Contributor
•
1 Message
Setup Static IP's Router behind RG 5031NV
I am trying to move from TWC to AT&T and need to have static IP's. I have a block of 5 usable and have been working with AT&T Level 2 support to try and get them working. They cannot figure this out. I would prefer to setup bridge mode in the device and let my firewall do all the routing and protection. This is my current setup. I have tried a few different things since the AT&T Level 2 guys can't figure it out. I've read that this model does not do bridging well, if at all. I've tried the DMZ route and that assigned a completely different public IP to my device than what I was given. How do I configure this device to work the way I need it to? If I can't get this to work, I'm going to seriously cancel the service. I'm on day 5 of trying to get this working.
Any help is greatly appreciated.
SomeJoe7777
Expert
•
9.4K Messages
10 years ago
0
gimp_dad
Teacher
•
5 Messages
10 years ago
0
0
JefferMC
ACE - Expert
•
35.2K Messages
10 years ago
Thank you @gimp_dad for posting your configuration and that you were able to get it working.
Actually, that makes sense to me. You're telling the RG that the next hop for traffic arriving at its WAN port on the public static addresses is the router on its LAN which it can reach at a private IP address, and telling your internal router that the next hop for the default route from its LAN side is the private IP address on the LAN side of the RG. The traffic arrives at the next hop, that router knows how to route that address and away the packet goes.
0
0
gimp_dad
Teacher
•
5 Messages
10 years ago
I agree that it all makes sense. This seems like a configuration that would be commonly desired. ATT should do a better job of explaining it. There is zero documentation on this mode. Part of what makes it unintuitive is because the identification of my router by using a private IP address from the RG is totally different treatment than used for either Supplementary Network or LAN IP modes.
By the way, my solution has one more level of complexity. I am actually mapping the Public IP block to a private block (192.168.3.xx). As a result the public static IP block is never specifically sent to my internal DMZ port. I have a WAN to DMZ NAT conversion in between. This, of course, makes it much easier to do two things:
1. have other supporting file or compute servers on the DMZ network for supporting my public servers,
2. allow more levels of virtual server mapping to be taken care of on my ZyWALL router (e.g. can map one public IP address to a mail server and a different web server).
Thanks for the help that got me started down the right path here.
0
0
SomeJoe7777
Expert
•
9.4K Messages
10 years ago
Yes, I agree that this Cascaded router setup is highly confusing:
1. Having public IP addresses on one side of a router, the Internet on the other side of the gateway, and an intervening RFC-1918 private IP network in between is counterintuitive. One would think that publically-addressed Internet packets could not (and should not) traverse a private network. However, this is actually a legal configuration given that the 2Wire router is prepared to route traffic over the private network.
2. Since you actually have another RFC-1918 private network behind your own router, the public IP addresses are actually completely virtual in that none of them are actually assigned to a physical LAN port on any device.
The cool part you have been able to do with this configuration is:
A) Be able to use your own router and static IP addresses behind it, which was never possible before the cascaded router option showed up in the last firmware update.
B) Cascaded router setup on the 2Wire + your 1:1 NAT configuration on your router essentially sidesteps the 2Wire routers' enforcement of 1:1 mappings between IP addresses and MAC addresses (i.e. no multihoming). You can now have all 5 of the public IP addresses usable within the same piece of hardware (the Zyxel router).
0
0
tato386
Contributor
•
3 Messages
9 years ago
I have a question about the solution to this problem. If you configure the WAN of your firewall with a private IP from the 5031 pool then I would think that the firewall itself would use the dynamic public IP from the 5031 WAN side. So devices _behind_ the firewall would have static public IPs but the firewall itself would be using a NATed and dynamic IP. This would be a problem for me because I am currently running a VPN from the firewall and I need that the WAN side of the firewall also be static.
So it seems like you can have one static for your firewall _or_ 5 statics for devices behind the firewall but you can't have statics for both?
Thanks,
Diego
0
0
Cloudhpc
Contributor
•
1 Message
8 years ago
0
0