cancel
Showing results for 
Search instead for 
Did you mean: 

IP Block

Robtheplod
Grafter
Posts: 320
Registered: 17-08-2007

IP Block

Hi All
I may need to get a block of IP's as opposed to my single NAT IP as I do testing with various Firewalls which hate NAT. Can anyone tell my how successful these requests are and how long they take to impliment ?

cheers

rob
7 REPLIES
Plusnet Staff
Plusnet Staff
Posts: 12,169
Thanks: 18
Fixes: 1
Registered: 04-04-2007

IP Block

Hi Rob,

If you can justify the need for the IP's, i.e. that what you want to do can't be done with either NAT or forwarding or a smaller block of IP's then there's no problem issuing them. Depending on how many you require it's usually done by the next working day or sooner.
Robtheplod
Grafter
Posts: 320
Registered: 17-08-2007

IP Block

thanks for the reply - I wouldnt need many, just enough for the router & Firewall (would use nat behind firewall itself). would 4 suffice in your opinion ?Huh
Plusnet Staff
Plusnet Staff
Posts: 12,169
Thanks: 18
Fixes: 1
Registered: 04-04-2007

IP Block

Yep, if you just need a public IP for the router and firewall a 4 block should be fine. Raise a ticket stating why you need the 4 and I don't see any reason why we can't allocate it for you.
Robtheplod
Grafter
Posts: 320
Registered: 17-08-2007

IP Block

cheers - when allocated, do I also get given a subnet mask ?
craigbrass
Grafter
Posts: 1,009
Registered: 30-07-2007

IP Block

This will be shown inside the "Static IP" area of the "Connection settings" inside the portal.
N/A

IP Block

so, reading this thread, if you intend to run a firewall device behind your modem/router is it the best way to go to get a block of ips' so the firewalls traffic is 'unpolluted' by the router ?
mssystems
Rising Star
Posts: 269
Thanks: 33
Fixes: 1
Registered: 10-08-2007

IP Block

The short answer is, It depends what you are doing. Pollution has nothing to do with it. If the protocols can route it does not matter what is in the headers particularly. Certain configs are valid for certain protocols and some are not.

The number of available public IPs is a rapidly diminishing resource. Network engineers accept that they need conserving. Until IPV6 gets large scale adoption, IPV4 numbers should only be used when there is a need to use them.

If you have a modem acting as a bridge you can double NAT.

public-ip-[modem bridge]-10.0.0.2---10.0.0.1[firewall]192.168.1.2--clients

So the outside of the bridge uses the public IP and NATs traffic onto the 10.0.0.0 subnet which hits the firewall which NATs it again to the 192.168.1.0 subnet.

This works fine for most common internet client protocols, recieveing e-mail, web browsing etc.

Port forwarding incoming connections to a server can be problematic. One way around is to use the modems DMZ feature so the modem forwards all traffic to a single IP. In the double NAT configuration you set the modem DMZ to the firewalls WAN address (10.0.0.1) and set port forwarding on the firewall to the server inside. This works for many common protocols.

Beyond this you tend to need a good knowledge of IP routing and some of the tricks you can do such as Zero IP Bridge (ZIPB) and the wonderfully named Numberless IP Link (NIPL). At this point you need to start thinking about public subnets.