Questions

Bypassing the Firewall/Router

+
0 Votes

Bypassing the Firewall/Router

stepsimon
I'm having trouble going directly to my switch from my router. The path goes from the demarc to the ISP's router, (Cisco IAD 2400 series), to a small router/firewall, (Linksys BEFSX41), we use for the firewall part, then to the switch. No problems there. When I plug from the ISP's router into the switch,(HP Procurve 1410 24G), plugging directly into the front panel where the firewall/router was connected, I lose the internet.

Is something staring me in the face, that I'm going to be embarrassed about missing? If so, please tell me what it is.

Thanks,
Stephen

Clarifications

cpguru21

What are you trying to accomplish? I have a switch off of my IAD for the purpose of having multiple public devices (Firewall, SSLVPN Device, Web Server) etc...however I have a range of Public IP's to use also, no DHCP. Like others said, I would guess this is whats happening here.

Why are you bypassing the firewall?

Member Answers

    • +
      0 Votes

      you are sort of making a "new" internet connection, and you may have to setup this connection in your operating system's settings, so that it doesn't think you are still connected via the firewall.

      +
      0 Votes
      info

      If your ISP has provided you with a router, and not simply a 'modem', then the IP addresses are probably wrong. I'm betting the 'Internal' IP address of the ISP's router is different than the one your Linksys used. Since the computers are probably all still pointed at the Linksys' old address as their gateway, they now don't know where to go...

      +
      0 Votes
      Charles Bundy

      e.g. traceroute with & without BEFSX41 inline. But at a guess I'd say the Cisco 2400 IAD is setup to route a static IP (single) w/o NAT. Thus only one of your devices connected to your HP Procurve switch would have Internet access assuming it matches that IP (which depending on your DHCP/IP setup is unlikely. Guessing it is a completely different subnet.) The BEFSX41 is more than likely providing the NAT to single IP for the Cisco IAD 2400. For that matter it may be providing DHCP as well.

      +
      0 Votes
      markp24

      I have had situations where all i had to do was power cycle the isps modem when connecting a new internal router.
      If that doent resolve it, then i agree with the prior pose if checking you ip addressing setup on the router and any DHCP services you may have seup, try to match it to the old router the best you can (where applicable).

      +
      0 Votes
      stepsimon

      Basically it amounts to doing what my boss suggested. We'd been having a problem with our email and she wanted me to try bypassing that firewall, so I tried it and found something I didn't understand.

      +
      0 Votes
      jqbecker

      If it worked previously, bypassing the firewall is not going to improve things. If you have not deliberately blocked the common email ports (Inbound: 110, 993, 995 / Outbound: 25, 465, 587) and email is not getting through, you need to look elsewhere for the trouble.

      +
      0 Votes
      stepsimon

      The ISP's router not matching the NAT IPs from behind the Linksys makes perfect sense to me.

      Thank you very much.

      +
      0 Votes
      jqbecker

      The Cisco IAD is probably not handing out DHCP addresses. You internal PC's were getting their addresses from the Linksys. Log on to the Linksys and see what IP's are assigned to the incoming interface. If you configure just one internal PC manually with those static IP values, you could probably surf.

      +
      0 Votes
      CG IT

      routers create networks. Each router has it's own subnet addressing and default gateway. Disconnecting your Linksys router, which is the gateway for all hosts behind it, means host's can't find the gateway out. The hosts don't know about the Cisco router as a gateway out because their gateway address is the Linksys. Thus no internet.

    • +
      0 Votes

      you are sort of making a "new" internet connection, and you may have to setup this connection in your operating system's settings, so that it doesn't think you are still connected via the firewall.

      +
      0 Votes
      info

      If your ISP has provided you with a router, and not simply a 'modem', then the IP addresses are probably wrong. I'm betting the 'Internal' IP address of the ISP's router is different than the one your Linksys used. Since the computers are probably all still pointed at the Linksys' old address as their gateway, they now don't know where to go...

      +
      0 Votes
      Charles Bundy

      e.g. traceroute with & without BEFSX41 inline. But at a guess I'd say the Cisco 2400 IAD is setup to route a static IP (single) w/o NAT. Thus only one of your devices connected to your HP Procurve switch would have Internet access assuming it matches that IP (which depending on your DHCP/IP setup is unlikely. Guessing it is a completely different subnet.) The BEFSX41 is more than likely providing the NAT to single IP for the Cisco IAD 2400. For that matter it may be providing DHCP as well.

      +
      0 Votes
      markp24

      I have had situations where all i had to do was power cycle the isps modem when connecting a new internal router.
      If that doent resolve it, then i agree with the prior pose if checking you ip addressing setup on the router and any DHCP services you may have seup, try to match it to the old router the best you can (where applicable).

      +
      0 Votes
      stepsimon

      Basically it amounts to doing what my boss suggested. We'd been having a problem with our email and she wanted me to try bypassing that firewall, so I tried it and found something I didn't understand.

      +
      0 Votes
      jqbecker

      If it worked previously, bypassing the firewall is not going to improve things. If you have not deliberately blocked the common email ports (Inbound: 110, 993, 995 / Outbound: 25, 465, 587) and email is not getting through, you need to look elsewhere for the trouble.

      +
      0 Votes
      stepsimon

      The ISP's router not matching the NAT IPs from behind the Linksys makes perfect sense to me.

      Thank you very much.

      +
      0 Votes
      jqbecker

      The Cisco IAD is probably not handing out DHCP addresses. You internal PC's were getting their addresses from the Linksys. Log on to the Linksys and see what IP's are assigned to the incoming interface. If you configure just one internal PC manually with those static IP values, you could probably surf.

      +
      0 Votes
      CG IT

      routers create networks. Each router has it's own subnet addressing and default gateway. Disconnecting your Linksys router, which is the gateway for all hosts behind it, means host's can't find the gateway out. The hosts don't know about the Cisco router as a gateway out because their gateway address is the Linksys. Thus no internet.