A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.comp.home-networking (UK home networking)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.comp.home-networking (UK home networking) (uk.comp.home-networking) Discussion of all aspects of computer networking in the home, regardless of the platforms, software, topologies and protocols used. Examples of topics include recommendations for hardware or suppliers (e.g. NICs and cabling), protocols, servers, and specific network software. Advertising is not allowed.

DrayTek Vigor 2600 Multi-Nat/DMZ/VLAN Question



 
 
Thread Tools Display Modes
  #1  
Old November 29th 05, 12:46 PM posted to uk.comp.home-networking
Lee
external usenet poster
 
Posts: 6
Default DrayTek Vigor 2600 Multi-Nat/DMZ/VLAN Question

Hi,

I'm getting broadband with multiple static public IPs, and I'm thinking
of getting a Vigor 2600 to go with this. Can I do the following with a
2600?

(a) I want to run 3 private subnets (say 192.168.0.0/24, 192.168.1.0/24
and 192.168.2.0/24) using the VLAN functionality. My aim is to
segregate 192.168.1.0/24 and 192.168.2.0/24 addresses, but allow both
access to the Internet and 192.168.0.0/24 addresses.

(b) I also want all outbound Internet traffic from the 192.168.1.0/24
subnet to appear to the outside world to come from public IP address #1
and all 192.168.2.0/24 traffic to come from public IP address #2.

(c) I also want to set up port forwarding on public IP address #1 to
machines in the 192.168.1.0/24 subnet and on public IP address #2 to
192.168.2.0/24.

(d) I may also need to route public IP address #3 straight to one of my
VLANs. (And perhaps IP address #4 to another VLAN.)

The big question is can I do all of this at the same time?

I've being doing quite a bit of research, but I can't quite convince
myself that I can do what I want. In particular, the Vigor 2600 manual
I downloaded implies that I need to set up a DMZ to get web requests
etc. to appear to come from a specific IP address. Is this true, or can
I just do some magic with the "Join NAT IP Pool" option?

If I can't do this with the 2600, does anyone know what hardware I can
do it with?

Any comments will be very much appreciated; networking isn't my
strongest point.

Thanks!
- Lee

  #2  
Old November 29th 05, 03:10 PM posted to uk.comp.home-networking
Christo
external usenet poster
 
Posts: 13
Default DrayTek Vigor 2600 Multi-Nat/DMZ/VLAN Question


"Lee" wrote in message
oups.com...
Hi,

I'm getting broadband with multiple static public IPs, and I'm thinking
of getting a Vigor 2600 to go with this. Can I do the following with a
2600?

(a) I want to run 3 private subnets (say 192.168.0.0/24, 192.168.1.0/24
and 192.168.2.0/24) using the VLAN functionality. My aim is to
segregate 192.168.1.0/24 and 192.168.2.0/24 addresses, but allow both
access to the Internet and 192.168.0.0/24 addresses.

(b) I also want all outbound Internet traffic from the 192.168.1.0/24
subnet to appear to the outside world to come from public IP address #1
and all 192.168.2.0/24 traffic to come from public IP address #2.

(c) I also want to set up port forwarding on public IP address #1 to
machines in the 192.168.1.0/24 subnet and on public IP address #2 to
192.168.2.0/24.

(d) I may also need to route public IP address #3 straight to one of my
VLANs. (And perhaps IP address #4 to another VLAN.)

The big question is can I do all of this at the same time?

I've being doing quite a bit of research, but I can't quite convince
myself that I can do what I want. In particular, the Vigor 2600 manual
I downloaded implies that I need to set up a DMZ to get web requests
etc. to appear to come from a specific IP address. Is this true, or can
I just do some magic with the "Join NAT IP Pool" option?

If I can't do this with the 2600, does anyone know what hardware I can
do it with?

Any comments will be very much appreciated; networking isn't my
strongest point.

Thanks!
- Lee


networking not your strongest point.... jesus!! this is a home networking
group, i think what you want to do falls under small business maybe even
medium business networking.


  #3  
Old November 29th 05, 03:21 PM posted to uk.comp.home-networking
Lee
external usenet poster
 
Posts: 6
Default DrayTek Vigor 2600 Multi-Nat/DMZ/VLAN Question


Ah. Okay then. I'll try another group!

Thanks,
- Lee

  #4  
Old November 30th 05, 11:58 PM posted to uk.comp.home-networking
Linker3000
external usenet poster
 
Posts: 39
Default DrayTek Vigor 2600 Multi-Nat/DMZ/VLAN Question

Lee wrote:
Ah. Okay then. I'll try another group!

Thanks,
- Lee

Ignore Christo - this is an easy one!! (kidding!! ;-))

The first stumbling block with the Draytek 2600 is that ALL outbound
packets are seen to come from your ISP's gateway address.

In our case, we have 5 addresses:

81.138.x.nn1
81.138.x.nn2
81.138.x.nn3
81.138.x.nn4
81.138.x.nn5

But from my desktop (directly addressed for inbound remote desktop on
the '2' address) my current 'IP' (www.whatismyip.com) is shown as
81.139.x.x - the router's gateway at BT.

