dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2460
share rss forum feed

vladobb

join:2012-10-24
reply to Anav

Re: Zywall 2 Plus help needed with 2 public IP

Dear Anav,
they gave me 2 IP addresses which are translated to their "private" IPs, first is 193.86.118.221 which is www.buzalka.cz in public DNS records. I.e. for example if I try to enter from Internet mstsc www.buzalka.cz, I can connect to my server because I just forward 3389 port to my server from IP1 (i.e. from ISP local IP which they said is translated as IP1). You can try. The similar is for SMTP protocol, http 80 https 443.


vladobb

join:2012-10-24
reply to Anav

test


vladobb

join:2012-10-24
reply to Anav

Click for full size
Dear Anav

why they should not give me gateway address, it is required on WAN IP screen, regarding mask, I just entered 255.255.255.0 without thinking, is it wrong?


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4
reply to vladobb

I am subnet challenged and will let others answer that question, but it needs to be examined.

Still, how do you access your home network from the net if your IP is a private IP address???? 192.168.x.x ????


vladobb

join:2012-10-24
reply to vladobb

Dear Brano and Anav

I am forwarding ports 25 80 443 3389 to my server (SBS 2003) with address 192.168.0.1 in LAN. And as they said that they are translating my public IP 193.86.118.221 www.buzalka.cz to their private address 192.168.60.139 1:1, it simply works, it sounds logically for me. I.e. when you try telnet www.buzalka.cz 25, you will receive answer from my SMTP server on 192.168.0.1


vladobb

join:2012-10-24
reply to Anav

Click for full size
Dear Anav

simply I just forgot about private and public IP on ISP (WAN) side. I.e. for me 192.168.60.139 ISP private is 193.86.118.221 (public).
So I defined forwards in the picture and all works OK.

I.e. telnet www.buzalka.cz 25 gives you answer of SMTP. Mstsc www.buzalka.cz give you interface of RDP for server of LAN 192.168.0.1.

Please let me know what I can clarify.

V.


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4

So they have only given you ONE public IP???
How can they say they have given you two??

I am confused, hopefully Brano can make sense of this.

By the way as I stated before using .1 to identify the LANIP and manually .2 for the server, or if you prefer the default dhcp allocation of the router starting at .33 for all other devices.

--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4

Hi, I entered on WAN side of Zywall what I received from ISP, i.e. they have some small box on the roof (converting WIFI to LAN).

They gave me IP 192.168.60.139 and 192.168.60.140 with gateway 192.168.60.1 and DNS 192.168.60.1. And they said that they transparently translate public ip1 to 192.168.60.1 (1:1) and 192.168.60.140 to IP2.

they are translating my public IP xx.xx.118.221 www.buzalka.cz to their private address 192.168.60.139 1:1

for me 192.168.60.139 ISP private is xx.xx.118.221 (public).
I received 2 public IP addresses from ISP

+++++++++++++++++++++++++++++++++

I find it confusing in your second paragraph where you state a public IP1 to 192.168.60 when you have said that the public IPs they give you translate to .139 and .140 Is that reference to .60.1 a typo error.

Do you have 3 public iPs?
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment


vladobb

join:2012-10-24

dear Anav

yes that 2nd IP address is 193.86.118.224 which is 1:1 translated to ISP local IP 192.168.60.140

I have only 2 public IPs



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4

3 edits

So according to your input:
xx.xx.118.224 is associated 1-1 to IP 192.168.60.140
xx.xx.118.221 is associated 1-1 to IP 192.168.60.139

So what are they translating to 192.168.60.1 ???

I hope you can see my confusion...........

"And they said that they transparently translate public ip1 to 192.168.60.1 (1:1) and 192.168.60.140 to IP2.

they are translating my public IP xx.xx.118.221 www.buzalka.cz to their private address 192.168.60.139 1:1
++++++++++++++++++++++++++++++++++++++++

What is the model number of the modem router conversion unit they have installed. ??



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:9
Reviews:
·TekSavvy DSL
·Bell Fibe

1 edit
reply to vladobb

Here's what I'd start with.

1) Make sure your NAT is set to full feature (there's no screenshot of that).
2) Fix your NAT rules - re-order them like this (going by your PDF screenshot)
current rule #3 make it #1
current rule #1 make it #2
current rule #2 make it #3
...rules are evaluated from top to bottom, the server rule needs to be last one!
3) I'm guessing that your 1st IP .139 should work as desired including port forwarding. ... confirm that
4) Just for testing, change the .140 NAT to 1:1 and assign it to your LAN server and do some testing. I'm guessing this sould work.
5) Change .140 NAT to M-1 and see if port forwarding works as well ... this is the question I have, does it?
...remember to change firewall rules as desired.



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4
reply to vladobb

Who is your ISP, and which model modem (CPE) do you have.


vladobb

join:2012-10-24
reply to Anav

Hi Anav

I am so sorry, I mistyped local IPs it is 192.168.60.139 and 140 and therefore gtw and dns of ISP is 192.168.60.1



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4

1 edit
reply to vladobb

Hi Vlad, To recap what I think you should do.

1. Your WAN setup is fine. You indicate to the router that the IP associated with the router is 192.168.60.139. This means you can attach the server rule (in mapping) to this IP and port forwarding will work for the associated LAN.

2. Thus suggest you create a LANIP structure where the LANIP is 192.168.0.1 (subnet mask 255.255.255.0 etc). Your server should be something higher 192.168.0.5 for example.

3. Port forwarding would not change except the LANIP used of 192.168.0.5 Not sure if you mean FTP to be this LAN or not but if so, then it should still work fine.

4. For each port forwarding above you need to create a corresponding firewall rule. Wan to LAN.

5. Create a DMZ structure (much like the LAN structure). In this case assign the DMZ IP to be 192.168.5.1 subnet mask 255.255.255.0 etc. Assign any servers to an IP higher up 192.168.5.10 for example.

6. Via the mapping you will associate the DMZ to the public IP 192.168.69.140.

7. For these servers you will still need to create applicable firewall rules WAN to DMZ.

8. If you want to acccess from lan to dmz or dmz to lan you will have to create firewall rules (I think they are deny by default).

9. Also I believe you have to setup your physical ports on the router to be LAN port or DMZ port (been awhile with older router) and then cold boot that configuration.

10 Finally come to the Mapping portion. Basic structure will be in the order of .140 M-1 on line 1, .139 M-1 on line 2 and Server on line 3.

L..LocalStartIP...........ENDIP........GlobalStart.........GEnd....MAP.
1...192.168.5.1 ...192.168.5.128...192.168.60.140....N/A.....M-1
2...0.0.0.0.....255.255.255.255....192.168.60.139......N/A....M-1
3...N/A ...................N/A............. 0.0.0.0.............N/A...Server

Try this and see if you have the functionality you desire. I have never done two M-1 mappings but it should work.
I am not sure about the endip of .128 for the first rule I just picked a number.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment