dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2777
CaptTrips
join:2005-03-01
Flower Mound, TX

CaptTrips

Member

Business 15/2 with 5 Static IPs

Just thought I would share my experiences with my 15/2 static install that was done this past week.

The hardware and all that went off without a hitch, but trying to get it working is where the fun began.

First off, let me tell you that the installers were great, did a clean job, and were pleasant to talk with...unfortunately, it is obvious that they only do 1 static install in 100, and therefore do not have much experience in how it works.

Before my install date, I received and email from the Businesss Fios folks with my IP address assignments and configuration info.

Here is the info they sent me (I have X'd out parts of the IP):
Your Static IP addresses, have been assigned as follows:

Qty: 5
Starting IP address: X.X.X.162
Ending IP address:

You will also need to configure:
Gateway: X.X.X.1
Subnet Mask: 255.255.255.0
Funny that they didn't give me the ending address, but I can count to 5, so no big deal.

When the installers began configuring, they had the same information as me on the workorder. We set the router to static, put the start address, subnet, and gateway info in it, and could not connect. They called their tech side to watch for traffic, verified all the numbers again, and they were all stumped.

Here is where having a brain full of (mostly) useless information helped.

Before Fios, I had a VZ 1.5 dsl with 5 static ip through august.net. I recalled that the 5 static IP were actually assigned as an 8 IP block as follows:

x.x.x.208 - reserved for network
x.x.x.209 - gateway
x.x.x.210 - usable
x.x.x.211 - usable
x.x.x.212 - usable
x.x.x.213 - usable
x.x.x.214 - usable
x.x.x.215 - broadcast

with a subnet of 255.255.255.248 (not .0)

So on a whim, while the tech guys were on hold, I suggested we try to change the subnet to .248, and the gateway to the ip one below my first usable (.161), and voila it worked.

They looked at me like I just pulled random numbers out of my ass, which was pretty close to the truth.

So, moral of this story is: If you get an email from VZ with your IP addresses, and when they get there to set it up, they can't make it work, try the .248 subnet (which indicates the subnet as 8 IPs) and set the gateway to the IP just below your first usable one.

I don't know if this is a mistake that they make alot, or even if the provisioning of IP addresses varies by location, but its what worked for me!

I'd like to hear from others with static ip as to how they set their subnet and gateway.

Keith

NOCMan
MadMacHatter
Premium Member
join:2004-09-30
Colorado Springs, CO

NOCMan

Premium Member

We'll I was right.. they dont know subnet calculations. And I thought it strange that they would just give you 5 ip's in a /24 or 255.255.255.0 block since you technically would be part of the whole 254 ip's on that class C.

So they gave you .248 which actually gives you 8 Ip's (shhh!)

So if .161 is your gateway then .168 should be your broadcast and your available ip's are 2-7 which is 6 good ip's. So technically you could use 5 for your servers and the 6th for your dhcp nat pool.

I dont know why they give you 5 since they really give you 6.
druber
join:2000-04-11
Stow, MA

1 edit

druber

Member

your math is off. the first and last address are not usable, and another is the gateway. for a /29, the user will have 5 usable IPs.

Edrick
I aspire to tell the story of a lifetime
Premium Member
join:2004-09-11
San Diego, CA

Edrick to CaptTrips

Premium Member

to CaptTrips
How much is it for the business plan?
CaptTrips
join:2005-03-01
Flower Mound, TX

CaptTrips to NOCMan

Member

to NOCMan
I think it breaks down like this:

8 IP's (.160 - .167)
First and eighth unusable (.160 (?)& 167 (broadcast))
Second one is the gateway (.161)
3 - 7 are my IP addresses (.162 thur .166)

Anyway, I was way suprised to see that not only did the installers not have any idea, but even on the workorder they had the totally wrong subnet & router.

Keith
CaptTrips

CaptTrips to Edrick

Member

to Edrick
said by Edrick:

How much is it for the business plan?
$99.95 for the 15/2 with 5 static.

Keith

NOCMan
MadMacHatter
Premium Member
join:2004-09-30
Colorado Springs, CO

NOCMan to CaptTrips

Premium Member

to CaptTrips
Yep I was off.. just woke up..

Anywho I think it's a ripoff double the price just for static ip's.. they really should give you 15/5.
druber
join:2000-04-11
Stow, MA

druber

Member

i don't think they can do 5mb upstream. my recollection of the bandwidth division up&down is that the 32 users on a node divide up enough to get 2mb each. same reason why the 30mb down is so expensive (requires special provisioning...?)
JohnA4
Premium Member
join:2003-09-16
Pittsburgh, PA

JohnA4 to NOCMan

Premium Member

to NOCMan
said by NOCMan:

Anywho I think it's a ripoff double the price just for static ip's.. they really should give you 15/5.
Can't they've got the 5/5 with 5 statics, people paying over $200. One or the other would have to go.
lgkahn7
Premium Member
join:2005-02-15
Londonderry, NH

lgkahn7 to CaptTrips

Premium Member

to CaptTrips
well I have a 29 ip block from verizon and I can tell you from experience that putting in a subnet maqsk of 255.255.255.224 does not work.. some of the ips work but the upper ips did not...

I had to go back to the 255.255.255.0 mask and build a bridging transparent firewall because in this confg the default gw .1 is on the same subnet as the ips so routing didn't work.. maybe it didn't work for you becuase youare trying to route and it wont work unless you subnet which is esentially what you did.
druber
join:2000-04-11
Stow, MA

druber

Member

that's because a /29 mask is 255.255.255.248 not 224! as other posts here said you get 5 usable addresses (gateway is the 6th, first is unusable and last is broadcast address and also not useable)
lgkahn7
Premium Member
join:2005-02-15
Londonderry, NH

lgkahn7 to CaptTrips

Premium Member

to CaptTrips
hey idiot READ I didn't say a 29 subnet I said 29 ip addresses..

that is 29 separate ips got it.. which is a 255.255.255.224
or /27 block
Cyber2lz
join:2001-11-15
Odessa, FL

Cyber2lz to CaptTrips

Member

to CaptTrips
8 IP's (.160 - .167)
First and eighth unusable (.160 (?)& 167 (broadcast))
Second one is the gateway (.161)
3 - 7 are my IP addresses (.162 thur .166)

? = (wire) or Net. No ????
druber
join:2000-04-11
Stow, MA

druber to lgkahn7

Member

to lgkahn7
with that kind of attitude, good luck getting any help around here. geeze...

cdru
Go Colts
MVM
join:2003-05-14
Fort Wayne, IN

cdru to Cyber2lz

MVM

to Cyber2lz
said by Cyber2lz:

First and eighth unusable (.160 (?)& 167 (broadcast))

? = (wire) or Net. No ????
It's commonly referred to has network address, or you could refer to it as the .160 network. Technically though the network address is also a broadcast address, but it just confuses some people in the end.

snuffz85
@mminternet.com

snuffz85 to CaptTrips

Anon

to CaptTrips
What kind of router or device are you guys using on the FIOS side with your statics?

HaloBox
join:2002-01-10

HaloBox

Member

said by snuffz85:

What kind of router or device are you guys using on the FIOS side with your statics?
I am using an operating system to route traffic. I may put one of the surplus routers I have on a port later, but right now, it isn't needed.
lgkahn7
Premium Member
join:2005-02-15
Londonderry, NH

1 edit

lgkahn7 to CaptTrips

Premium Member

to CaptTrips
I built my own linux box (fedora core) because if you want to use all of your ip addresses with security (ie not put them on a dmz in the open) you cannot route the way verizon provisions the ips with the default gateway on the same subnet as your ips with a mask of 255.255.255.0 I tried other masks but as
I said with my 29 ips the upper ips didn't work with a different mask ... as someone else said this may work with a smaller subnet.

