Questions

How to configure STATIC IP from ISP to the local network

Tags:
+
0 Votes
Locked

How to configure STATIC IP from ISP to the local network

rajuact
Hello,

I have my network deployed very well.
Well, I had to host FTP and WEB MAIL SERVICES, so I purchased about three static IP adddress from ISP.

Where am I suppossed to configure this IP in the server. I just need to configure FTP on PC and the other static ip address for the mail server. I still need the (10.0.0.1 to 10.0.0.100)..the sequence if got from ISP is different and unique. how do I configure.

Please guys help me out or direct me to any articles or downloads.

Please any suggestions or comments will be appreciated.

THANKYOU IN ADVANCE
  • +
    0 Votes
    daveo2000

    The 10.0.0.* addresses are referred to as non-addressable and can only be used for local networks (behind a gateway using NAT (network address translation) or something similar). This is also true of the 192.168.*.* addresses. You can find out more that you will want to know at http://en.wikipedia.org/wiki/Ip_address to see if your addresses are, indeed, Internet addressable.

    Now, back to the rest of your question. I don't understand what you mean by "I have my network deployed very well." If the network is already set up then what are these new IP addresses for?

    Additionally, the services you mention are all on different ports so the IP address does not need to be different. With that in mind, lets move on to what you might really want to be doing:

    You should have a firewall. This firewall should be capable of both port forwarding and NAT (as well as all of the other normal things a modern firewall does). The Internet side will have a fully addressable IP address. The LAN (Local Area Network) side can either be running DHCP and/or you can give your servers static addresses. For the sake of simplicity, let's just say that your server will be static addresses and your workstations will use DHCP.

    If you set up the firewall with DHCP going from 100 to 199 (i.e.: 10.0.0.100 to 10.0.0.199) then you can assign your servers static addresses below 100. Your gateway shoud be 10.0.0.1 so don't use that elsewhere.

    Next, set up your FTP server as, for example, 10.0.0.2; your mail server as 10.0.0.3 and your web server (if I understood that correctly) as 10.0.0.4.

    You will next go to the port forwarding screen for your firewall/router and configure the FTP ports to be forwarded to 10.0.0.2 (same port numbers); the mail server to 10.0.0.3 (same ports) and the web server to 10.0.0.3 (same ports). A specific example is to tell the firewall "Forward port 80 to 10.0.0.4:80".

    Does this seem to address your question?

    +
    0 Votes
    CG IT

    your perimeter router has to be able to handle multiple global addresses so for you to do what you want to do, first is does your perimeter router have that capability?

    After that, it's easy to forward traffic to specific hosts on the lan [also with static address mapping] or as dave2ooo says with port forwarding to specific hosts.

    +
    0 Votes

    DMZ

    SWells

    What Daveo2000 is correct, however I would look into whrther your router can handle a DMZ and set up the web server and FTP server on that DMZ instead of being a part of your network. If either of these servers become compromised, you want them firewalled from the rest of your network. The web server also doesn't need to be a part of your domain, it can be a stand alone box, just another small security feature.

    +
    0 Votes

    Dave I really appreciate your time for showing the highlights on configuration.

    " Port Forwarding" was the missing deal here. Thanks for explaining that.

    yes I did not purchase 10.0.0.family from ISP..(lol)!!!!

    Appreciate your time man.

    +
    0 Votes
    daveo2000

    Check back if you need more help.

  • +
    0 Votes
    daveo2000

    The 10.0.0.* addresses are referred to as non-addressable and can only be used for local networks (behind a gateway using NAT (network address translation) or something similar). This is also true of the 192.168.*.* addresses. You can find out more that you will want to know at http://en.wikipedia.org/wiki/Ip_address to see if your addresses are, indeed, Internet addressable.

    Now, back to the rest of your question. I don't understand what you mean by "I have my network deployed very well." If the network is already set up then what are these new IP addresses for?

    Additionally, the services you mention are all on different ports so the IP address does not need to be different. With that in mind, lets move on to what you might really want to be doing:

    You should have a firewall. This firewall should be capable of both port forwarding and NAT (as well as all of the other normal things a modern firewall does). The Internet side will have a fully addressable IP address. The LAN (Local Area Network) side can either be running DHCP and/or you can give your servers static addresses. For the sake of simplicity, let's just say that your server will be static addresses and your workstations will use DHCP.

    If you set up the firewall with DHCP going from 100 to 199 (i.e.: 10.0.0.100 to 10.0.0.199) then you can assign your servers static addresses below 100. Your gateway shoud be 10.0.0.1 so don't use that elsewhere.

    Next, set up your FTP server as, for example, 10.0.0.2; your mail server as 10.0.0.3 and your web server (if I understood that correctly) as 10.0.0.4.

    You will next go to the port forwarding screen for your firewall/router and configure the FTP ports to be forwarded to 10.0.0.2 (same port numbers); the mail server to 10.0.0.3 (same ports) and the web server to 10.0.0.3 (same ports). A specific example is to tell the firewall "Forward port 80 to 10.0.0.4:80".

    Does this seem to address your question?

    +
    0 Votes
    CG IT

    your perimeter router has to be able to handle multiple global addresses so for you to do what you want to do, first is does your perimeter router have that capability?

    After that, it's easy to forward traffic to specific hosts on the lan [also with static address mapping] or as dave2ooo says with port forwarding to specific hosts.

    +
    0 Votes

    DMZ

    SWells

    What Daveo2000 is correct, however I would look into whrther your router can handle a DMZ and set up the web server and FTP server on that DMZ instead of being a part of your network. If either of these servers become compromised, you want them firewalled from the rest of your network. The web server also doesn't need to be a part of your domain, it can be a stand alone box, just another small security feature.

    +
    0 Votes

    Dave I really appreciate your time for showing the highlights on configuration.

    " Port Forwarding" was the missing deal here. Thanks for explaining that.

    yes I did not purchase 10.0.0.family from ISP..(lol)!!!!

    Appreciate your time man.

    +
    0 Votes
    daveo2000

    Check back if you need more help.