|
Question : Understanding Routing and Routers
|
|
This is related to another question I have pending, but only loosely--I want to better understand what's going on here.
This is a small company--15 workstations. T1 line, Adtran router, /29 subnet assigned.
We currently have a server on the private LAN that is listening on both port 25 and 80.
The Adtran is (apparently) set up to "port forward" these ports to the private IP (192.168.1.2). It stops doing this after a while (or so it seems). Rebooting the Adtran fixes the problem. But they've swapped out the router, and no help.
What I have been asked to do is put a (Linksys) router in between the Adtran and the LAN. I'm not completely sure of how to configure it, and that's where y'all come in.
Our public dedicated subnet is (something like) 100.100.100.192/29. I understand this to mean that .192 is our network address, 199 is the broadcast address, and 193 to 198 are assignable.
The DNS for web and email points to the .193 address.
What I've been told, however, is that when I put the Linksys in the chain, the Adtran will be reconfigured so that its "internal" IP will be .193, and I'll make the Linksys be .194. I will also have to turn on port forwarding for 25 and 80 on the Linksys, and then modify DNS so that the web and email server are now pointing to the .194 address.
Does this sound right? Egregiously wrong?
What I don't understand about port forwarding: the Linksys will only forward port requests for the IP that it's assigned to? Is that right? What about the other public IPs in my subnet? What if (hypothetically) I have 2 web servers: one at 192.168.1.2 and one at 192.168.1.3. I create two DNS entries, one for 100.100.100.193, and one for 100.100.100.194. Is it possible to configure the Linksys to forward public .193:80 to .2:80, and .194:80 to .3:80?
How does a "static map" differ from port forwarding? Can I create a static map on a Linksys to accomplish the above? Or do I need more expensive hardware? If the Linksys can do it, can I subsequently filter undesired port traffic from the static maps?
Sorry for all the question marks... please help me learn! Thanks in advance...
|
Answer : Understanding Routing and Routers
|
|
Actually...since you need to totally disable the port forwarding and NAT of the Adtran (since it stops working) ...You do have it right. It will simply become your "gateway" address.
Your external address right now (...193) is your gateway address after the ISP reconfigs it (sounds like they will use one of their private router IP's for the external address and do an internal static route to ..193 )
The Linksys can be your new DHCP server, etc. and behave just like the Adtran has been (without the crash hopefully) at address ..194 as you stated. Your external addresses in DNS must be changed to ...194
To get mail and web servers to work....put them behind the linksys box on a private (192.168.1.x) address and port forward port 80 to the webserver and 25 (and 110 for external POP3 access) to the mailserver. They can be different machines.
To use your other addresses, you need another llinksys. It is a simple router and is not designed to answer to more than one address. Assign one of your other addresses (real ones) to the additional linksys.
NOTE: you don't actually need to have a linksys at all for the servers...they may be connected directly to a switch behind the Adtran if you have an excellent firewall on them. Then they will each have a "real" address. I assume you have some user pc's that need DHCP and net access, and also want the NAT firewall...that is what you gain from the Linksys.
...193 ..194 192.168.1.x
_______server1:80
Adtran ---+---- Linksys--------------------|_______server2:25
|------Linksys2 or new server |________users pcs (dhcp)
..195 ,6,7
|
|
|
|
|
