Question

  • Creator
    Topic
  • #2136676

    Bypassing the Firewall/Router

    Locked

    by stepsimon ·

    I’m having trouble going directly to my switch from my router. The path goes from the demarc to the ISP’s router, (Cisco IAD 2400 series), to a small router/firewall, (Linksys BEFSX41), we use for the firewall part, then to the switch. No problems there. When I plug from the ISP’s router into the switch,(HP Procurve 1410 24G), plugging directly into the front panel where the firewall/router was connected, I lose the internet.

    Is something staring me in the face, that I’m going to be embarrassed about missing? If so, please tell me what it is.

    Thanks,
    Stephen

All Answers

  • Author
    Replies
    • #2427283

      Clarifications

      by stepsimon ·

      In reply to Bypassing the Firewall/Router

      Clarifications

      • #2427228

        Request for Clarification

        by cpguru21 ·

        In reply to Clarifications

        What are you trying to accomplish? I have a switch off of my IAD for the purpose of having multiple public devices (Firewall, SSLVPN Device, Web Server) etc…however I have a range of Public IP’s to use also, no DHCP. Like others said, I would guess this is whats happening here.

        Why are you bypassing the firewall?

    • #2427275
      Avatar photo

      When you plug directly into the switch,

      by Wizard57M-TR ·

      In reply to Bypassing the Firewall/Router

      you are sort of making a “new” internet connection, and you may have to setup this connection in your operating system’s settings, so that it doesn’t think you are still connected via the firewall.

    • #2427241

      It’s All Numbers

      by info ·

      In reply to Bypassing the Firewall/Router

      If your ISP has provided you with a router, and not simply a ‘modem’, then the IP addresses are probably wrong. I’m betting the ‘Internal’ IP address of the ISP’s router is different than the one your Linksys used. Since the computers are probably all still pointed at the Linksys’ old address as their gateway, they now don’t know where to go…

    • #2427231

      More info would help

      by charles bundy ·

      In reply to Bypassing the Firewall/Router

      e.g. traceroute with & without BEFSX41 inline. But at a guess I’d say the Cisco 2400 IAD is setup to route a static IP (single) w/o NAT. Thus only one of your devices connected to your HP Procurve switch would have Internet access assuming it matches that IP (which depending on your DHCP/IP setup is unlikely. Guessing it is a completely different subnet.) The BEFSX41 is more than likely providing the NAT to single IP for the Cisco IAD 2400. For that matter it may be providing DHCP as well.

    • #2427223

      did you powercycle the ISP’s modem

      by markp24 ·

      In reply to Bypassing the Firewall/Router

      I have had situations where all i had to do was power cycle the isps modem when connecting a new internal router.
      If that doent resolve it, then i agree with the prior pose if checking you ip addressing setup on the router and any DHCP services you may have seup, try to match it to the old router the best you can (where applicable).

    • #2427222

      Answer to clarification

      by stepsimon ·

      In reply to Bypassing the Firewall/Router

      Basically it amounts to doing what my boss suggested. We’d been having a problem with our email and she wanted me to try bypassing that firewall, so I tried it and found something I didn’t understand.

      • #2427207

        Reponse To Answer

        by jqbecker ·

        In reply to Answer to clarification

        If it worked previously, bypassing the firewall is not going to improve things. If you have not deliberately blocked the common email ports (Inbound: 110, 993, 995 / Outbound: 25, 465, 587) and email is not getting through, you need to look elsewhere for the trouble.

    • #2427220

      Thanks.

      by stepsimon ·

      In reply to Bypassing the Firewall/Router

      The ISP’s router not matching the NAT IPs from behind the Linksys makes perfect sense to me.

      Thank you very much.

      • #2427206

        Reponse To Answer

        by jqbecker ·

        In reply to Thanks.

        The Cisco IAD is probably not handing out DHCP addresses. You internal PC’s were getting their addresses from the Linksys. Log on to the Linksys and see what IP’s are assigned to the incoming interface. If you configure just one internal PC manually with those static IP values, you could probably surf.

      • #2427198

        Reponse To Answer

        by cg it ·

        In reply to Thanks.

        routers create networks. Each router has it’s own subnet addressing and default gateway. Disconnecting your Linksys router, which is the gateway for all hosts behind it, means host’s can’t find the gateway out. The hosts don’t know about the Cisco router as a gateway out because their gateway address is the Linksys. Thus no internet.

Viewing 6 reply threads