Go Back   Computer Forums > General Computing > Networking | DNS
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 04-18-2018, 07:40 PM   #1
Daemon Poster
 
connchri's Avatar
 
Join Date: Mar 2005
Location: Scotland, UK
Posts: 1,025
Send a message via MSN to connchri
Default /29 block, and wanting to run multiple NATs and directly connected hosts.

Long time no speaky...

I have a nice internet connection (well, for being out in the sticks) and a Draytek 2920 router. From my ISP I have a static /29 block of IPv4 addresses, and /56 block of IPv6 addresses - lovely jubbly.

I'll have a spare few days in a months time and want to sort out my network - I did have an office network that is nat'd to a static IPv4 address, another subnet and vlan that is nat'd to another static IPv4, and one other vlan and subnet to a fixed IP for sharing my internet with a neighbour. So I've still had a few IPv4 addresses left. This was all set up via a pfSense router that I've since got rid off and replaced with the Draytek.

I'm wanting to set up a similar setup with the draytek, and I will soon enough. But one thing I never managed to get my head around was being able to also directly connect hosts to internet using the pfSense router as a gateway. I.E. having those three nat'd subnets, then another 2 or 3 hosts without a Nat and directly reachable from the net by their own fixed IP address.

Is anyone experienced enough with Draytek hardware to state whether what I want to do is possible? And although I'm well aquianted with the theory of networks (i've read enough books on it!), I've never done much of it besides simple vlans, trunking, and running Cat5e everywhere. Practical experience is severly lacking.

I essentially want to setup those three networks again, and add a couple of servers without them having to be nat'd with complex firewall rules - if possible I simply want them to be able to use the router as a gateway and nothing else.

Any tips to be had?
__________________

__________________
Delta: "What's wrong Chris?? Chris: "I miss my old Cyrix"
connchri is offline   Reply With Quote
Old 04-18-2018, 10:05 PM   #2
Fully Optimized
 
crazyman143's Avatar
 
Join Date: May 2004
Location: USA
Posts: 2,963
Default Re: /29 block, and wanting to run multiple NATs and directly connected hosts.

To do what you're saying I think you'd connect the servers to a bridge of some sort along with the Draytek, but then you can't use the Draytek as a gateway or firewall between the servers and the world.

Typically people will put a private IP address on the the servers and then do a static 1-to-1 NAT from the public IP to the private IP. I'm not familiar with Draytek so I can't speak to the specifics.
__________________

__________________
crazyman143 is offline   Reply With Quote
Old 04-19-2018, 10:44 AM   #3
Daemon Poster
 
connchri's Avatar
 
Join Date: Mar 2005
Location: Scotland, UK
Posts: 1,025
Send a message via MSN to connchri
Default Re: /29 block, and wanting to run multiple NATs and directly connected hosts.

Yeah, I was wanting to avoid the 1 to 1 nat, so I can just administer the servers and their firewalls without having to deal with the firewall in the router.

I'll look into more of this bridging stuff. If I really have to, I may just have everything bridged and throw in a couple of old routers that can take care of natting the subnets - I've so many that I believe they are breading!
__________________
Delta: "What's wrong Chris?? Chris: "I miss my old Cyrix"
connchri is offline   Reply With Quote
Old 04-20-2018, 02:38 PM   #4
Fully Optimized
 
crazyman143's Avatar
 
Join Date: May 2004
Location: USA
Posts: 2,963
Default Re: /29 block, and wanting to run multiple NATs and directly connected hosts.

Again I have no experience with Draytek, but I know that with sonicwall for example, you can configure the ports in bridged mode. there is no NAT and the devices on each side of the firewall will be unaware of it's existence, but it will still analyze traffic and you have the ability to filter it and such.

Sounds like that kind of setup is what you need.
__________________
crazyman143 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 06:03 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2018, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0