Static Route Help

I am in the process of installing a new network. New T1, new sonicwall pro 3060 firewall, the works. The WAN port on the sonicwall is a static public ip address. I have the lan on a private network. What I need to do is get a public ip address to function within the private network. Not using the DMZ. I am wondering if this is even possible. I am very clueless to static routes. Any help would be appreciated.

Reply to
WISP
Loading thread data ...

may be you could try one to one NAT...

Reply to
Arjun

c'mon, the pro 3060 is a decent device, read the documentation if you will be working on it.

assuming you have "enhancd" OS, which is most likely:

assuming you got an IP range from your ISP you create an object for "server ip inside" create an object for "server IP outside"

creat NAT from "server IP outside" to "server ip inside" create NAT from "server ip inside" to "server IP outside"

create firewall rule: from Zone: WAN ro LAN, allow any source to "server IP outside" whatever service you want

you'r done.

if you actually want to use the public IP in your LAN without NAT:

create object "public_ip" in LAN with public IP

create NAT entry: "public_ip" to any -keep original (which means do _not_ perform nat) (do it in both directions if you want it to be reached from the outside, and add firewall rule)

since this is more specific than the one to many default rule (perform NAT on all LAN IP's with Sonicwall Public IP) it will work.

now this "public_ip" is accessible from outside and has Internet Access.

now you need to add a static route for the LAN zone to _not_ take default gateway, if it wants to access "public_ip"

actually, I believe Sonicwall will add this entry automatically, once you create the object on the LAN Zone. just check your routing table after creating the object.

M
Reply to
mak

yes it's possible.

short version:

create object "public_IP_onlan" in the LAN Zone

create NAT rule: "public_IP_onlan" to any - keep original (on Interface WAN) means "public_IP_onlan" will _not_ be nat'ed, when it accesses internet.

check routing table - Sonicwall might have already created a route for all firewalled IP's to NOT take default gateway to reach "public_IP_onlan"

if not create that rule.

the 3060 is a dezent box, if you keep working with it, read the documentation, you can do a lot with it.

M
Reply to
mak

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.