Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Multiple Wan Ip's
- Thread starter Orion13
- Start date
- Thread starter
- #2
Assuming you mean, gave you a small subnet range of IP addresses. You should be able to run the wizard from the console GUI and create a static NAT translation to a host for whatever service (ie. ftp, http, etc...) you need. When you run the wizard, it will prompt you for this information... public IP address, internal IP address of host, type of service.... This will create all of the NAT, address object(s), and firewall rules automatically so you don't have to do it manually.
- Thread starter
- #4
I have tried that. It puts the NAT info in correctly but there isn't a virtual port on the WAN side to catch the other IP address.
The cable modem gives us x.x.x.195 and .196. On the LAN side of the cable modem I Have a single cat5 line to the sonic wall. Its IP address is 10.1.10.6 and is working correctly and responds to the .195 from the internet side(WAN). For the second IP address I pointed it to 10.1.10.7. So don't I need a virtual port or something that shows a 10.1.10.7 on the WAN side of the sonicwall?
The cable modem gives us x.x.x.195 and .196. On the LAN side of the cable modem I Have a single cat5 line to the sonic wall. Its IP address is 10.1.10.6 and is working correctly and responds to the .195 from the internet side(WAN). For the second IP address I pointed it to 10.1.10.7. So don't I need a virtual port or something that shows a 10.1.10.7 on the WAN side of the sonicwall?
So you should have a X1 interface statically assigned x.x.x.195 with 255.255.255.248 (assuming a /29 mask)
Your X0 interface is assigned 10.1.10.6 (whatever mask)
This in turn has a dynamic NAT so that internal subnets are seen as all coming from the x.x.x.195 ip address (except for the static NAT(s) you define). This should have been automatically done for you when initially setting up the firewall with the GUI wizard.
Running the Public Server Wizard will prompt for service type (http, https, ftp, mail, etc...), server private information (name, private IP address 10.1.10.7), then the public address which would be your x.x.x.196). This will setup all of the static NAT rules and access rules. That's it; there's nothing else you have to define at the firewall. The new static NAT will show up under NAT Policies subsection under the Network section.
If you have done all that I have specified, what is not working for you?
Your X0 interface is assigned 10.1.10.6 (whatever mask)
This in turn has a dynamic NAT so that internal subnets are seen as all coming from the x.x.x.195 ip address (except for the static NAT(s) you define). This should have been automatically done for you when initially setting up the firewall with the GUI wizard.
Running the Public Server Wizard will prompt for service type (http, https, ftp, mail, etc...), server private information (name, private IP address 10.1.10.7), then the public address which would be your x.x.x.196). This will setup all of the static NAT rules and access rules. That's it; there's nothing else you have to define at the firewall. The new static NAT will show up under NAT Policies subsection under the Network section.
If you have done all that I have specified, what is not working for you?
- Thread starter
- #6
No I don't have an x1 anything. Let me try to explain this again.
I have a cable modem. The cable modem has the WAN side addresses of .195 and .196. In the cable modem there is a NAT setup. I have .195 nat to 10.1.10.6 (LAN side of cable modem WAN side of sonicwall). I have .196 nat to 10.1.10.7. When I setup the sonicwall I gave it the address of 10.1.10.6 on the WAN side and 192.168.168.1 on the LAN side. The .195 currently connects me to a computer on the 192.168.168.2 address. I need the .196 to connect to the 192.168.168.17 address. When I run the wizard it creates the NAT info for the 10.1.10.7 to point to 192.168.168.17 but there is nothing connecting the Cable modem to the sonicwall with the 10.1.10.7. The interfaces listed on my sonicwall are LAN, WAN, OPT, and WWAN.
I have a cable modem. The cable modem has the WAN side addresses of .195 and .196. In the cable modem there is a NAT setup. I have .195 nat to 10.1.10.6 (LAN side of cable modem WAN side of sonicwall). I have .196 nat to 10.1.10.7. When I setup the sonicwall I gave it the address of 10.1.10.6 on the WAN side and 192.168.168.1 on the LAN side. The .195 currently connects me to a computer on the 192.168.168.2 address. I need the .196 to connect to the 192.168.168.17 address. When I run the wizard it creates the NAT info for the 10.1.10.7 to point to 192.168.168.17 but there is nothing connecting the Cable modem to the sonicwall with the 10.1.10.7. The interfaces listed on my sonicwall are LAN, WAN, OPT, and WWAN.
Ok. I got you now... your double NAT'ing. So your cable modem also is a built in router/firewall(statefull packet inspection).
If the cable modem was just a modem, you'd be ok, but since your NAT'ing and then trying to NAT again at the Sonicwall, I see the issue your running into.
What you need to do is look for something in the cable modem called bridging. This will make the cable modem act as a modem only instead of a router/firewall. This will bridge/pass the x.x.x.193/29, or whatever subnet your part of as it could be larger, directly to the WAN interface of the Sonicwall. You then setup like I stated earlier. You might need to define your WAN port as DHCP initially so you can see what your gateway will be or if you can currently gleen that info from the modem (again your public IP addresses might actually be part of a large shared subnet and not just your own small subnet).
I mentioned the X1 and X0 interface as Sonicwall marks their ports (maybe not on that model, but all of their newer models) X0 default for LAN, X1 default for WAN... the GUI's designation of LAN, WAN, WWAN, OPT are more technically zones so security can be defined on what traffic is allowed to denied between zones. Those zones match up to physical ports and as stated, X0 defaults to LAN(zone) and X1 defaults to WAN(zone).
Hope that helps.
If the cable modem was just a modem, you'd be ok, but since your NAT'ing and then trying to NAT again at the Sonicwall, I see the issue your running into.
What you need to do is look for something in the cable modem called bridging. This will make the cable modem act as a modem only instead of a router/firewall. This will bridge/pass the x.x.x.193/29, or whatever subnet your part of as it could be larger, directly to the WAN interface of the Sonicwall. You then setup like I stated earlier. You might need to define your WAN port as DHCP initially so you can see what your gateway will be or if you can currently gleen that info from the modem (again your public IP addresses might actually be part of a large shared subnet and not just your own small subnet).
I mentioned the X1 and X0 interface as Sonicwall marks their ports (maybe not on that model, but all of their newer models) X0 default for LAN, X1 default for WAN... the GUI's designation of LAN, WAN, WWAN, OPT are more technically zones so security can be defined on what traffic is allowed to denied between zones. Those zones match up to physical ports and as stated, X0 defaults to LAN(zone) and X1 defaults to WAN(zone).
Hope that helps.
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question