Re: Share Internet Connection with 2 SBS Same Router

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

The Sonicwall documentation states:

"The SonicWALL DMZ has the ability to use private internal IP addresses
rather than public IP addresses on the network. Since NAT hides the true IP
addresses in use on the network, NAT on the DMZ is an additional security
feature for the SonicWALL. The outside world only sees the outside public IP
address of the DMZ and not the internal private addresses.

To configure the DMZ in NAT Mode, use the following instructions:

In the DMZ Private Address field, enter the private internal IP address
assigned to the DMZ interface.

Assign a subnet mask in the DMZ Subnet Mask field. The LAN and DMZ can have
the same subnet mask, but the subnets must be different. For instance, the
LAN subnet can be 192.168.0.1 with a subnet mask of 255.255.255.0, and the
DMZ subnet can be 172.16.18.1 with a subnet mask of 255.255.255.0.

If you choose to use DMZ NAT Many to One Public Address (Optional), enter
the DMZ public IP address which is on the same subnet as the WAN for access
to devices on the DMZ interface. DMZ NAT Many to One Public Address is only
available if your SonicWALL is configured in NAT Enabled networking mode."

I followed these directions.

Not sure what else to do.

If I connected a router to the DMZ port, would I connect the cable to the
WAN port on the router or a LAN port on the router?

If the WAN port then what should the setup be for the WAN port on the
router? Dynamic IP, Static IP? If static what should the IP, Mask and Gateway
be then?

I tried a number of these options but I am doing something wrong.


"SuperGumby [SBS MVP]" wrote:

just nodding.

A simple NAT router attached to the DMZ port would be good. I'm not going to
The SonicWALL DMZ has the ability to use private internal IP addresses
rather than public IP addresses on the network. Since NAT hides the true IP
addresses in use on the network, NAT on the DMZ is an additional security
feature for the SonicWALL. The outside world only sees the outside public IP
address of the DMZ and not the internal private addresses.

To configure the DMZ in NAT Mode, use the following instructions:

In the DMZ Private Address field, enter the private internal IP address
assigned to the DMZ interface.

Assign a subnet mask in the DMZ Subnet Mask field. The LAN and DMZ can have
the same subnet mask, but the subnets must be different. For instance, the
LAN subnet can be 192.168.0.1 with a subnet mask of 255.255.255.0, and the
DMZ subnet can be 172.16.18.1 with a subnet mask of 255.255.255.0.

If you choose to use DMZ NAT Many to One Public Address (Optional), enter
the DMZ public IP address which is on the same subnet as the WAN for access
to devices on the DMZ interface. DMZ NAT Many to One Public Address is only
available if your SonicWALL is configured in NAT Enabled networking mode.>
look at the specs for the sonic but you might need to check how this DMZ
port works, does it provide a 2nd WAN IP or does it operate a 2nd NAT'd
subnet? If it provides a 2nd NAT'd subnet you will have problems accessing
the test network from 'outside' because the ports on the external IP are
bypassing the DMZ to get to SBS on what the router refers to as LAN.

"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in message
news:%23Ds1TO7MJHA.6044@xxxxxxxxxxxxxxxxxxxxxxx
Yes, you could attach it to the DMZ. The DMZ should be "fairly" safe (at
least as a test bed) since your SBS 2008 network would have the Windows
2008 firewall plus a NAT router in front of it. You might also be able to
attach the cheap router to a port on the CISCO switch and then manually
adjust the port forwarding inteh Sonicwall as necessary for testing.

--
Merv Porter [SBS-MVP]
============================

"Mishuno" <Mishuno@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:61CB1C6C-22C2-49A8-9D11-126C974950D8@xxxxxxxxxxxxxxxx
The SonicWall is a Pro 280. It is an older product now discontinued. In
any
case it only has a WAN, LAN and DMZ port. The WAN is going to our ISP,
the
LAN goes to our Cisco switch. All the clients and the SBS 2003 server
attach
to that switch.

Can I attach the cheap router to the DMZ? Although that is not safe...



"Merv Porter [SBS-MVP]" wrote:

One approach...

Attach a cheap router to the network: connect an Ethernet cable from a
free
port on the Sonicwall to the WAN port on the cheap router. Set WAN side
of
cheap router to a static IP address in the same range as the Sonicwall.
Then attach the SBS 2008 NIC and the workstation NIC to free ports on
the
cheap router. Set forwarding for required ports in the cheap router's
web
interface.

Problem... port forwarding from Sonciwall can only go to a single NIC.
Some port numbers can be changed. Some cannot. So in general, ports
443,
1723 and 25 can only be forwarded to either the cheap router static IP
OR
forwarded to the current SBS 2003 NIC (I assume you have an SBS 2003
setup
with a single NIC). You'll need to manually adjust the port forwarding
on
the Sonicwall as necessary to test the SBS 2008 network.

--
Merv Porter [SBS-MVP]
============================

"Mishuno" <Mishuno@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4DF788F5-3B62-4BA3-B4AB-5316B8367AF9@xxxxxxxxxxxxxxxx
We currently have a working SBS 2003 domain. In a few weeks we are
going
to
be moving to SBS 2008. I am doing a learning dry run install of SBS
2008
right now on a extra server we are not currently using to make myself
comfortable with the install and to test some of the features. My
problem
is
I have only one internet connection. We have a T1 coming in to a
sonicwall
router/firewall that acts as our gateway. I cannot connect the SBS
2008
server to this because it then sees the SBS 2003 server. In order to
complete
the installation and test SBS 2008 I want to setup a separate network
consisting of the SBS 2008 server and one client, but I need to
connect to
the net through the current gateway in order to do this. Is there a
way to
keep these two networks separate but share the same net connection and
gateway? If so, how can it be done?

I have extra switches and routers that I can use.

Thanks in advance.










.

Relevant Pages

  • Re: How did they get behind my NAT?
    ... The double NAT setup makes sense, I did not understand that you meant ... A DMZ is a secured network that you use for Public hosts that they don't ... you put your web server in the DMZ network - that would be the LAN ... create filth and put it on the web for any kid to see: ...
    (alt.computer.security)
  • Re: Standard DMZ set-up
    ... Some people don't like to open up things via NAT to their internal ... would only be able to impact other machines in the DMZ. ... then the whole internal network could ...
    (comp.security.firewalls)
  • Re: Help with NAT definition
    ... > I need help with NAT in a CISCO PIX 515E. ... > order to avoid routing the network 192.168.102.0. ... ip nat inside source list 1 interface overload ... As to *why* you would want to undo a DMZ in this manner escapes me ...
    (comp.security.firewalls)
  • Re: Static IP mapping from External to DMW using route.
    ... Since 192.168.0.0 network is a non-routable network on the Internet you must ... listener to the server IP on the inside. ... I need some help with static routing from public IP to an IP in DMZ using ... We don't want to use NAT for between External and DMZ, ...
    (microsoft.public.isa)
  • Re: [fw-wiz] DMZ to INSIDE Communication
    ... Chris, you've confused the idea of a real IP vs a NAT IP. ... DMZ and inside networks. ... communication between the DMZ VLAN and the ...
    (Firewall-Wizards)