[Diggory Laycock]

Hello there, I wads wondering if anyone would be kind enough to help me out understanding something...

I am connected to the net via DSL and do not use NAT - I have a few static IP addresses. I like the fact that I have my main server on a fixed, static IP address.

I've already run out of IP addresses on my little subnet, but don't really need most of the devices to have global static IPs.

I'm thinking of moving DSL providers to a faster connection, but with the new provider if I want more than one static IP I have to pay through the nose.

Is it possible to 'mix and match' NAT and static IPs?

i.e If I were to move to this new provider and get only one static IP (for a reasonable fee) - would I have to use that IP address for the router? or could the router have an assigned IP address, and could I give the static IP addr. to my server?

If so what would be the gateway addr I'd give to the server? Since the router would be on a different subnet that wouldn't work, would it?

I assume they are expecting the router to have the static IP and to use NAT and port forwarding for machines within the LAN.

Does that all make sense?

[ghporter]

You can give your server full exposure to the Internet through your router (without a lot of fuss) by assigning it a static LAN IP and setting up a DMZ in your router for that specific IP. A DMZ just excluded the specified LAN IP from NAT functions and merely passes packets without translation. At the same time, the REST of the LAN (static or dynamic IPs, makes no difference) is still both secure behind the NAT layer and transparently shares the single IP the router gets from your ISP.

It's really not a tough setup, either.

Port forwarding, on the other hand, is port-by-port, which may be far more trouble than you want to deal with.

Did this seem helpful?

[Diggory Laycock]

Thanks, that's very helpful.

[Sherman Homan]

I would get the better, faster DSL with one IP address. The static address they give you will have to be used for your router.

Setting up NAT is really very simple. When you say "your main server" I assume you are using an OX server build, so just turn on DHCP, NAT and the firewall. You are gaining services and security as opposed to having all of your machines hanging out on the 'net each with their own public IP address.

You can of course have both static and DHCP addresses on your internal network. If I understand your question correctly, you will not be able to keep the same static addresses you now have. You will have to change them over to non-routable numbers. The server/firewall settings will control whether you can get at those machines from the outside world.

[Diggory Laycock]

Hmmm - I've been trying to set-up a DMZ on my router (as a test before I switch DSL providers) and it seems my router (3Com OfficeConnect ADSL Wireless 11G Firewall Router) doesn't like it.

As soon as I use NAT the router decides that I don't need to use the static WAN IP address I give it, and uses a different IP given out by the ISP....

It's very odd... because it still has the correct static IP set in the 'internet' settings (and the preference not to use an IP address auto-assigned from the ISP is still set), but the log and whatsmyip.com clearly show that it's gaining a completely different IP addr and using that:

2006.10.01 20:45:26 ATM1 get IP:212.158.200.38
2006.10.01 20:45:24 ATM1 start PPP
2006.10.01 20:45:24 Dial On Demand(ATM1)

Sigh... oh Mr. 3Com I thought you were better than this...