4 PC's 1IP

[Pulsar]

Well I have used the search feature to try look up if my questioin has been
answered beforehand but after going through 20+ pages full of topics I've
seen that most people are asking exactly opposite of what I'm trying to do.

Namely I have been assigned 8 public IP addresses by my ISP (no not paying
extra). And I thought I might use this to setup a soret of private FTP server
with it's own IP and maybe (just 'cause I have the IP's to spare) set each of
the other PC's with their own public IP's. Now I have no idea where to begin.
I have a router but something tells me that router isn't what I need and that
hub would be better suited. Anyhow to continue I'm prettu sure you'd need
some info so here's what I could think of that you'd need to help me:

Router is a D-Link (yeah shh, I know how some people feel about those) and
exact model would be DSL-G604T. I have 4 PC's running on Windows XP
Professional. Each of the PC's at the moment has it's own statis lan IP set
up and they can connect to the internet through the router with no problems.
But as you might imagine every PC has same IP (the actual public IP that was
assigned to the router). How would I go about giving each of the PC's it's
own public IP? Do I need hub instead or are there some settings in the router
I could use to accomplish this? I have looked over the manual for the router
but I've not slightests idea as to where to begin.

If more info is needed please do not hesitate to tell me!

Thank you for your time in advance!

 

[Richard G. Harper]

You would need to turn off the DHCP and routing functions of the router,
turning it into a simple network switch. The manual or manufacturer's Web
site should have the details you need.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm

 

[Pulsar]

I have turned the DHCP off as for the routing functions I will have a read
through the manual. Any other steps I need to do? At this time I have set
PC's to static LAN adresses do theese need to be changed to issued public
addresses or not?

 

[Ron Lowe]

Well I have used the search feature to try look up if my questioin has
been
answered beforehand but after going through 20+ pages full of topics I've
seen that most people are asking exactly opposite of what I'm trying to
do.

Namely I have been assigned 8 public IP addresses by my ISP (no not paying
extra). And I thought I might use this to setup a soret of private FTP
server
with it's own IP and maybe (just 'cause I have the IP's to spare) set each
of
the other PC's with their own public IP's. Now I have no idea where to
begin.
I have a router but something tells me that router isn't what I need and
that
hub would be better suited. Anyhow to continue I'm prettu sure you'd need
some info so here's what I could think of that you'd need to help me:

Router is a D-Link (yeah shh, I know how some people feel about those) and
exact model would be DSL-G604T. I have 4 PC's running on Windows XP
Professional. Each of the PC's at the moment has it's own statis lan IP
set
up and they can connect to the internet through the router with no
problems.
But as you might imagine every PC has same IP (the actual public IP that
was
assigned to the router). How would I go about giving each of the PC's it's
own public IP? Do I need hub instead or are there some settings in the
router
I could use to accomplish this? I have looked over the manual for the
router
but I've not slightests idea as to where to begin.

If more info is needed please do not hesitate to tell me!

Thank you for your time in advance!

If you mean a block of 8 consecutive addresses ( as opposed to 8 random
addresses ), then this is a fully routed public block. I will describe how
to set that up.

If, on the other hand, you have just 8 random IP addresses, then you don't
need the router function, just 'bridge mode'. In this case, you don't have
a 'Local Network' at all, just 8 random single machines on the Internet.
Each machine MUST be firewalled from the Internet, and thus also from each
other. In this case, it's not really possible to do file and print sharing
between the machines safely using TCP/IP. We can advise further, if this
is the case.

Now, on to setting up a fully routed Public IP subnet.
I have a similar set-up with 16 public IP addresses on my LAN, using a
D-link DSL-504.

1) Leave the WAN side of the router configured to pick up an IP address
automatically, or follow whatever instructions your ISP has for connecting.
The router will then get a WAN-side IP address from the ISP, this will not
be one of your assigned 8. You do not need to fiddle with this.

2)You need to turn off NAT on the router to use public IP addresses on your
LAN. Look for a page in the router config to turn off the NAT function.

3) You must manually configure the LAN ( ethernet ) address on your router,
it won't pick that up from anywhere. You should configure it's LAN-side
address as the lowest of the useable addresses in your assigned block.

eg: my router picks up 217.169.30.196 as my WAN address.
But my block of 16 addresses is 81.187.191.64 /28,
(ie 81.187.191.64 thru 81.187.191.79.)
Now, remember the lowest and highest (.64 and .79) are reserved.
So I set the router manually to 81.187.191.65, mask 255.255.255.240.
( With a block of 8 addresses, you will need to use a mask of
255.255.255.248 ).

