/29 block, and wanting to run multiple NATs and directly connected hosts.

connchri

Daemon Poster
Messages
1,025
Location
Scotland, UK
Long time no speaky...

I have a nice internet connection (well, for being out in the sticks) and a Draytek 2920 router. From my ISP I have a static /29 block of IPv4 addresses, and /56 block of IPv6 addresses - lovely jubbly.

I'll have a spare few days in a months time and want to sort out my network - I did have an office network that is nat'd to a static IPv4 address, another subnet and vlan that is nat'd to another static IPv4, and one other vlan and subnet to a fixed IP for sharing my internet with a neighbour. So I've still had a few IPv4 addresses left. This was all set up via a pfSense router that I've since got rid off and replaced with the Draytek.

I'm wanting to set up a similar setup with the draytek, and I will soon enough. But one thing I never managed to get my head around was being able to also directly connect hosts to internet using the pfSense router as a gateway. I.E. having those three nat'd subnets, then another 2 or 3 hosts without a Nat and directly reachable from the net by their own fixed IP address.

Is anyone experienced enough with Draytek hardware to state whether what I want to do is possible? And although I'm well aquianted with the theory of networks (i've read enough books on it!), I've never done much of it besides simple vlans, trunking, and running Cat5e everywhere. Practical experience is severly lacking.

I essentially want to setup those three networks again, and add a couple of servers without them having to be nat'd with complex firewall rules - if possible I simply want them to be able to use the router as a gateway and nothing else.

Any tips to be had?
 
Last edited:
To do what you're saying I think you'd connect the servers to a bridge of some sort along with the Draytek, but then you can't use the Draytek as a gateway or firewall between the servers and the world.

Typically people will put a private IP address on the the servers and then do a static 1-to-1 NAT from the public IP to the private IP. I'm not familiar with Draytek so I can't speak to the specifics.
 
Yeah, I was wanting to avoid the 1 to 1 nat, so I can just administer the servers and their firewalls without having to deal with the firewall in the router.

I'll look into more of this bridging stuff. If I really have to, I may just have everything bridged and throw in a couple of old routers that can take care of natting the subnets - I've so many that I believe they are breading!
 
Again I have no experience with Draytek, but I know that with sonicwall for example, you can configure the ports in bridged mode. there is no NAT and the devices on each side of the firewall will be unaware of it's existence, but it will still analyze traffic and you have the ability to filter it and such.

Sounds like that kind of setup is what you need.
 
Last edited:
Back
Top Bottom