Very important router question

[Czar]

I have a Cisco 1700 router here, with the current setup everyone on the LAN is NATted outside on the same IP. (all computers have private IP's)

The question is, is it possible to add few computers extra that have public IP's that could be accesed from the outsidea without interfering with the current NAT setup?

Its like this, two subnets, one private and one public, the private network is natted outside while the public one has direct access outside.

 

[BDawg]

Sure, but wouldn't you need 2 routers?

What I do is having my public machines going through the router, and the private machines NATing through a translation box (openbsd).

If you want the 2 networks to be able to communicate with each other, the public IP machines will need 2 nics (unless win2k allows you to bind 2 IPs to an adapter).

 

[Czar]

currently our ISP is our firewall, and now we are just on their local subnet and our router is set to nat out on a ip on their subnet. Then their router is set to rout that ip to a public ip.

What I need to do now is find a solution to add the possibility to have few computers that host some web services. They must be accesable from the outside.

So my sollution is that every computer that is natted out from here goes through the firewall at the ISP, every other ip that we will have will then be forwarded directly away from the firewall. So then we would set up a local firewall here that would only be connected to the router. If that is possible, maybe we would then have to get a new router that would support two ips, or maybe an addon card.

The other solution is putting everything aside the firewall the ISP has and use a local firewall, just that we dont want to throw away the GREAT firewall the ISP has.

 

[Czar]

^bump

 

[erub]

I am not familiar with Cisco products. But I don't think it should be a problem. The router should allow the traffic to pass through from certain IP addresses, while NATing the others (I'm assuming that the computers on the NAT network are in the internal network range of IP addresses - a computer on a TCP/IP has an IP address, even if that IP address is an internal one) like a router on the internet would. For example, when I access anandtech, more than one router on the internet recieves my packet and forwards it onward. I'm sure the manual probably covers how to do this.