Netgear FVS 336G and Static IP Addresses (Block)

[AdiNetworkBuilder]

Hi,
I have a Netgear's FVS 336G and my ISP (AT&T) has given me a block of IP addresses - a so called 8 Block.

So for example, the IP Block looks something like this:

65.37.125.10 - (Reserved for Subnet Routing)
65.37.125.11 - (Reserved for Default Gateway)
65.37.125.12 - Available
65.37.125.13 - Available
65.37.125.14 - Available
65.37.125.15 - Available
65.37.125.16 - Available
65.37.125.17 - (Reserved for Subnet Broadcast)

I would like to accomplish the following:

65.37.125.12 - Web server
65.37.125.13 - Report Server (database)
65.37.125.14 - Mail Server
65.37.125.15 - FTP
65.37.125.16 - CRM or something like that

The DSL modem I have from AT&T is Motorola 2210 and is connected via ethernet cable to the FVS 336G. This modem cannot map these IP addresses and I was told by AT&T support that I would have to do that in my equipment (FVS 336G). How do I go about this?

I would appreciate any help/pointers with this.
Adi

 

[thiggins]

AT&T is correct. See page 4-13 of the FVS336G User Manual (Section name is "LAN WAN Inbound Rule: Setting Up One-to-One NAT Mapping")

 

[YeOldeStonecat]

How many physical servers are these services spread out across?

You can just use a single IP address..and open/forward the necessary ports to the LAN IP address of your server(s). I'd open/forward only the bare minimum of ports necessary for your services to become available on the wild side. Instead of directly hanging your servers on the internet wide open with public IP addresses.

However, for security purposes, having a web server on the same network as your LAN is risk..I'd want that server segregated/separated from the office network.

 

[thiggins]

Ohh, crap. Good catch YeOlde. Only need multi-NAT for multiple servers on the same port.

I gotta read more carefully! Thanks for the backup!

 

[AdiNetworkBuilder]

thiggins/YeOlde,
Thank you for quick replies. I created inbound rule for the web server (65.37.125.12) and mapped it to a LAN IP 192.168.1.12. The inbound service name is HTTP so I am assuming that only port 80 will be open on this machine.

As far as the physical servers go, I have:
1 Web server
1 Server running VMWare Server with the following virtual machines:
* CRM
* Database Server
* Report Server

1 Server (Mail & FTP)
7 Workstations

I do not think FVS 336G has VLAN functionality. Do I need a switch to segregate web server from the rest of my office network?

Thanks again.
Adi

 

[YeOldeStonecat]

I have not worked with that particular DSL modem...but on some of the multiple IP broadband modems I have worked with....here are 2x approaches that would work for you.

Modem==>Switch
From the switch...an uplink to your primary router for your main network..taking the first public IP address on the WAN interface.
Also from the switch...either your web server..itself taking the 2nd public IP address...or better....another router/firewall which takes the 2nd public IP address..and then behind that, your web server. So your web server is isolated on another network in this manner.

Or...Modem==>Primary router taking first public IP address==>Managed switch that does port based VLANs. VLAN1 for your main network, and VLAN2 for your web server. This way anything that breaks into your web server cannot shoot across to your primary network.

I do not think FVS 336G has VLAN functionality. Do I need a switch to segregate web server from the rest of my office network?

 

[AdiNetworkBuilder]

Thanks again. I will try that. I was looking into getting a smart switch and started reading some of the reviews here. Even though FVS 336G is a decent piece of equipment I am leaning towards Linksys smart switch rather than another Netgear. Nothing against Netgear. My reasoning is that if we were to grow and eventually replace some of our equipment with Cisco then we could get some credit for the old equipment.

Again, thank you for your advice.
Adi

 

[YeOldeStonecat]

Since you're looking at managed switches, consider HP ProCurve models. Barely a hair more expensive than the Linksys SRW series....yet they come with a lifetime warranty. I have quite a few of the Procurve 1800 models out there with clients...install them...and forget about them...and they're consistently problem free.

 

[AdiNetworkBuilder]

Thanks for the tip! I never would have thought about looking into HP. Normally printers and laptops are the first thing that comes to my mind when I think of HP. Very interesting, thanks again.