asked on
SonicWall and Cox CIDR Block accessible via WAN
The IP’s are similar, but different ranges and subnets:
IP for the WAN is 98.189.xxx.xxx / Mask: 255.255.255.128
They have a new CIDR block with this setup. The xxx in the CIDR are NOT the same as the WAN single IP above.
Subnet: 98.189.xxx.64/26
NetMask: 255.255.255.192
Suggested Default Gateway: 98.189.xxx.65
First Useable: 98.189.xxx.66
Last Useable: 98.189.xxx.126
Broadcast: 98.189.xxx.127
I have come across a few different similar suggestions however I’m sure I am not doing something correctly as none of these have worked for me.
https://www.experts-exchange.com/questions/28001275/Networking-CIDR-Routing-TMG2010.html
https://www.experts-exchange.com/questions/28566277/Configure-Sonicwall-for-CIDR-block-with-a-Host-IP.html
https://www.sonicwall.com/support/knowledge-base/configuring-multiple-wan-subnets-using-static-arp-with-sonicos-enhanced/170503911164326/
Any help would be greatly appreciated! Thanks!
Based on what you posted, the static routes method was correct. However, since you also want your systems to "show" as one of the IPs in the block, you also need to have a NAT policy that reflects what you want. (So for example, any traffic from interface X2 going to the internet should NAT to 2.3.4.5, and vice versa)
Also. consider the following, you have a range of external IPs. You can write a NAT rule so that any traffic from interface (Whatever) through the DMZ line should use a specific address OR you can make a more specific rule so that each computer has it's own "external" address.. Based on your needs of course.
ASKER
I assigned the DMZ with IP ending in .65
I assigned the laptop with IP ending in .66
That seemed to work but the public IP seen was the WAN IP
I've added static ARP entries for each of the CIDR block of IP's.
I've added an Access Rule for Any from the DMZ to Any on the WAN
I'm confused as to what IP's I would use for a NAT policy? The CIDR block is already public and assigned to workstations in the DMZ zone.
Thank you again for your help. This is above my knowledge of programming the Sonicwall and I am lost.
When you assign the address of X.X.X.65 to your DMZ interface, you are basically telling your workstation to route ALL the packets to your SonicWall, that much I'm sure you understand.
The question is, how does your sonicwall decide to forward the traffic it receives.
When you receive a set of addresses, you should also be told by the provider what is the default gateway on thier end, otherwise, your sonicwall can't route the information.. Based on the information you've given me I guess it .64 (check this BEFORE implementing any changes)
If that is the case, you need to tell your sonicwall to route all traffic received from that subnet (X.X.X.64/26) to X.X.X.64 (which according to logic would be some sort of router on your providers end)
The NAT would only be relevant if you gave computers internal addresses and the used the Firewall to let them out under a NAT (the routing rule would still apply however)
ASKER
Subnet is x.x.x.64/26
Gateway is x.x.x.65
First Useable is x.x.x.66
Last Useable is x.x.x.126
Cox says that traffic should be going to .65
in that case, .65 is probably their address, change your interface address to .66, create a routing rule from the network to .65 and see how that works out for you
DMZ is not WAN, most firewalls will consider the DMZ interface as a LAN address, you'd need to first of all redirect all traffic from those computers to the world fia the dmz interface and then create a NAT rule over that