For the majority of circumstances this is not a problem and we are
hosting loads of working mail and intranet servers, but it might be for
your requirements if you explicity need to identify the origin of
specific data.

I have spoken to Draytek's support team in Taiwan about this and they
acknowledge it as an 'issue' but had no plans to 'fix' it in the short
term - that was about 8 months ago!

I also doubt that you can have each port on the 2600 connected to a
different subnet but as this is something I have not needed to do I have
no experience of that setup.

Go have a look at the Draytek support pages and forums at www.seg.co.uk
- they are very useful.

L3K
  #5  
Old December 1st 05, 01:18 AM posted to uk.comp.home-networking
Lee
external usenet poster
 
Posts: 6
Default DrayTek Vigor 2600 Multi-Nat/DMZ/VLAN Question


Thanks for replying.

I emailed Draytek directly and got the following response:

a. The Vigor can only deal with one subnet. You could still use the
Vigor VLAN facility to separate the ports but you'd need two more
devices to act as the gateway for the other two subnets.


b. Sorry, this can't be done with just the Vigor. There is a MultiNAT
facility where if you put a device into the DMZ host of a WAN IP it
would cause all outbound traffic to appear to come from that IP. THis
means that potentially you could have an additional router for
192.68.2.0/24 and another router for 192.168.1.0/24 with both routers
in the DMZ host for the required public IP.


c. If you went with the DMZ host option the port forward would be
setup on the additional router for each network.


d. For a spare public IP you can use IP routing to router IP address
directly.

But in the end, Draytek are still my best bet for what I can afford,
even if I can't do absolutely everything I want to, and so I've ordered
a Vigor2800. When it comes I'll be able to see how close I can get. :-)

- Lee

  #6  
Old December 1st 05, 12:36 PM posted to uk.comp.home-networking
Linker3000
external usenet poster
 
Posts: 108
Default DrayTek Vigor 2600 Multi-Nat/DMZ/VLAN Question

Glad you got some feedback from Draytek - I have to say that as a
'top-end' basic router they are rock solid and apart from the gateway
address issue they handle multiple IP addresses very well.

I have Drayteks on about 5 sites and only one has had to be reset in two
years - and that was after a power glitch.

The only downside is that their wireless implementation (on the 2600s at
least) is not very good - I was field testing one at home in place of a
2-wire (BT freebie) but I kept losing the connection whereas the 2-wire
gave a solid link, as does the Linksys I am currently using. There have
been a few posts inthe SEG forums about this.

L3K
  #7  
Old December 1st 05, 05:22 PM posted to uk.comp.home-networking
Alex Fraser
external usenet poster
 
Posts: 553
Default DrayTek Vigor 2600 Multi-Nat/DMZ/VLAN Question

"Linker3000" wrote in message
...
Lee wrote:
Ah. Okay then. I'll try another group!

Thanks,
- Lee

Ignore Christo - this is an easy one!! (kidding!! ;-))

The first stumbling block with the Draytek 2600 is that ALL outbound
packets are seen to come from your ISP's gateway address.


You would find it rather hard to establish connections to the machines from
across the Internet if this were true.

What IP address does "Shields UP!!" (http://grc.com/) claim to test if you
run it from one of the machines behind the router?

Alex


  #8  
Old December 2nd 05, 01:15 AM posted to uk.comp.home-networking
Linker3000
external usenet poster
 
Posts: 39
Default DrayTek Vigor 2600 Multi-Nat/DMZ/VLAN Question

Alex Fraser wrote:
"Linker3000" wrote in message
...

Lee wrote:

Ah. Okay then. I'll try another group!

Thanks,
- Lee


Ignore Christo - this is an easy one!! (kidding!! ;-))

The first stumbling block with the Draytek 2600 is that ALL outbound
packets are seen to come from your ISP's gateway address.



You would find it rather hard to establish connections to the machines from
across the Internet if this were true.

What IP address does "Shields UP!!" (http://grc.com/) claim to test if you
run it from one of the machines behind the router?

Alex


No so because packets addressed to the true IP addresses make it OK.

Shields up reports the gateway address.

 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
DrayTek Vigor 2600 Multi-Nat/DMZ/VLAN Question Lee uk.telecom.broadband (UK broadband) 13 December 11th 05 02:45 AM
Using the Syslog with a Draytek Vigor 2600 Peter Crosland uk.telecom.broadband (UK broadband) 6 September 26th 04 06:30 PM
Speedtouch 510 v4 Vs Draytek Vigor 2600 (firewall) tHatDudeUK uk.telecom.broadband (UK broadband) 8 August 26th 03 02:04 AM
Speedtouch 510 v4.0 -Vs.- Draytek Vigor 2600 tHatDudeUK uk.telecom.broadband (UK broadband) 2 August 8th 03 11:28 AM
Speedtouch 510 v4.0 -Vs.- Draytek Vigor 2600 tHatDudeUK uk.comp.home-networking (UK home networking) 2 August 8th 03 11:28 AM


All times are GMT +1. The time now is 08:20 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2018 BroadbanterBanter.
The comments are property of their posters.