Routers that support mutiple public IP's

[trmiv]

We just got new DSL in the office that came with 8 ip addresses. Covad provided us with a DSL modem which is a bridge, not a router, so we need a router to get all our office PC's (about 20) online with NAT. But, we also want to take advantage of our mutiple public IP's. Is there good SOHO router out there that will support this? Any suggestions on something that supports this kind of configuration?

 

[whalen]

Check out Mikrotik. It is a RouterOS that can install on an old 486 computer, and can do exactly what you want. Its pretty involved to get setup, but it can do what you want. Multiple public IP's are assigned to your WAN interface, and then a static ONE to ONE NAT can be created to forward traffic destined to a certain public IP to the IP of the machine on the internal network.

 

[Need4Speed]

multihomed debian + netfilter install would ork great

 

[trmiv]

Those options sound great, but they sound like they would be a bit of work. Not that I couldn't handle it, but I just don't have time for it. Unfortunetely this is not my only job here, just kind of something my boss gave me to get working ("hey, we ordered new DSL, get it working, but don't neglect your work"), so something easy to setup and manage is what we need. I don't really have the time to spend setting up something complex, or learning something new for this (I've never really used Unix or Linux).

What I'm really looking for is a purpose built router that can handle something like this. We have a router right now, but it cannot support mutiple IP's.

 

[freegeeks]

an entry level cisco would work fine

 

[cleverhandle]

What model bridge did Covad provide you with? Are you certain it can't be a router? I only ask because I've also got a small public netblock on Covad DSL, and I'm surprised they would send us different gear. I received a Zyxel Prestige 643 that can either route or bridge.

In any event, that's a nice unit to get if your model can't route packets, though you could probably get a Linksys or a Netgear for a bit cheaper.

 

[MysticLlama]

If you want something that would work for 20 computers on a DSL line a Cisco 501 w/50 User license would work great.

It'd be about $600 but you get basically the entire feature set of the bigger PIXs with less throughput and allowed tunnels/users.

You can then use all of your IPs and use a couple for 1-1 NAT, a couple for NAT for other machines, and 1 for PAT. It would also allow you to conserve addresses if you wanted to, i.e. have a single outside address forwarding port 80 to one server and port 23 to another.

They aren't too bad to get up and running the first time, and they are very stable. It gives you a very high quality firewall that way too while you're at it.

 

[trmiv]

It's a Zyxel 645M, which is a modem/bridge, not a modem/router. The DSL was ordered through Speakeasy.net, not direct from Covad. But the line is provided by Covad. We actually do have a 643 in the office as well, but that was for a different DSL setup we had that was direct from Covad. I wonder if I could set that baby up to work with our current DSL?

If I were to go with a Cisco router, where is a good place to get one?

 

[cleverhandle]

I have no doubt that a Cisco unit would work, work well, and provide lots of nifty features. But if you just want stuff to get up and running, I would almost guarantee that the 643 will work for you. Since you've got 20 PC's and only 8 addresses, you've obviously got to NAT somewhere though. The 643 will do NAT, but that will put all your machines behind the NAT, which is probably not what you want. So you'd need another NAT gateway (a cheap Linksys type router would work) using one of your public IP's as its external address, and hook that and your public servers direct into the 643. Then hook the workstations into the gateway.

Again, that's pretty much a quick-n-dirty solution. A Cisco unit or a PC running *nix would give you real firewalling and filtering abilities, which you probably want to have in an office of that size. But if you just need to get things up and running for the moment, the 643 + gateway should work.

 

[trmiv]

I want to get the 643 up and running, but it appears to have a password other than the default set from Covad. It's been so long, I have no clue what it is. Apparently you can reset the password by uploading a new ROMFILE to it, but I can't seem to find a new rom. Any ideas where to get one?

 

[cleverhandle]

There are easier ways...

 

[trmiv]

I can't connect through a browser for some reason, nor can I ping it on 192.168.1.1. I've tried all the other common ones like 192.168.0.1 and 192.168.254.254, etc but no go. I'm stumped. I guess maybe the config on this router was messed with at some point. I have no clue, it's been sitting on a shelf not being used for like 6 months, so I have no idea what happened to it. I can connect with it through the RS-232 just fine though, just don't know the password.

 

[cleverhandle]

Bleh... that's a pain. You're getting into territory where it may make more sense timewise to just go for the heavy duty Cisco solution from the start. I guess if you're dedicated, you could set up a PC on 192.168.0.1/16 and ping sweep the whole subnet automatically with something like nmap. Then do the same for 10.0.0.0/24 and 172.16.0.0/20 (?). See what the router responds to. Take the PC off the regular network before doing that of course.