Question : Actiontek GT701-WG DSL Modem on Static IP with NAT Off, DHCP Off, Wireless OFF

Hi Everybody,

I have started having troubles since I received a block of Static IP addresses from QWEST/VISI.
I would really appreciate if somebody could help me.

I will try to explain as much as I can.

Current Setup:
DSL Line connected to the GT-701WG modem
FORTINET-Fortigate 60 Firewall connected to Ethernet port of Modem
Linksys 3124 Switch connected to Fortigate
All Clients connected to Linksys 3124
Modem has a Local LAN-IP of 10.0.0.1
DHCP & Wireless is OFF
NAT is ON
Fortigate 60 has IP address of 10.0.0.225
Clients obtain their DHCP addresses from a Windows 2003 DHCP server with the Microsoft DHCP in the 10.0.0.101 - 10.0.0.200 range
All Windows XP Clients work great.

New Setup:
DSL Line connected to the GT-701WG modem
FORTINET-Fortigate 60 Firewall connected to Ethernet port of Modem
Linksys 3124 Switch connected to Fortigate
All Clients connected to Linksys 3124
Modem has a Local LAN-IP of 209.98.206.XX9
DHCP, NAT & Wireless is OFF
Fortigate 60 has IP address of 209.98.206.XX8
Clients obtain their DHCP addresses from a Windows 2003 DHCP server with the Microsoft DHCP in the 10.0.0.101 - 10.0.0.200 range.
These computers dont work.
BUT
All Windows XP clients with static IP addresses in the Range of 209.98.206.XX1 - 209.98.206.XX7 WORK
I can access the Modem, Clients in the 209.98.206.XX range and the Fortigate from Outside of the Network.
I have tried removing the Fortigate from the Network and connecting the DSL modem directly to the Linksys 3124 switch with no Luck.

What I dont understand is why do I need a Local LAN IP address in the ActionTec Modem in the 209.98.206 Range ?
Shouldnt it be in the 10.0.0. Range ?

Do I need to do something to the Static Routing portion of the DSL Modem ?

Thanks for all your help.

Answer : Actiontek GT701-WG DSL Modem on Static IP with NAT Off, DHCP Off, Wireless OFF

As your modem is not doing NAT , it requires an outside ip and an inside ip. Outside and inside here refer to the outside and inside interface of your modem. The 209.98.206.XX9 is the inside ip of your modem.

The 209.98.206.XX8 is the ip of the outside interface of your firewall. The internal interal interface of the firewall needs to be configured with an ip in the private ip range 10.0.0.x . As knightrider2k2 suggested, you could use 10.0.0.225 for it or you could use any other ip in the 1.0.0.x range as your router ip (like 10.0.0.253, wich i will use as an example).

Once you configured the internal interface of your firewall with an ip in the 1.0.0.x range, or wile doing so, you should be able to choose NAT as the routing method between the internal and external interface of your firewall. Nat translates source address and port when sending the packages of internal computers to the internet and keeps an list of the current translations, so it can return the answer to the request to the host that requested it. This way you need less external ip's ( the ones from the 209.98.206.x range ) then internal ip's ( 10.0.0.x ).

so your setup should look like this: Internet <-> (209.98.206.XX? , ext interface)<- Modem ->(int interface, 209.98.206.XX9)<------>( ext interface, 209.98.206.XX8)<- fortigate firewall ->(int interface, 10.0.0.253)<-----> (range 10.0.0.1 .. 10.0.0.252) Network of internal computers.

You should set 10.0.0.253 as the default gateway on the internal computers, but if you use dhcp on the router, dhcp should take care of that.

Random Solutions

SERV U FTP SERVER Setting up Virtual Path Mapping

Hp Procurve Switch problem

OSGi service opening a console window

Cisco 7960 to SIP for Broadvoice service

LMHOSTS not functioning

Maximum number of connections exceeded XP SP2

Networking questions

issue with Outlook Web Access on laptops with external/internal dns

Setting up Polycom over a router.