DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

2820 Using BT 5 IP ADSL set up question

More
21 Dec 2009 15:15 #7 by sdick
Replied by sdick on topic 2820 Using BT 5 IP ADSL set up question
OK, if you do set the ip address you just need to setup the other addresses as wan ip aliases to get them to be used in NAT.

Please Log in or Create an account to join the conversation.

  • roboughton
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
21 Dec 2009 15:28 #8 by roboughton
Replied by roboughton on topic 2820 Using BT 5 IP ADSL set up question

sdick wrote: OK, if you do set the ip address you just need to setup the other addresses as wan ip aliases to get them to be used in NAT.



I have all 5 of my allocated IPs working I also have the One supplied for the router by BT working as the fixed IP for the router

Please Log in or Create an account to join the conversation.

More
21 Dec 2009 16:00 #9 by hughwi
Replied by hughwi on topic 2820 Using BT 5 IP ADSL set up question
Fantastic responses guys, that has really helped, I now have the static IP's working (both on local machines and as the main static for the router).

Next step is setting up sensible firewall rules, one thing always leads to another! On this note, does it HAVE to be via DMZ? is there any other (slightly more secure) option?

Thanks

Hugh

Please Log in or Create an account to join the conversation.

More
21 Dec 2009 16:28 #10 by sdick
Replied by sdick on topic 2820 Using BT 5 IP ADSL set up question
I've just got open ports setup and am not using NAT at all.

I am using the address mapping feature though to force outgoing connections to be from a specific address. watch out though as the order on these is very important. I had a nightmare trying to get them sorted out as we had replaced a software firewall with the draytek. As some external suppliers had mapped ports to our old firewall address and not the router we had to change the default address mapping to enable the computers to appear to be coming from the correct IP.

Please Log in or Create an account to join the conversation.

  • roboughton
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
21 Dec 2009 16:34 #11 by roboughton
Replied by roboughton on topic 2820 Using BT 5 IP ADSL set up question

hughwi wrote: Fantastic responses guys, that has really helped, I now have the static IP's working (both on local machines and as the main static for the router).

Next step is setting up sensible firewall rules, one thing always leads to another! On this note, does it HAVE to be via DMZ? is there any other (slightly more secure) option?

Thanks

Hugh



Add a rule to the firewall to block all ports on the IP RANGE used for what ever items you are adding to the public IPs

for example if you have 5 IPs set up a object setting for 10.1.1.10 to 10.1.1.15 under IP objects call it something like SERVER LAN IPs (Assuming you make your servers static on those addresses)

In the firewall settings under filters go to filter set 2 and add a new rule block all ports to the SERVER LAN IPs object under Destination, at the same time set under the application filter part to block if it is no firther match to antoehr filter set e.g 3

Under filter set add all your allowed in rules for oprts and server destination IPs


That blocks all incoming trafic to the DMZ servers unless speciaifed in your rules

Please Log in or Create an account to join the conversation.

Moderators: Sami