Solved

Low price routers that will let me use multiple static IPs

Posted on 2012-03-14
10
326 Views
Last Modified: 2012-03-30
I've been assigned 5 static IPs from my ISP. Apparently my router can't take advantage of this (D-LINK DIR 615) and I need something that can.

Anyone here have any suggestions on a reasonably priced router? I don't need anything fancy, I just want to be able to assign vmware slices their own static IP addresses.

I was going to buy another NIC and run a wire to a switch in front of the router to connect directly to the cable modem but I'm not sure if that's a good idea.

Any thoughts?
0
Comment
Question by:mcainc
  • 3
  • 2
  • 2
  • +3
10 Comments
 
LVL 6

Expert Comment

by:xeroxzerox
ID: 37718722
Well, a router that handles IP addresses and low cost don't go together.  I have never seen a cheap SOHO router that has the capability.

You could probably setup a machine as a gateway and accomplish this, I haven't really researched this option.

You might also be able to use the switch outside the router, and connect a second NIC in the server machine to the router to allow access and updates.

For help check that link.
http://homesupport.cisco.com/en-us/wireless/lbc/wrt54gl
0
 
LVL 5

Expert Comment

by:andrew1812
ID: 37719334
If my understanding is correct, you are planning to use the static IP's for internal VMWARE hosted servers. You could use the static NAT feature , which would do a one to one mapping for servers residing inside. A used Cisco 2611 XM/1751 would solve your purpose.
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 37720203
maybe i am reading this wrong but i thought when an isp gives you multiple static ip's they give you a gateway ip that is what your router gets as its external the 5 other IP's are for use internal and would require that your servers have two nic's (1 internal, and 1 external) then all the router does is manage these similar to a multiple DMZ.

Cheers
Andrew
0
 

Author Comment

by:mcainc
ID: 37722984
My current router will only allow me to assign a single static ip to it. I went ahead and installed another NIC in this machine and put a switch before the router but now I'm stumped at how to approach this correctly.

Basically, I want my primary OS to utilize the network through the router so that it isn't directly accessible to the internet.

Now that I have installed the second NIC, I'm able to assign it an IP directly from the modem since there is no router in front of it. So now essentailly I have both internal and external connectivity on this main OS (NIC1 to router->internet and NIC2 to internet).

What I'm confused about is, how can I make sure that my OS only uses NIC1 for internet connectivity and that applications like my local development environment (apache/mysql) aren't accessible to the public through NIC2?

I hope that makes sense... this has me pretty confused!
0
 
LVL 25

Expert Comment

by:Fred Marshall
ID: 37723035
Here is what I'm doing with no "router" involved exactly.  That is, there is no router between the public addressed devices and the "internet" .. as there should not be anyway, right?

There is a router which provides the interface to the ISP.  The outside or WAN address is in a subnet used by the ISP.  The IP block assigned to us by the ISP "lives" on the inside / LAN side of the router.  The router LAN side takes up one of the block of addresses.  In other sites this role is taken by an ADSL modem.

Anyway, these inside ports router or modem are connected to a simple switch (well, in our case a managed switch).  Then each of the public addressed devices also plug into the switch.  They are each assigned their respective public IP addresses manually.

There is no firewall in between.  So, each device with a public address has to deal with its own firewall issues.  Some are VPN devices, one is an internet gateway/firewall, etc.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:mcainc
ID: 37723070
Yeah, I just didn't want my main OS to be publicly accessible but I needed a way to be able to assign IPs to the vmware workstation slices on the same machine.

It looks like I can't do this with the router I have so I figured I'll install a second NIC to get on the public subnet.

But now that this second NIC is on a public subnet, that essentially removes the protection of the router and opens this machine up to the outside?

I'm just paranoid and don't like the idea of having my main machine accessible to the public but I suppose with a proper firewall in place everything should be fine.
0
 
LVL 18

Assisted Solution

by:Andrew Davis
Andrew Davis earned 166 total points
ID: 37723100
This doesnt make sence. EVERY device on the internet are behind routers. You may be passing through all traffic or ports but it is still behind a router.

Why cant you do as Fmarshal is suggesting. even though it gets confusing with 'I'm doing with no "router" involved '  then next para 'There is a router which provides the interface' so there is a router.

it is just simple portforwarding or routing tables for the internal IP's which are publically addressable IP's

Cheers
0
 
LVL 25

Accepted Solution

by:
Fred Marshall earned 167 total points
ID: 37723121
I guess you could say there's a bit of a conflict in your requirements.

You don't want NAT between the publicly-addressed devices and the one true internet gateway device.  That's because your valuable public addresses would then be masked if it's even possible with your particular equipment.

But, I can imagine a firewall between the true internet gateway device and the other publicly-addressed devices.  Sounds like a DMZ sort of connection to me.  So perhaps the question is:  "Can I set up a DMZ for multiple publicly-addressed devices?"

This then raises the question:  What are the rules for the "public firewall" .. the thing that sits between your publicly-addressed devices and the public internet?

One configuration that's cited is with a DMZ Firewall, followed by the publicly-addressed devices including the site firewall.  In a case like this you could have 2 NICs with one on the main LAN and one in the DMZ zone.  The problem of course is that you are bypassing the main firewall at one of the NICs.    So, how do you isolate that NIC from the rest of your system?

I think this is why folks generally have different devices in different zones.
0
 
LVL 5

Assisted Solution

by:OOsorio
OOsorio earned 167 total points
ID: 37725942
There are internet modems that come with several ehternet ports (i.e. Motorola Netopia) and
routers with several ehternet pots as well (i.e. SonicWall NSA-240 @ $ 1,000.00).
The NSA-240 has 8 ehternet ports (X1 - X8) that can be defined with public IP addresses. Within the SonicWall router you would have to specify a direction, whatever comes in through the public IP defined in X1 send to X computer on the inside private network, traffic on X2 send to Y computer, etc.
0
 

Author Closing Comment

by:mcainc
ID: 37789934
thanks
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now