Help - Server and Cable modem

[Longy]

I'm trying to install a hardware firewall on a network but I've got stuck and can't get it to work.

Setup:

Cable modem (ip: 192.168.100.1) plugs into Server WAN NIC which has two ip addresses on the card 192.168.100.2 and 77.77.77.77 (companys static ip - this is just sample) and a gateway address 77.77.77.76

Now when I plug the modem into the WAN port on the firewall I tried to give the WAN port the static IP of the company's static IP address of 77.77.77.77 and gateway of 77.77.77.76 and changed the WAN NIC on the server to a private IP and used NAT. BUT I can't get internet access or anyrthing.

Maybe I need to put the ip of 192.168.100.2 on the WAN port but then where the hell do I put the static IP address of the company? I can't assign two ips on the WAN port unlike windows routing and remote access.

Thoughts?

 

[H182]

The external static IP of the company needs to be set on the WAN port, unless the cable modem passes the IP over via dhcp?

Best to check if the firewall has any tests to see if it can access the internet itself (ping or dns resolution) before going any further.

 

[Longy]

yeah but if the modem IP is 192.168.100.1 then the static IP will not communicate with the modem.

 

[H182]

the ip 192.168.100.1 must be an internal address. So either the modem has connected to the net itself, and has the external IP on its cable/WAN port, or its just a PPPOE device that translates the cable signal into ethernet.

If this is the case the firewall will need to support PPPOE (i think). The LAN IP of the modem shouldn't matter, as its for configuration only. (Thats the case with ours anyway)

 

[Longy]

I got a feeling its PPPOE then - but does windows server support PPOE then? as this is how its connected at the moment- if so where are the settings located? sorry not had much experience with cable modems.

 

[KDF]

The cable modem is irrelevant as long as you set the static ip correctly on the wan port... try directly connecting it to the server and get it working on that first.

You should be able to log into the cable modem and check everythings okay with that by setting the server to the same subnet as the modem and accessing its ip addy

 

[Longy]

yeah it works currently modem to server - but they have no firewall in place - so I've come in to install the firewall but it won't work.

I have logged into the modem and it shows that the static ip is linked to the mac address of the server! I take it this is the problem? do I need to get VM to reset the broadband connection?

 

[KDF]

Cycle the power on the cable modem, leave it off for 5 minutes then connect to the firewall and you should be good to go.

You used to have to update the mac addy's manually but now it will just do it itself.

 

[Longy]

ok VM where about as helpful as a chocolate fireguard!

I've managed a work around. Luckily I can spoof mac addresses on the Firewall so I just copied the servers WAN NIC mac address and voila connected!

 

[KDF]

Good stuff, power cycling the modem as I stated above would have cleared the mac pairing from the cable modem and is probably a better long term solution.

Whatever works though eh

 

[Longy]

Good stuff, power cycling the modem as I stated above would have cleared the mac pairing from the cable modem and is probably a better long term solution.

Whatever works though eh

I powered it down for an hour bud - when I connected it up again it wouldn't work - I change it to dhcp instead of static after powering it down for a second time and it give a different IP to the static they have everything pointed to. It seemed that static IP would only pair with that mac address?

 

[PinkoCommie]

Part of the setup process with Virgin media gets the MAC address of the initial device registered with the cable modem.

If it's already setup for the MAC of the server, then just spoof the servers MAC on the firewall's WAN port and assign the static address to the WAN port and all should be good. Make sure you get the default gateway correct or it won't work.

The server will only need the 192.168.100.2 address, then the firewall will NAT the traffic for you hiding your server.

If they have services running on the server (i.e. a website or mail server) then you will have tomap the incomming ports to the internal IP.

edit: as long as the WAN port of the firewall is spoofing the servers IP, then to all intents and purposes the modem thinks it is the same device, so as long as you get the IP, netmask and gateway correct it should work fine.

 

[Longy]

Part of the setup process with Virgin media gets the MAC address of the initial device registered with the cable modem.

If it's already setup for the MAC of the server, then just spoof the servers MAC on the firewall's WAN port and assign the static address to the WAN port and all should be good. Make sure you get the default gateway correct or it won't work.

The server will only need the 192.168.100.2 address, then the firewall will NAT the traffic for you hiding your server.

If they have services running on the server (i.e. a website or mail server) then you will have tomap the incomming ports to the internal IP.

edit: as long as the WAN port of the firewall is spoofing the servers IP, then to all intents and purposes the modem thinks it is the same device, so as long as you get the IP, netmask and gateway correct it should work fine.

Yeah m8 that's what I've done in the end and it seems to be ok.

Cheers for all the help one and all.

 

[PinkoCommie]

I'd give the server a bloody good going over with a virus scanner as well if it's been directly connected to the net to be on the safe side.

 

[Longy]

I'd give the server a bloody good going over with a virus scanner as well if it's been directly connected to the net to be on the safe side.

Yeah, I did a full audit of the premises just before Christmas and their previous IT guy has left it in a right mess - I've got pages and pages of stuff that needs doing. I was shocked to find no firewall at all except for windows basic one and no proper anti-virus etc - they host exchange and everything aswell I got the contract so I've started to roll the changes out.

 

[PinkoCommie]

Heh, I bet they were an open SMTP relay and they've been sending spam mail by the ton.