Configuring 5 statics IPs

Posted on 2011-10-07
Last Modified: 2012-05-12
Today I received from Comcast 5 statics IPs as I requested them. I bought a router Cisco and I plan to set up a DMZ for my servers, but Comcast assigned the Default Gateway IP to their modem and now I am not able to create a DMZ and protect the traffic going to my servers.

I asked them to set up a subnet between the modem and my router with privates IP addresses so I would be able to assign the Default Gateway IP to the router's interface that face the DMZ, but they told me that they have to leave the Default Gateway IP address on the modem.

Now I am stock, because I don't know how can create a DMZ and filter the traffic as it passes throughout my router. One of the things that I am trying to avoid is to put the router to do Nat.

I really appreciate any help.
Question by:midelafe
    LVL 4

    Accepted Solution

    Why are you trying to avoid NAT?  It's generally simple to configure.

    You could theoretically split your five IPs into two subnets but that would be a leave you without enough IPs to be useful:
    - the first IP for the router external i/f, in the same subnet as the default gateway
    - the second IP for the broadcast address of the lower half
    - the third IP for the subnet address of the upper half
    - the fourth IP for the router internal i/f, in the upper half
    - the fifth IP for is the only one available for an internal system
    As you can see, you end up with only three usable IP addresses.

    I think your only choices are to use NAT, lease more IP addresses, or find an ISP that supports IPv6.

    LVL 8

    Expert Comment

    The Comcast SMC modem, from what I gather, can, and I think by default does, simply pass through your IPs, i.e, should be in bridge mode (so to speak).

    This means if you assign an outward facing wan port one of your statics, then it will be on the net.

    So that wan-connected device's firewall can then be configured however you wish, i.e., normally, whether its providing a dmz and a lan, or whathaveyou.

    LVL 4

    Expert Comment

    Look at Transparent Firewall for the DMZ leg

    The Transparent Cisco IOS Firewall feature allows users to "drop" a Cisco IOS Firewall in front of their existing network without changing the statically defined IP addresses of their network-connected devices. Thus, users can allow selected devices from a subnet to traverse the firewall while access to other devices on the same subnet is denied

     What kind of firewall/router do you have?

    Author Comment

    dcj21, I was reading on about the Transparent Cisco IOS Firewall but unfortunately this solution doesn't fit my needs since I can not apply Firewall rules at layer 3  on the ports that Bridged Virtual Interface (BVI) is configured.
    This is what you can read in the site: """""Because the Layer 2 firewall intercepts packets at Layer 2 and is "transparent" to the existing network, Layer 3 firewall limitations are not applicable.""""""

    Thanks any way for your help, but I am in the same point that I was at the beginning.

    klodefactor, I don't want to do NAT because I want each  server to have its own static IP address on the DMZ, and another thing is that I don't want to compromise the router's resources in the NAT process.

    Tahnk you all any way, if any other solution arise just let me know.
    LVL 4

    Assisted Solution

    I normally use NAT in situations like you describe. I don't understand why not to use NAT, it's the standard way it's done.

    If you use static NAT each server will have it's own out side IP address.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    Read about achieving the basic levels of HRIS security in the workplace.
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now