DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
2820 Using BT 5 IP ADSL set up question
- sdick
- Offline
- New Member
Less
More
- Posts: 3
- Thank you received: 0
21 Dec 2009 15:15 #59438
by sdick
Replied by sdick on topic 2820 Using BT 5 IP ADSL set up question
OK, if you do set the ip address you just need to setup the other addresses as wan ip aliases to get them to be used in NAT.
Please Log in or Create an account to join the conversation.
- roboughton
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 52
- Thank you received: 0
21 Dec 2009 15:28 #59441
by roboughton
I have all 5 of my allocated IPs working I also have the One supplied for the router by BT working as the fixed IP for the router
Replied by roboughton on topic 2820 Using BT 5 IP ADSL set up question
OK, if you do set the ip address you just need to setup the other addresses as wan ip aliases to get them to be used in NAT.sdick wrote:
I have all 5 of my allocated IPs working I also have the One supplied for the router by BT working as the fixed IP for the router
Please Log in or Create an account to join the conversation.
- hughwi
- Offline
- New Member
Less
More
- Posts: 2
- Thank you received: 0
21 Dec 2009 16:00 #59443
by hughwi
Replied by hughwi on topic 2820 Using BT 5 IP ADSL set up question
Fantastic responses guys, that has really helped, I now have the static IP's working (both on local machines and as the main static for the router).
Next step is setting up sensible firewall rules, one thing always leads to another! On this note, does it HAVE to be via DMZ? is there any other (slightly more secure) option?
Thanks
Hugh
Next step is setting up sensible firewall rules, one thing always leads to another! On this note, does it HAVE to be via DMZ? is there any other (slightly more secure) option?
Thanks
Hugh
Please Log in or Create an account to join the conversation.
- sdick
- Offline
- New Member
Less
More
- Posts: 3
- Thank you received: 0
21 Dec 2009 16:28 #59446
by sdick
Replied by sdick on topic 2820 Using BT 5 IP ADSL set up question
I've just got open ports setup and am not using NAT at all.
I am using the address mapping feature though to force outgoing connections to be from a specific address. watch out though as the order on these is very important. I had a nightmare trying to get them sorted out as we had replaced a software firewall with the draytek. As some external suppliers had mapped ports to our old firewall address and not the router we had to change the default address mapping to enable the computers to appear to be coming from the correct IP.
I am using the address mapping feature though to force outgoing connections to be from a specific address. watch out though as the order on these is very important. I had a nightmare trying to get them sorted out as we had replaced a software firewall with the draytek. As some external suppliers had mapped ports to our old firewall address and not the router we had to change the default address mapping to enable the computers to appear to be coming from the correct IP.
Please Log in or Create an account to join the conversation.
- roboughton
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 52
- Thank you received: 0
21 Dec 2009 16:34 #59447
by roboughton
Add a rule to the firewall to block all ports on the IP RANGE used for what ever items you are adding to the public IPs
for example if you have 5 IPs set up a object setting for 10.1.1.10 to 10.1.1.15 under IP objects call it something like SERVER LAN IPs (Assuming you make your servers static on those addresses)
In the firewall settings under filters go to filter set 2 and add a new rule block all ports to the SERVER LAN IPs object under Destination, at the same time set under the application filter part to block if it is no firther match to antoehr filter set e.g 3
Under filter set add all your allowed in rules for oprts and server destination IPs
That blocks all incoming trafic to the DMZ servers unless speciaifed in your rules
Replied by roboughton on topic 2820 Using BT 5 IP ADSL set up question
Fantastic responses guys, that has really helped, I now have the static IP's working (both on local machines and as the main static for the router).hughwi wrote:
Next step is setting up sensible firewall rules, one thing always leads to another! On this note, does it HAVE to be via DMZ? is there any other (slightly more secure) option?
Thanks
Hugh
Add a rule to the firewall to block all ports on the IP RANGE used for what ever items you are adding to the public IPs
for example if you have 5 IPs set up a object setting for 10.1.1.10 to 10.1.1.15 under IP objects call it something like SERVER LAN IPs (Assuming you make your servers static on those addresses)
In the firewall settings under filters go to filter set 2 and add a new rule block all ports to the SERVER LAN IPs object under Destination, at the same time set under the application filter part to block if it is no firther match to antoehr filter set e.g 3
Under filter set add all your allowed in rules for oprts and server destination IPs
That blocks all incoming trafic to the DMZ servers unless speciaifed in your rules
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek