External IP Range split between to interfaces or devices

Posted on 2009-02-11
Last Modified: 2013-12-24

I currently have a usual internet setup, with a block of external ip address on the internet connection and then my watchguard nats various external ip addresses to internal resources eg webserver, exchange server etc.

I now have the requirement that i need to have a mitel teleworker server on an external IP address that is not nated.  It has to be actually on the internet.

Can you give me any advice the best way to do so.  I thought about breaking the internet connection between the internet router and the watchguard firewall puting a switch inbetween and give the teleworker an ip address in that external range, and the default gateway would be the internet router?


Question by:philipfarnes
    LVL 32

    Expert Comment

    That is a possible solution to put the teleworker server directly on the internet with no firewall protection; another solution which can be implemented is to configure FB in drop-in mode and then put teleworker server behind it.
    With FB in drop-in mode all interfaces of FB would have one single IP address and FB would not do NAT for any network. For existing network for which FB does NAT, we would add secondary network with specific IP subnet on the specific interfaces, and FB would do NAT for secondary networks.
    We can now have teleworker server behind WG with a public IP [please ensure that this IP is not used by any 1-1 NAT settings or aliases in WG configuration] and have complete firewall protection for teleworker server.
    If needed we can open ANY server from specific external IP to teleworker server, so there would be no NAT and so to say no firewall between the configured addresses.

    Please let know if you need more details.

    Thank you.

    Author Comment

    We ended up using drop-in mode


    LVL 32

    Accepted Solution

    Putting the FB in drop-in mode was given as solution in the only post to this question; comment # 23619027.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    NetScaler load balancer for Linux containers

    Get all the features you need to load balance your containerized microservices applications from NetSCaler CPX Express. Integrated with Google Kubernetes, Docker Swarm, and Apache Mesos container management systems.  Supported by Citrix. Free trial version. Deploy in minutes.

    This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
    If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now