We are running a Novell network and accessing the internet through a
soho firewall that is between our hub and router.  So long as the
workstations obtain a tcp/ip address automatically there are no
issues.  However, when assigning a specific IP, subnet mask, gateway
and DNS to a workstation we cannot even ping the soho firewall.  Our
"trusted" network IP is 192.168.111.1 with mask 255.255.255.0.  The
external network IP is 67.154.xxx.xxx with subnet mask
255.255.255.240. We need to assigne specific TCP/IP settings to some
workstations in order to access them from remote locations.

Any suggestions would be greatly appreciated.

Thanks for your time and interest.

M. Cooper

[ Post a follow-up to this message ]

On Tue, 23 Dec 2003 05:11:57 -0800, coopfab wrote:
quote:

> We are running a Novell network and accessing the internet through a soho
> firewall that is between our hub and router.  So long as the workstations
> obtain a tcp/ip address automatically there are no issues.  However, when
> assigning a specific IP, subnet mask, gateway and DNS to a workstation we
> cannot even ping the soho firewall.  Our "trusted" network IP is
> 192.168.111.1 with mask 255.255.255.0.  The external network IP is
> 67.154.xxx.xxx with subnet mask 255.255.255.240. We need to assigne
> specific TCP/IP settings to some workstations in order to access them from
> remote locations.
>
> Any suggestions would be greatly appreciated.
>
> Thanks for your time and interest.
>
> M. Cooper

If I understand you correctly, I believe what you are looking for is NAT
and one of the following are the options available to you to access a
particular system remotely.

Option#1 - Put the system outside the firewall
This way you can assign it any IP address you want.  This solution is
obviously has not security.

Option#2 - Put the system behind the firewall and do NAT.

In this case, the system would have a private IP (something 192.168.111.x,
lets say for the sake of example 192.168.1.10).  This should work fine
within your network as this is your current setup anyway.

Now the hard part, which happens on the router and the system acting
as the firewall.
Lets say that the IP you intended to use to access the system remotely is
67.154.a.b.  I am assuming that this IP already resolves to your router
(in other words that you have ownership to this static IP.  You ISP should
be able to confirm this).  Router should be setup to forward all packets,
at least all packets coming to the IP address 67.154.a.b.  On the firewall
you'll need to setup NAT (also called IP forwarding), so it forward all
packets going to 67.154.a.b to 192.168.111.10.

Sunny

[ Post a follow-up to this message ]

On Tue, 23 Dec 2003 12:10:43 -0800, "Sunny" <sunny@nowhere.com> wrote:
quote:

>Option#2 - Put the system behind the firewall and do NAT.
>In this case, the system would have a private IP (something 192.168.111.x,
>lets say for the sake of example 192.168.1.10).  This should work fine
>within your network as this is your current setup anyway.
>Now the hard part, which happens on the router and the system acting
>as the firewall.
>Lets say that the IP you intended to use to access the system remotely is
>67.154.a.b.  I am assuming that this IP already resolves to your router
>(in other words that you have ownership to this static IP.  You ISP should
>be able to confirm this).  Router should be setup to forward all packets,
>at least all packets coming to the IP address 67.154.a.b.  On the firewall
>you'll need to setup NAT (also called IP forwarding),


It's also called "masquerading", *not* IP forwarding. P forwarding is
equal to IP routing.

--
Fernando Gont
e-mail: fernando@ANTISPAM.gont.com.ar

[To send a personal reply, please remove the ANTISPAM tag]

[ Post a follow-up to this message ]

On 23 Dec 2003 05:11:57 -0800, michael@cooperfabrics.com (coopfab)
wrote:
quote:

>We are running a Novell network and accessing the internet through a
>soho firewall that is between our hub and router.  So long as the
>workstations obtain a tcp/ip address automatically there are no
>issues.


Give an example of what IP address, subnet mask, and getway they get
when they do it automatically.

quote:

>However, when assigning a specific IP, subnet mask, gateway
>and DNS to a workstation we cannot even ping the soho firewall.


Idem.

quote:

>Our
>"trusted" network IP is 192.168.111.1 with mask 255.255.255.0.  The
>external network IP is 67.154.xxx.xxx with subnet mask
>255.255.255.240. We need to assigne specific TCP/IP settings to some
>workstations in order to access them from remote locations.


Draw your network topology, and include the IP addresses, subnet
masks, and routing table on the workstations, and I'll try to help
you.

--
Fernando Gont
e-mail: fernando@ANTISPAM.gont.com.ar

[To send a personal reply, please remove the ANTISPAM tag]

[ Post a follow-up to this message ]