but anyway on to my case.. since you cannot route with the WAN interface on the same subnet as the lan ... I talked to verizon and they said either use private on the inside ips.. and route.. yes this defeats the use of the ips.. however, you could I suppose use 1:1 nat but then you would need different intenal dns than external and it is generally a pain.. I paid for the public ips to be able to use them as such.

most isps give you a WAN ip on a different subnet so you can use a normal router and have your ip block be your lan ips.

that is the way our SDSL is at the other office.

no such luck with verizon..

you could also just hook a switch up behind your dsl modem in bridge mode and use all the ips that is what verizon told me to do.. yes it works but now all machines are in the open with no firewall or security.. thanks verizon.

so eventually I found out about transparent bridges and built my linux box with 3 nics.. 2 for the bridge and 1 for box maint. I put a firewall on the bridge/forward interface using iptables and have a pptp vpn also working on the box... works slick once all is configured..

if I can be of more help let me know...

side note: I am doing this on a bus. dsl acct not fios as fios is not avail. yet here.. but it has been announced and will be by the end of the year.
CaptTrips
join:2005-03-01
Flower Mound, TX

1 edit

CaptTrips to snuffz85

Member

to snuffz85
I am using a dedicated server (win2k3) running as a firewall (Kerio Firewall Server Ent). The only issue I ran into in getting it all working with Fios was the fact that my little POS P2-400 that I had been using for this box couldn't keep up with all the packets coming in at 15Mbit, so I had to throw in a new cpu/mobo. Works like a charm now though.

As for the routing, the firewall box listens on all 5 static IP, and then passes them to specific boxes in my internal (192.168.x.x) network. Some internal machines do an outbound translation to tie them to a specific public address as well.

Keith
lgkahn7
Premium Member
join:2005-02-15
Londonderry, NH

1 edit

lgkahn7 to CaptTrips

Premium Member

to CaptTrips
cool my box is a home built asus pundit with a celeron 2.4 ghz processor.. I don't think it would have a problem keeping up with fios... it was a little over 300 to build.. I will look into your win xp solution also as It sounds cool.

so your windows box is basically doing 1:1 nat

can it be configured for a transparent bridge like the linux box.. I couldn't find any info on a windows solution
CaptTrips
join:2005-03-01
Flower Mound, TX

CaptTrips

Member

1:1 nat - selectively yes. I have 2 internal servers and my primary desktop machine that do 1:1, I use one public address to hit a couple of other machines, tivos, etc by differentiating ports.

The firewall box is running 2 nics...hadn't even thought about the 3 nic transparent bridge thing. I'll have to google and understand it better. I'm by no means a firewall/network/routing guru...I just figured out way back what worked for me and pretty much stick with it...I had a 5 static dsl prior to fios.
Cyber2lz
join:2001-11-15
Odessa, FL

Cyber2lz to CaptTrips

Member

to CaptTrips
Linksys WRT with Alchenmy 1.0 software from SV*.
Rock Solid with Fios through TampabayFiber, no V*.
DHCP, no PPoE.

snuffz85
@mminternet.com

snuffz85 to lgkahn7

Anon

to lgkahn7
""side note: I am doing this on a bus. dsl acct not fios as fios is not avail. yet here.. but it has been announced and will be by the end of the year.""

Heh, I was asking specifically for FIOS info, since that was my problem (I too run 5 statics on my standard DSL without routers, each server has it's own IP). The problem I have is that FIOS won't work being plugged right into the NIC on one of my servers, which acting in ProxyARP mode would route static IPs right through to the internal NICs without translation. The FIOS not working (an issue outside of Texas) right in the NIC is the real problem, I have to have a router like the freelink (I mean, D-link) they sent.

If you want a cookbook for linux routing via firewall, google Shorewall ProxyARP and you'll have some good stuff.

Now to get Verizon to fix their ONT problems so we can build our own routers....

