic with no IP and shows as not connected even though the DSL is connected (although its through the WAN Mini port (PPPoE).  I thought maybe I could bridge the 2 but it doesnt work. If I could bridge it I could just add the extra IPs to the NIC 2.
0
 
LVL 1

Author Comment

by:livegirllove
ID: 17161707
ok the watchguard has a section called static routes

in the "add route" area there is a dropdown to choose host or network
a box for address
a box for gateway

0
 
LVL 9

Accepted Solution

by:
NYtechGuy earned 2000 total points
ID: 17161931

no, that doesn't sound like what you are looking for.  It is simply the interface to add a static IP route- which is to say it is to show the firewall to reach other networks:

to get to 172.16.10.0 go to the router with IP address 10.0.0.2  ... etc

0
 
LVL 1

Author Comment

by:livegirllove
ID: 17220421
resolution was to use a Cyberguard until the client purchased a netopia 3356.

thanks for the help
0

Featured Post

Plesk WordPress Toolkit

Plesk's WordPress Toolkit allows server administrators, resellers and customers to manage their WordPress instances, enabling a variety of development workflows for WordPress admins of all skill levels, from beginners to pros.

See why 2/3 of Plesk servers use it.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question