Networks·41,398 discussions

Public/ Private IP addresses

Locked

General Question:
I work in a small office with about a dozan users. Our network setup includes NT 4.0 server and a win 2000 server. Our new ISP provider gave me a cluster or range of IP addresses. To make my network work I use these addresses for our network but was told I should not for security reasons. How do you setup a network using internal Class C (private IPs) and still have access to the public IPs used for internet access for my users using XP desktop??

Topic

Clarifications

In reply to Public/ Private IP addresses

Clarifications

use a router and a firewall

In reply to Public/ Private IP addresses

Setup your internal network with private IP’s then use a router. One side presents a private IP to the local LAN and use a Public IP to present to the internet. Also you will want to make sure you use a firewall in order to keep the bad guys out.

humm ok so you don’t know how to setup a network.

In reply to Public/ Private IP addresses

Is that the problem? So you want some guidance on where to learn networking?

plently of self help books availble on Amazon.com. you could also take a CompTIA Network + training program.

http://www.cramsession.com/certifications/comptia/network.asp

or did you want us here to tell you how to setup a network?

Noop. Done it both ways

In reply to humm ok so you don’t know how to setup a network.

Currently I set up and have running our LAN using the cluster of IP’s from our ISP provider to have internet access.

Previosuly I had set up and running our LAN using class C IP addresses.

What I want is direction on how to use internal or private IPs for my LAN and yet use the public IPs provided by our ISP to access the internet.

NAT

In reply to Noop. Done it both ways

Whoever recommended for you not to put your LAN on pub IP’s was right, as are the other posters.

Multiple private IP LAN clients can “share” a single public IP for internet access via NAT, i.e. Network Address Translation. Most routers have this capability.

A simplistic description: the router takes the outbound traffic from your LAN and replaces the source internal private IP’s with the router’s public IP. The router keeps track of which internal IP’s are talking to which external IP’s so that the inbound traffic gets sent to the correct internal IP. This allows multiple internal clients on private IP’s to communicate accross the internet using as little as a single public IP on the router’s external interface.

This by itself offers a certain amount of protection as your LAN clients are not exposed on public IP’s and inbound traffic to the NAT external IP is generally only allowed based on a request from an internal client. For more protection, also install a firewall.

So to make this work on your network, you would
a) configure your LAN clients back on Private IP’s, properly configured with your router as their default gateway, and with working DNS resolvers;
b) configure your router’s internal interface on the same network as your LAN of course, at least one Public IP on its external interface, and enable NAT

Previous Network Setup

In reply to Public/ Private IP addresses

How did your network handle all this before your new ISP came in the picture? Are you guys using a static IP for your business? Why would your ISP give you a “cluster” of IP addresses? If you are not paying for a static IP with your ISP, then you are getting a dynamic IP assigned. Do you have a router? Are you using NAT? Need some more info bud….

Some info

In reply to Previous Network Setup

We are a small shop. We use the LAN for internet access and file sharing only. Originally I set up the LAN using C class static IPs (no internet). Shortly we were provided with an ISP whom gave us a range of IPs to use along with other setup info for mask, gateway ..etc. These are now our LAN static IP address that provide us internet access. I use firewall software on the servers. No router yet on our end. I guess our ISP provided use with static IPs..these don’t change on our LAN.

Setup DHCP

In reply to Public/ Private IP addresses

Hi,

This is a very big topic but try this for abit of guidance.

1. Setup the public IP address’s for your servers..such as DNS Servers, web servers etc. I would not recommend a file server.
2. Set your servers with static IP
3. Setup on one server a DHCP scope…this will automaticly assign to computers a IP address. Hopefully you have also a firewall.

If you have a small network…dozen people and dont plan to grow fast then try a Zyxel firewall / router UTM.

The IP range from your ISP

In reply to Public/ Private IP addresses

As several other posts have stated, you should use a private IP address scheme for the internal network.

The range of addresses your ISP gave you is for accessing your Internal network from the outside (or from the Internet).

You would use some form of port forwarding so users could directly access there individual machines from home (or anywhere else outside the local network. Also for direct access to Servers for file sharing and or web servers.
Although I think a VPN connection to the network would much safer than giving users direct access to machines on the internal network.

[Author]

Replies