HaloBox
join:2002-01-10

HaloBox

Member

Why do you say perimeter or filtered DMZ networks don't work outside Texas?
druber
join:2000-04-11
Stow, MA

druber

Member

the post is kind of confusing, but i'm guessing he's referring to the fact that you'd need PPPoE outside texas, so you can't just throw multiple systems on the wire, you need a router?
lgkahn7
Premium Member
join:2005-02-15
Londonderry, NH

lgkahn7 to CaptTrips

Premium Member

to CaptTrips
for a bus. acct with static ips you shouldn't need ppoe.. so this is bad if you cannot just plug your fios into a homebuilt router or bridge because there is no way to use all the static ips without it.. since as I mentioned you cannot route the way they are provisioned and still use the static ips on each computer ... other than putting them on the dmz and then you have no security.. keep us informed becuase this is a serious issuje and will stop me from getting fios if not resolved...

HaloBox
join:2002-01-10

2 edits

HaloBox

Member

said by lgkahn7:

for a bus. acct with static ips you shouldn't need ppoe.. so this is bad if you cannot just plug your fios into a homebuilt router or bridge because there is no way to use all the static ips without it.. since as I mentioned you cannot route the way they are provisioned and still use the static ips on each computer ... other than putting them on the dmz and then you have no security.. keep us informed becuase this is a serious issuje and will stop me from getting fios if not resolved...
Upon what basis are you making this assertion?
lgkahn7
Premium Member
join:2005-02-15
Londonderry, NH

lgkahn7 to CaptTrips

Premium Member

to CaptTrips
because I have a bus account for dsl with 29 static ips and no ppoe is needed or dhcp (you use bridge mode) they just tell you the def. g/w to use and configure the routing... fios may be different but I doubt it

HaloBox
join:2002-01-10

1 edit

HaloBox to lgkahn7

Member

to lgkahn7
said by lgkahn7:

for a bus. acct with static ips you shouldn't need ppoe..
correct
said by lgkahn7:

so this is bad if you cannot just plug your fios into a homebuilt router or bridge because there is no way to use all the static ips without it..
true for many consumer grade hardware routers. incorrect for many commercial grade hardware/software routers or firewalls. some FIOS customers may have a hub/switch attached to the ONT connection and not even want additional routing or protection for those ports.
said by lgkahn7:

since as I mentioned you cannot route the way they are provisioned and still use the static ips on each computer ... other than putting them on the dmz and then you have no security..
this is absolutely incorrect. there are many ways to implement a secure perimeter network and use the static ip addresses.
said by lgkahn7:

keep us informed becuase this is a serious issuje and will stop me from getting fios if not resolved...
there is no FIOS issue to resolve
lgkahn7
Premium Member
join:2005-02-15
Londonderry, NH

lgkahn7 to CaptTrips

Premium Member

to CaptTrips
this is absolutely incorrect. there are many ways to implement a secure perimeter network and use the static ip addresses.
-------------------------------------------------------

ok I'll bite since you are smarter than all of us you want to tell us all how to do this?

verizon doesn't know how and all the router companies I'v called also don't know how/say it cannot be done with their products.

if you have a default gateway with x.y.z.1 and your ip addresses are x.y.z.96 through x.y.z.127
with subnet 255.255.255.0

tell us how to hook up a router - be specific what would the WAN ip address be .. the default gateway and I/we want to use all the real x.y.z.96 - .127 ip addresses on the pc's behind the router

also NO NAT we want to use real ip addresses and also have a firewall on the router box.
You also must use the subnet mask 255.255.255.0 since that is what verizon says to use and in my testing that is the only one that worked with all my ip addresses (ie no subnettting... anyway you loose ips if you subnet)

I think you are mistaken because if you lookup the defination of routing it means route packets between different subnets.. and in the configuration I have outlined above the WAN is on the SAME subnet as the LAN thus routing wont work.. only bridging...