FTTC with 2 or more Static IPs

Frank_Rizzo · 9 May 2013 at 15:41

Is something like this possible:

2 assigned Static IPs, 1 for server, 1 for home network

VDSL
|
|
\/
Switch
|
\/
Switch Port1 -> PPOE Webserver IP address1
Switch Port2 -> PPOE Router IP address2 -> Desktop, Laptop, Xbox

I guess it's not possible because the router won't be able to do NAT?

Alternatively if there are 5 static IPs then each device has it's own address but requires configurating for PPOE?

ots3go · 9 May 2013 at 16:13

You'll be wanting a router that can do static NAT.

With that you'll perform static NAT on one, for the webserver, whist the other IP would perform PAT / NAT Overload as 'normal'.

Frank_Rizzo · 10 May 2013 at 11:20

Any recommendations for a static NAT router?

What about the server. Linux. Can that do this kind of routing itself?

bremen1874 · 10 May 2013 at 11:26

The DrayTek 2830 and 2920 would handle it. The other similar models should be okay as well, but I haven't tried them.

Cycrow · 10 May 2013 at 16:40

why is it you need a seperate static ip for a webserver ?

Frank_Rizzo · 10 May 2013 at 17:02

Because the webserver may occasionally get hammered for exploits and stuff. I want to keep it separate from other devices.

ots3go · 10 May 2013 at 17:05

Frank_Rizzo said:
Because the webserver may occasionally get hammered for exploits and stuff. I want to keep it separate from other devices.

In which case it will be still coming through the same WAN link, regardless of the IP it's on.

You want to be looking at a second separate line for that.

Cycrow · 10 May 2013 at 17:09

with multiple ip's all traffic will still come down the same connection, it'll just be split and sent to different ips once it reaches your router.

Frank_Rizzo · 10 May 2013 at 17:25

I understand that. Hmm.

The point is that any malicious sniffing around will be on the server IP only. Portscans, exploits may take place against 123.123.123.123. It will not affect the other devices on the network.

OK someone could guess the next IP, and of course there are sequential IP scans, but then there is nothing that can be done about that.

Another reason is that there may be different servers on the other IPs. For search engine optimisation that is desirable.

Another reason is that devices on IP1 can be on 24/7 whilst IP2...8 can be scheduled to not have internet connection at certain times.

KIA · 10 May 2013 at 17:43

Is the server isolated from the rest of the devices on the local network?

Frank_Rizzo · 10 May 2013 at 18:03

It could be if that is advantageous.

dfarrall · 10 May 2013 at 18:58

Your doing this completely wrong.

What you want is a DMZ, and a router that supports it.
NAT will do absolutely nothing to help you once the web server is done over.