Public IP Address for Device behind Cable/DSL Modem

Hi,

Need advice as to whether or not this is possible... We have several ethernet building control devices that we want to connect to Cable/DSL modems for internet access to their web pages and so they can communicate with eachother. The catch is that each controller needs to be configured with a static Public IP address and not a local IP address. This is because each controller sends its static IP address to the other controllers so they can talk to eachother on demand.

Will it be possible to arrange with ISP's to assign static Public IP addresses to our building controllers, even though each controller will be sitting behind Cable/DSL Modems?

Many thanks,

Ellis

Reply to
gabovitche
Loading thread data ...

Yes, my Comcast Business cable modem has a second port that the assigned IP address goes thru.

Reply to
f/fgeorge

I can understand why the IP addresses have to be fixed, but Why do they have to be public?

Reply to
Tom Stiller

What the hell is a "control device" or "controller"? Since their getting IP addresses, can we assume they're actually routers?

I can understand why they might need static IP addresses, but why would they need to be public IP addresses? If they're public IP addresses, not only can they communicate with each other, but everyone in the world can communicate with them, too. Also, with public IP addresses, the route between them will go back to the headend or central office for your ISP, where certain ports will be blocked preventing you from sharing files and printers.

I'm assuming this is a business, so you're likely to have greater security needs than a home user, so depending on NAT and the simple firewall features built into the typical home broadband router, you'll need to maintain three separate firewalls as well.

Essentially, the topology you're proposing is to set-up three separate networks, comparable to three neighbors on a street, each with their own home network. But even if you have static public IP addresses, you won't be able to communicate between the networks. In addition to the ISP blocking certain ports, you can run into some subnet issues as well.

Both cable and DSL providers can provide multiple IP addresses at an additional cost. Nearly all DSL providers, and many cable providers can also offer static IP address, but those usually come with business-level accounts. But I don't think getting multiple static public IP's is going to get you the results you are looking for.

Also, since these "control devices" have IP addresses, meaning they're likely actually routers, I have to wonder why? There might be some specific situation in which you want to essentially be running three separate networks in the same building, and still need them to act as a single network for some purposes, but that's a fairly advanced topology. It's far more likely that the "control devices" are actually hubs or switches, but in that case, they wouldn't even have IP address, let alone public IP addresses.

I'd suggest you contact your IT consultant to discuss exactly what it is that you have, and what you need to get the results you want. (And I know you can't be the IT guy because if you were, you wouldn't be talking about "controllers". You'd be using meaningful terminology.) I'm positive that whatever you actually need is entirely possible. What you're asking for now, however, will not accomplish even the very basic needs you're also communicating.

Reply to
Warren H

he said "building control devices". I presume he meant security-oriented pieces--door controllers, alarm controllers, HVAC controllers, whatever.

Reply to
Elmo P. Shagnasty

Hmm. Never thought of that.

In that case, they're just another computer. Nothing more. No reason to distinguish them from any other computer using a proprietary operating system. Why bother confusing the issue by giving them a special name that has no significance in the world of networking?

But that still doesn't materially change the answer. If they all have public IP addresses, the route between them still goes back to the CMTS or the DSLAM, and it they aren't properly submitted, they still won't be able to talk to each other. And they'll still be exposed to the public Internet for anyone to hack into.

If they need to communicate with each other, the only practical way to do it is put them behind a single router, and give them private IP addresses. If you need to access them individually from the outside world, some kind of master control unit would also need to be on the LAN side of the router with them, and a VPN tunnel set-up to access it from the outside.

Reply to
Warren H

Precisely.

Many types of devices allow network control. This is typically done via http. Most cable internet services do not permit you to run your *own* servers. Devices with web control are, technically, servers. Also, the cable and DSL services block port 80 and other well know server ports.

If the address is dynamically assigned, there needs to be some way to de- termine that address from the outside. I'm no certain that it would be easy to have multiple devices listening on the same port behind a router unless the router can map one visible external port to the a particular address on the inside network such as:

a.b.c.d:8080 -> 192.168.1.2:80 a.b.c.d:8081 -> 192.168.1.3:80 a.b.c.d:8082 -> 192.168.1.4:80

Can the typical Linksys-like router box do such?

Reply to
VAXman-

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.