Allowing me to use a hardware firewall alongside my Netgear DG834GT

Erm - with a public IP on the WAN of the Netgear and a private IP on the inside, that is NAT.

That's effectively transparency you've described, which as I said above will work but is pretty pointless in terms of functionality/security. Port forwarding not necessary for management as you'll be on the same subnet
 
iaind said:
Erm - with a public IP on the WAN of the Netgear and a private IP on the inside, that is NAT.

That's effectively transparency you've described, which as I said above will work but is pretty pointless in terms of functionality/security. Port forwarding not necessary for management as you'll be on the same subnet
Click to expand...

What features EXACTLY are going to be rendered pointless? you have not specified. Also, the Netgear is going to be used as an Access point only, and will be located on the inside of the LAN, their will be a dedicated Zyxel modem at the top end, connecting to my ISP, then the sonicwall connected to the Zyxel.
 
I misunderstood - I thought you were going to use the netgear as an ADSL modem, do you just want to use it as a wireless access point?

So its going to be a proper ADSL modem connected to the firewall? That should allow you to use a public IP on the WAN of the firewall. Slight overkill at home but at least it will work!

As for using the netgear as a WAP, just connect the firewall to the internal connection on the netgear, you dont need to use the WAN at all
 
iaind said:
I misunderstood - I thought you were going to use the netgear as an ADSL modem, do you just want to use it as a wireless access point?

So its going to be a proper ADSL modem connected to the firewall? That should allow you to use a public IP on the WAN of the firewall. Slight overkill at home but at least it will work!

As for using the netgear as a WAP, just connect the firewall to the internal connection on the netgear, you dont need to use the WAN at all
Click to expand...

lol! no worries, I was going to use the Netgear as my router/modem but thought it would be a lot easier just to use a single port Zyxel router at the top end. Then stick the netgear in a basic AP mode and stick it in the protected zone inside the LAN with DHCP off or DHCP pass through and connect it straight to the SonicWall's switch, that way laptops can connect via wireless to the Access point.

So im still going to have to set the SonicWall's WAN IP as the public IP from my ISP? What about the WAN interface of the Zyxel? private? also the LANIP of Zyxel will be in the same subnet as the LAN IP of the SonicWall?

What if I need to connect to my router remotely? if it doesnt have a public IP address how am I going to connect to it?

im sorry if im confused, but I got a bunch of people telling me to do it one way, then other people telling me to do it another way.
 
I don't about the Zyxel but have a look at the Draytek Vigor 100/110/120.

That's an ADSL modem. It does have an IP address to review ADSL line information. However, you don't need to connect to it to configure it (there's nothing to configure on it).

You configure the WAN interface on the SonicWall as a NAT with PPPoE. You enter the username and password supplied by your ISP into the SonicWall and the SonicWall gets the public IP assigned by your ISP as it's WAN IP. You choose the LAN IP eg 192.168.0.1 and that becomes the default gateway for all your internal devices. The Vigor 100/110/120 is transparent to the outside world.

A SonicWall + Vigor 1x0 unit is a tried and tested combination for me.

You could then use your NetGear router as just a WiFi AP inside your LAN. WiFi devices will be about to get an DHCP lease from the SonicWall, as will your cabled devicess.
 
iaind said:
So its going to be a proper ADSL modem connected to the firewall? That should allow you to use a public IP on the WAN of the firewall. Slight overkill at home but at least it will work!
Click to expand...

Just to clarify this above statement, if im setting the SonicWall's WAN interface as the public IP address (provided by my ISP) whats going to happen to the IP that my ADSL Modem is going to pick up as it would normally pick up the public IP address for itself from my IP address, also, im assuming this ADSL modem will still be in No-NAT/No Firewall mode for this to work.
 
It basically works as a PPPoA to PPPoE bridging device.

There is no routing, NAT, firewall etc. No-NAT setups that the Netgear kit has an option for is when the DG is working as a router, but passing a routed subnet to its clients as apposed to a NAT'd one.

It syncs the line and provides a PPPoE server for the Sonicwall to login through.
 
wij said:
It basically works as a PPPoA to PPPoE bridging device.

There is no routing, NAT, firewall etc.

It syncs the line and provides a PPPoE server for the Sonicwall to login through.
Click to expand...

Ahh I see, fair enough, so just use the SonicWall with NAT with PPPOE on the WAN interface, give that interface the Public IP.

Bearing in mind that I am on a BE connection, and the way BE works is that I dont have to enter any usernames/passwords at the authentication level on my current netgear.

I will have a look later.
 
You should be able to leave them blank in the PPPoE settings too. Just make sure the modem has customisable VPI/VCI settings as O2/Be dont use the standard 0/38
 
Cool, thanks for everyones help on this, as I mentioned the way we usually configure it is different as customers have multiple public IP's rather than a single static IP.
 
hmm, think I have found a flaw with these Zyxel's in routing mode, wont let me configure WAN unless I enter a username and password :( I can put it into bridge mode.
 
Last edited:
Bridge mode on PPoA still requires username/password, there is also a RFC 1483 bridge mode which doesnt require authentication. Going to look into this.

EDIT: Going to ditch the Zyxel modem I have as it doesnt support Annex M, which will cause problems. Going to have to look for an alternative modem, there is a Draytek Vigor 120, anything else? What about the Linksys AM200?
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom