Jump to content
RESET Forums (homeservershow.com)
Poppapete

Multi public IP’s and Sophos

Recommended Posts

Poppapete

I have just switched from Cable HTC to Fibre and have changed ISP’s. I have a fixed external IP with 4  extra IP’s that are assigned as a block. This gives me 2 extra “usable” external IP’s. I am trying to set this up with Sophos.  I essentially want a second IP for a “Wireless guest LAN” and maybe a third for my Security Cameras.

My ISP gave me the assigned block of 4 ending in 96-99 and informed me that the middle 2 would be usable and that I would end up with 3 usable including the original fixed IP that is an unrelated number to the block numbers.

After research on the Sophos Forum I come up with this:

 

” Hi, you have 2 choices:

1. add all of the extra addresses to the WAN NIC as 'Additional Addresses'
Then you have to DNAT each address into your DMZ if you have incoming traffic on them.

2. Put the new subnet in a (new) DMZ.

I strongly prefer #2 as it does not need any NAT or MASQ at all.

Barry

 

I will not have any incoming traffic so choice 2 looks good to me.  Before I try to work out how to deploy choice 2 , I would like input from anyone who has experience with either choice 1 or 2.

Share this post


Link to post
Share on other sites
nrf

what advantage are these extra IPs providing you if they are not for incoming services?

Share this post


Link to post
Share on other sites
GotNoTime

I will not have any incoming traffic so choice 2 looks good to me.  Before I try to work out how to deploy choice 2 , I would like input from anyone who has experience with either choice 1 or 2.

You want #2 as you can then separate the guest devices into their own private network that has no access to your LAN.

Share this post


Link to post
Share on other sites
Poppapete

what advantage are these extra IPs providing you if they are not for incoming services?

 

Very good question! Tell me there is no advantage and I will abandon my little project. The idea was to set up a separate LAN using the other IP's, if this is not possible using the extra IP's then I achieve nothing.  As stated I rarely access the network outside my home.

Share this post


Link to post
Share on other sites
nrf

if your sophos has more than two nics I believe you can set up rules so each one provides a local lan segment but the segments cannot talk to each other (do I have that right?)

Share this post


Link to post
Share on other sites
Poppapete

I have a 3 nics but I use the #3 for IPMI access to sophos in case of a major problem. I suppose I could use it to try and setup second lan segment. Must look into it! It might solve more new major problem re a second Xbox 360 I have connected. Major because it is for my wife.  I will start a new thread under networking with my dilemma.

Share this post


Link to post
Share on other sites
Drashna Jaelre

IPMI NICs never count, as they're not usually OS accessible.

 

So you only have two NICs. If that's the case.... then using multiple IP addresses don't help you at all.

You'd need to add a secondary or more NICs to get any use out of this properly.

 

What you DO want to do is use VLAN, or a different subnet. And that requires hardware that supports it (eg a managed network switch for VLAN, or manually setting the IP address and subnet for the devices).

Share this post


Link to post
Share on other sites
Poppapete

IPMI NICs never count, as they're not usually OS accessible.

 

So you only have two NICs. If that's the case.... then using multiple IP addresses don't help you at all.

You'd need to add a secondary or more NICs to get any use out of this properly.

 

What you DO want to do is use VLAN, or a different subnet. And that requires hardware that supports it (eg a managed network switch for VLAN, or manually setting the IP address and subnet for the devices).

 

I have a 24 port managed switch which I have never managed behind the sophos.

 

Trying to overcome the problem I have just posted re 3 xboxes on the same LAN having trouble with port 3074 and xbox live.  I thought a separate LAN might solve the problem.  Also I would like to have a separate "Guest LAN"  to my own LAN.

Share this post


Link to post
Share on other sites
Drashna Jaelre

May be worth looking into VLANing then.

 

As for the XBOX's, have you created a firewall and/or NAT rule for the port?

Share this post


Link to post
Share on other sites
Poppapete

May be worth looking into VLANing then.

 

As for the XBOX's, have you created a firewall and/or NAT rule for the port?

I have service definitions:

Source 1:65535 & Destination

 

TCP/UDP  3074 & 53

TCP           80 & 88

 

But, I have been using  an Xbox 360 & Xbox One on Sophos since I installed Sophos 8 months ago.  This problem only occurred when I added a second (2nd Hand) Xbox 360E last night. Have only been using Netflix on them for a month, so the problem arose when all 3 boxes are trying to be on "live" at the same time last night.

 

Here is the link on sophos forum from someone much smarter than I with the same problem.

 

https://www.astaro.org/gateway-products/network-protection-firewall-nat-qos-ips/46353-multiple-xboxes-nat.html

 

Now to learn all about Vlan's!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...