Low price routers that will let me use multiple static IPs

Posted on 2012-03-14
Medium Priority
Last Modified: 2012-03-30
I've been assigned 5 static IPs from my ISP. Apparently my router can't take advantage of this (D-LINK DIR 615) and I need something that can.

Anyone here have any suggestions on a reasonably priced router? I don't need anything fancy, I just want to be able to assign vmware slices their own static IP addresses.

I was going to buy another NIC and run a wire to a switch in front of the router to connect directly to the cable modem but I'm not sure if that's a good idea.

Any thoughts?
Question by:mcainc
  • 3
  • 2
  • 2
  • +3

Expert Comment

ID: 37718722
Well, a router that handles IP addresses and low cost don't go together.  I have never seen a cheap SOHO router that has the capability.

You could probably setup a machine as a gateway and accomplish this, I haven't really researched this option.

You might also be able to use the switch outside the router, and connect a second NIC in the server machine to the router to allow access and updates.

For help check that link.

Expert Comment

ID: 37719334
If my understanding is correct, you are planning to use the static IP's for internal VMWARE hosted servers. You could use the static NAT feature , which would do a one to one mapping for servers residing inside. A used Cisco 2611 XM/1751 would solve your purpose.
LVL 19

Expert Comment

by:Andrew Davis
ID: 37720203
maybe i am reading this wrong but i thought when an isp gives you multiple static ip's they give you a gateway ip that is what your router gets as its external the 5 other IP's are for use internal and would require that your servers have two nic's (1 internal, and 1 external) then all the router does is manage these similar to a multiple DMZ.

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!


Author Comment

ID: 37722984
My current router will only allow me to assign a single static ip to it. I went ahead and installed another NIC in this machine and put a switch before the router but now I'm stumped at how to approach this correctly.

Basically, I want my primary OS to utilize the network through the router so that it isn't directly accessible to the internet.

Now that I have installed the second NIC, I'm able to assign it an IP directly from the modem since there is no router in front of it. So now essentailly I have both internal and external connectivity on this main OS (NIC1 to router->internet and NIC2 to internet).

What I'm confused about is, how can I make sure that my OS only uses NIC1 for internet connectivity and that applications like my local development environment (apache/mysql) aren't accessible to the public through NIC2?

I hope that makes sense... this has me pretty confused!
LVL 26

Expert Comment

by:Fred Marshall
ID: 37723035
Here is what I'm doing with no "router" involved exactly.  That is, there is no router between the public addressed devices and the "internet" .. as there should not be anyway, right?

There is a router which provides the interface to the ISP.  The outside or WAN address is in a subnet used by the ISP.  The IP block assigned to us by the ISP "lives" on the inside / LAN side of the router.  The router LAN side takes up one of the block of addresses.  In other sites this role is taken by an ADSL modem.

Anyway, these inside ports router or modem are connected to a simple switch (well, in our case a managed switch).  Then each of the public addressed devices also plug into the switch.  They are each assigned their respective public IP addresses manually.

There is no firewall in between.  So, each device with a public address has to deal with its own firewall issues.  Some are VPN devices, one is an internet gateway/firewall, etc.

Author Comment

ID: 37723070
Yeah, I just didn't want my main OS to be publicly accessible but I needed a way to be able to assign IPs to the vmware workstation slices on the same machine.

It looks like I can't do this with the router I have so I figured I'll install a second NIC to get on the public subnet.

But now that this second NIC is on a public subnet, that essentially removes the protection of the router and opens this machine up to the outside?

I'm just paranoid and don't like the idea of having my main machine accessible to the public but I suppose with a proper firewall in place everything should be fine.
LVL 19

Assisted Solution

by:Andrew Davis
Andrew Davis earned 498 total points
ID: 37723100
This doesnt make sence. EVERY device on the internet are behind routers. You may be passing through all traffic or ports but it is still behind a router.

Why cant you do as Fmarshal is suggesting. even though it gets confusing with 'I'm doing with no "router" involved '  then next para 'There is a router which provides the interface' so there is a router.

it is just simple portforwarding or routing tables for the internal IP's which are publically addressable IP's

LVL 26

Accepted Solution

Fred Marshall earned 501 total points
ID: 37723121
I guess you could say there's a bit of a conflict in your requirements.

You don't want NAT between the publicly-addressed devices and the one true internet gateway device.  That's because your valuable public addresses would then be masked if it's even possible with your particular equipment.

But, I can imagine a firewall between the true internet gateway device and the other publicly-addressed devices.  Sounds like a DMZ sort of connection to me.  So perhaps the question is:  "Can I set up a DMZ for multiple publicly-addressed devices?"

This then raises the question:  What are the rules for the "public firewall" .. the thing that sits between your publicly-addressed devices and the public internet?

One configuration that's cited is with a DMZ Firewall, followed by the publicly-addressed devices including the site firewall.  In a case like this you could have 2 NICs with one on the main LAN and one in the DMZ zone.  The problem of course is that you are bypassing the main firewall at one of the NICs.    So, how do you isolate that NIC from the rest of your system?

I think this is why folks generally have different devices in different zones.

Assisted Solution

OOsorio earned 501 total points
ID: 37725942
There are internet modems that come with several ehternet ports (i.e. Motorola Netopia) and
routers with several ehternet pots as well (i.e. SonicWall NSA-240 @ $ 1,000.00).
The NSA-240 has 8 ehternet ports (X1 - X8) that can be defined with public IP addresses. Within the SonicWall router you would have to specify a direction, whatever comes in through the public IP defined in X1 send to X computer on the inside private network, traffic on X2 send to Y computer, etc.

Author Closing Comment

ID: 37789934

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question