• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 242
  • Last Modified:

Sonicwall as a Router

Hi,

We have recently had an unmanaged 100meg internet service installed by virgin.

They have provided us with a wan address and gateway on a /30 network as well as a public lan range of /27 which are our external addresses.

We have 2 Sonicwall NSA 3500 firewalls in failover mode which i would like to use as the gateway to our network. I would like to avoid buying a router to sit in between the two networks. Below is how i'm guessing that virgin envisage the network, however id like to remove the need for a router at our end.
                     
LAN ---- SW NSA /27 ----- /27 OUR ROUTER /30----- | ----- /30 VIRGIN ROUTER ----- INTERNET

Is it possible to create a sub interface on the Sonicwall and the appropriate routing rules so that the sonicwall can take care of the routing to virgin and also onto our lan? and if so any pointers would be most appreciated.

0
Eschmann
Asked:
Eschmann
  • 7
  • 6
2 Solutions
 
Benjamin MOREAUProject ManagerCommented:
Hi,

In all my SonicWall deployement, i configure public IP adress directly on my SonicWall (for you the /30 adress). And after, Virgin route all your /27 IP adress on your SonicWall.

You just have to create rules on your sonicwall like with "original destination IP = your /27 IP adress".

I have explain how i do.. but i'm in France; maybe Virgin can't do this...
0
 
EschmannAuthor Commented:
could you be more specific as to which type of rules?

routes? NAT rules?
0
 
Benjamin MOREAUProject ManagerCommented:
Just configure your WAN interface with /30 Ip addres (like this : https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7449)

And after, just add NAT Rules & Firewall rules to use you public IP Pool (/27) :

Exemple NAT Rule for SMTP :
 Original Source : any
 Trans. Dest : Original
 Orig Dest : Your Public IP in /27 pool
 Trans dest : Your Mail server in your LAN
 Orig Service : SMTP
 Trans service : Original

Exemple FW Rule :
 From : WAN
 To : LAN
 Service : SMTP
 Source : Any
 Destination : Your public IP in /27 pool
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
EschmannAuthor Commented:
it doesnt seem to be working.

Would the firewall NAT packets that are destined for the /27 network when it doesnt have a presence on that network? (its only on the /30)

wouldnt it just be dropping the packets?
0
 
amatson78Sr. Security EngineerCommented:
If you run a packet capture are you seeing uncommitted.g packets for one of the intended IP addresses ? If the ISP is routing to you correctly you will see it in the packet capture. If not then they need to correct their routing first.  
0
 
EschmannAuthor Commented:
I can see that the ISP are routing the packets to me correctly using packet capture however they are being dropped instead of forwarded on to a machine on my lan.
0
 
Benjamin MOREAUProject ManagerCommented:
could you post a capture of your NAT rule & your FW rule ?
0
 
EschmannAuthor Commented:
NAT rule to point traffic for an ip on the /27 network to a pc here running a telnet server
 NAT rule
FW rules(i know i dont need both)
 FW rule
Dropped packet monitor
 packet monitor
Virgin address1 is an address on the /27 range
Andy PC (EEW080) is a pc with a telnet server running on it (which i can connect to from machines on the LAN)

cheers guys!
0
 
Benjamin MOREAUProject ManagerCommented:
Sorry, but could you post a capture of the detail (when you click on the pen) ?
0
 
EschmannAuthor Commented:
here they are!
 nat fw
0
 
Benjamin MOREAUProject ManagerCommented:
could you give the content of "virgin address 1" ?

Your rules are OK; your ISP is corrctly routing your public IP, so i think it's a problem with your object "virgin address 1"
0
 
EschmannAuthor Commented:
virgin address 1 is an ip address on the /27 range supplied by the ISP
 vi1
0
 
Benjamin MOREAUProject ManagerCommented:
..i don't see... maybe try to specify the "original service" in the NAT Rule & the "service" in the FW Rule.
0
 
EschmannAuthor Commented:
no idea why it wasnt working straight away but now it is!

thanks MOREAU37
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now