midwestdev
asked on
comcast gateway - netgear firewall - sbs 2003 configuration can get out but not in
I have the following configuration:
Comcast modem/gateway:
LAN:192.168.1.1
255.255.255.0
DHCP:Off
Firewall: 1-1-NAT enabled
static ip 1 mapped to 192.168.16.2 sbs 2003 server
static ip 2 mapped to 192.168.16.3 web server
static ip3 mapped to .4 terminal server
Netgear Prosafe VPN Firewall
Wan1
IP: 192.168.1.2
sub: 255.255.255.0
gate:192.168.1.1
dns 192.168.16.2 sbs 2003
LAN:
IP: 192.168.16.1
sub:255.255.255.0
i opened ports: 25,80,443,444,4125,1723,33
I can access the internet fine from within my network and application like logmein works fine.
BUT I can not access OWA(exchange web access), Outlook from outside network using HTTP, terminal server or other web server.
I have the netgear as a failsafe with if comcast goes down then wan 2 ATT continues. Can you have 2 firewalls? Does it help? I get hit by people trying to logon my network nightly. I also have TrendMicro on all servers and workstations.
So, what is blocking static Ip request between comcast gateway and netgear firewall?
Comcast modem/gateway:
LAN:192.168.1.1
255.255.255.0
DHCP:Off
Firewall: 1-1-NAT enabled
static ip 1 mapped to 192.168.16.2 sbs 2003 server
static ip 2 mapped to 192.168.16.3 web server
static ip3 mapped to .4 terminal server
Netgear Prosafe VPN Firewall
Wan1
IP: 192.168.1.2
sub: 255.255.255.0
gate:192.168.1.1
dns 192.168.16.2 sbs 2003
LAN:
IP: 192.168.16.1
sub:255.255.255.0
i opened ports: 25,80,443,444,4125,1723,33
I can access the internet fine from within my network and application like logmein works fine.
BUT I can not access OWA(exchange web access), Outlook from outside network using HTTP, terminal server or other web server.
I have the netgear as a failsafe with if comcast goes down then wan 2 ATT continues. Can you have 2 firewalls? Does it help? I get hit by people trying to logon my network nightly. I also have TrendMicro on all servers and workstations.
So, what is blocking static Ip request between comcast gateway and netgear firewall?
Your comcast modem which is doing the NAT doesn't know about your servers on the 192.168.16.x network which is behind another firewall... You shoudn't really need two firewalls. I'd setup the static IPs on the Netgear firewall and use it as your primary. Nat should also be done on the Netgear...
NAT will not work in this case. Comcast gateway (business) will require a block of public IP's to properly route (NAT) traffic. Their gateway handles all requests and disrgards NAT to another device.
ASKER
The static IP for the teh comcast gatway are public gateways.
How do I disable the comcast firewall and make all traffic pass through for all 6 public static IP's I have?
How do I disable the comcast firewall and make all traffic pass through for all 6 public static IP's I have?
you may need to call up comcast to make that change.. just tell them you have your own firewall you want to manage and you want to use their cable modem as a bridge
You cannot put the comcast router into bridge mode, they do not allow that.
Put 1 IP on DMZ and set your router to that IP address.
Put 1 IP on DMZ and set your router to that IP address.
ASKER
would that be the wan IP of the netgear 192.168.1.2?
so setup would be:
comcast router:
WAN:given but comcast
LAN:192.168.1.1
DMZ 192.168.1.2
do i do anythign about teh NAT 1-1? for static IP pass thru
netgear router:
WAN: 192.168.1.2
LAN:192.168.16.1
so setup would be:
comcast router:
WAN:given but comcast
LAN:192.168.1.1
DMZ 192.168.1.2
do i do anythign about teh NAT 1-1? for static IP pass thru
netgear router:
WAN: 192.168.1.2
LAN:192.168.16.1
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.