Now, assign your PCs to the rest of the useable range, and point them to the
router's LAN address as Default Gateway. You can use the router's DHCP
server to perform this if you want. Be sure to set up the DHCP range (
'scope' ) to serve up the remainder of your useable addresses, have it serve
up a subnet mask of 255.255.255.248, and have it serve up the IP address of
your router which you just configured as the Default Gateway. You will
also need to ensure it is serving up proper DNS server addresses.

4) Since you do not have NAT as an inbound firewall to hide behind, all your
machines are now exposed directly on the Internet. You MUST take care with
your firewalling now. If the router has built-in firewall, be sure to drop
ALL inbound connections, except those you explicitly want to let in. Even
then, permit them only to the machine in question. The firewall function on
many routers is rather basic, and is normally used in conjunction with NAT.
Personally, I found the firewall function on my DSL-504 too useless, so I
have disabled it and I use a hardware firewall between my router and LAN.
I also use the Windows Firewall on all the internal machines, and File+Print
sharing is permitted only from within the local subnet.

 

[Pulsar via WindowsKB.com]

Thank you that seems like it's pretty much all I'll need so once everyone in
the household's ready I'll try it out. Thank you again for the reply!

Well I have used the search feature to try look up if my questioin has
been

[quoted text clipped - 32 lines]

Thank you for your time in advance!

If you mean a block of 8 consecutive addresses ( as opposed to 8 random
addresses ), then this is a fully routed public block. I will describe how
to set that up.

If, on the other hand, you have just 8 random IP addresses, then you don't
need the router function, just 'bridge mode'. In this case, you don't have
a 'Local Network' at all, just 8 random single machines on the Internet.
Each machine MUST be firewalled from the Internet, and thus also from each
other. In this case, it's not really possible to do file and print sharing
between the machines safely using TCP/IP. We can advise further, if this
is the case.

Now, on to setting up a fully routed Public IP subnet.
I have a similar set-up with 16 public IP addresses on my LAN, using a
D-link DSL-504.

1) Leave the WAN side of the router configured to pick up an IP address
automatically, or follow whatever instructions your ISP has for connecting.
The router will then get a WAN-side IP address from the ISP, this will not
be one of your assigned 8. You do not need to fiddle with this.

2)You need to turn off NAT on the router to use public IP addresses on your
LAN. Look for a page in the router config to turn off the NAT function.

3) You must manually configure the LAN ( ethernet ) address on your router,
it won't pick that up from anywhere. You should configure it's LAN-side
address as the lowest of the useable addresses in your assigned block.

eg: my router picks up 217.169.30.196 as my WAN address.
But my block of 16 addresses is 81.187.191.64 /28,
(ie 81.187.191.64 thru 81.187.191.79.)
Now, remember the lowest and highest (.64 and .79) are reserved.
So I set the router manually to 81.187.191.65, mask 255.255.255.240.
( With a block of 8 addresses, you will need to use a mask of
255.255.255.248 ).

Now, assign your PCs to the rest of the useable range, and point them to the
router's LAN address as Default Gateway. You can use the router's DHCP
server to perform this if you want. Be sure to set up the DHCP range (
'scope' ) to serve up the remainder of your useable addresses, have it serve
up a subnet mask of 255.255.255.248, and have it serve up the IP address of
your router which you just configured as the Default Gateway. You will
also need to ensure it is serving up proper DNS server addresses.

4) Since you do not have NAT as an inbound firewall to hide behind, all your
machines are now exposed directly on the Internet. You MUST take care with
your firewalling now. If the router has built-in firewall, be sure to drop
ALL inbound connections, except those you explicitly want to let in. Even
then, permit them only to the machine in question. The firewall function on
many routers is rather basic, and is normally used in conjunction with NAT.
Personally, I found the firewall function on my DSL-504 too useless, so I
have disabled it and I use a hardware firewall between my router and LAN.
I also use the Windows Firewall on all the internal machines, and File+Print
sharing is permitted only from within the local subnet.

 

[Pulsar via WindowsKB.com]

Ok, the instructions worked like a dream, thank you very much for making your
time avaliable to me.

P.S. I've found that the router I have has a built in hardware firewall
besides the NAT so I'm able to make complete use of it even though the nat is
turned off now. I've use a few test sites to do simple port scans and all
results suggest that the ports are stealth so that will do for now untill I
find time and resources to invest into a stand-alone hardware firewall.

Thank you once again.