..... my Netgear RT311 Router? I have my SB4200 Cable modem and 2 static (leased IP's) that I would like to pass through my Router and still utilaze the Firewall.. How?

You don't :( If you find out differently definitely let me know as I have a couple of Buddy's with that router that could use that ability

Yeah, me too! I have the same difficulty and the only way around it is to go from the modem to a switch to two routers and so on.... hardware mess if I do say so myself! So if anyone finds a router that handle’s it or finds a work around, I would be very happy indeed.

Is there another router out there, besides the Cisco router in my closet that is a pain in the ******, that allows static pass through?

There is a "Static Route" screen in the Netgear, I lost all the documentation, so I have now clue as to what this config screen is form..

Sure, I use an SMC router and it does anything you want it too... and I got it for $30. I have also seen (and used before) dlink routers, and they are on sale here for $20 with rebait of course. But hey, the even do IPsec pass through as well if you want them to. By the way mholtum, you wouldn't want to part with that router in the closet would you? I would love to have one available when I start taking cert classes.

Not really, but I will think about it.. I use it once and awhile when I get a wild hair and want to totally frustrate myself. It is a killer Router / firewall, but as I stated it is a pain to configure.

Yea, sounds like a delima...I think you need to add at least one hub/switch in there.

You could get a small switch, run one port to the router, one to the PC and then the uplink port to the modem. Now use the router to connect a PC. Basically, you will have one completely un firewalled PC, and one firewalled through the router.

This should not be a big problem as long as you take security precautions on the non-firewalled PC.

Hey...I just found what you need!

Get the CompUSA special $39.99 4 port cable/dsl router sku# 290331.

I just bought one, and it has some really cool features.
What you are interested in...it can assign up to 8 DMZ's, one for each static IP your ISP provides up to 8 IP's.

It does a lot of other things...like automatically updating dyndns.org if you like as well.

Correct me if I am wrong, but being able to out a box in the DMZ is different than allowing a IP pass through.

Do you have to turn off NAT to be able to use your static IP's?

You kind of lost me...Is this the one? (http://www.compusa.com/products/product_info.asp?product%5Fcode=290331&csearch=1&cmid=gosku&pfp=srch1)

You are correct mholtum about the DMZ. It is simply out on the net by itself with no routing and no firewall. So you can add as many as you want to to the router with its own IP and you are set. Personally, I would want a router in place as there are not many reasons any more to leave yourself in the wind like that. You can even securely filter AD communications if you set things up correctly.

As far as turning of NAT, that isn't needed as that is the whole point of the router. It enables all users connected to use a single static IP... Now if we could only find one that handles more than one static IP without breaking the bank....

Correct me if I am wrong, but being able to out a box in the DMZ is different than allowing a IP pass through.


You are wrong.

It does DMZ, which is IP address mapping of what ever incoming IP you want routed to whatever machine you designate. The machines themselves will have lan IP's and whatever subnet you designate, except you will route each IP you want to route to it's corresponding ISP provided static address. I think this is the closest to a truly programmable ( like Cisco catalyst ) router as you will get in a home router...and the price is unbelievable

You can route 8 static IP's from the ISP/DSL/CABLE modem to 8 machines you designate with this router. Each machine has it's own DMZ.

Of course, you can still turn on blocking of ports you want blocked.


BTW: YES, that IS the one.

BTW: Yahoo has the real brand name of the same router for $27.00

http://shop.store.yahoo.com/i-market/ee4gig4porin.html

The manual for the gigafast model is here: http://www.gigafast.com/Support/Routers/EE400-R/EE400-R.pdf

I did notice that on the CompUSA model you have 8 different DMZ's but on the Gigafast you only have up to 4 DMZ's, but since you only have 2 IP addresses, it's just as good.

Great I will get one tomorrow, thanks

I just found out...you can telnet into it as well through ip.

Aparently, if you solder in the parallel port and serial ports you can flash it to the ee400-rp and use it for printer serving as well. ( Don't know if it actually works...but it could. )

It's starting to feel like a cisco already. :D

A Demilitarized Zone is used by a company that wants to host its own Internet services without sacrificing unauthorized access to its private network.
The DMZ sits between the Internet and an internal network's line of defense, usually some combination of firewalls and bastion hosts.
Typically, the DMZ contains devices accessible to Internet traffic, such as Web (HTTP ) servers, FTP servers, SMTP (e-mail) servers and DNS servers.

BBA you said: It does DMZ, which is IP address mapping of what ever incoming IP you want routed to whatever machine you designate.

I'm sorry but there is NO mapping here. No port blocking, it is wide open for the internet. The router perfomes ony the function of a switch to your cable/dsl modem. Therefore the router in question can handle as many as 8 (or 4 depending on the one you want to talk about here) DMZ (non mapped) connections. The machines in the DMZ will have to fend for themselves. Make no mistake, they are not protected. They will need there own firewall or routing (if it's a server it can handle it) to the internal network.

So I ask you this... wouldn't it be cheaper to just buy a switch and place it in front of the router and put all of your DMZ machines there? That would eliminate the problem of how many DMZ's you can have by the number of connections on the switch... Just get a big enough switch for your needs. This also frees up the router for real internal connections that need the mapping.

rpreacher, yes, you are right, they will be in a DMZ. But, why is it better than using a regular switch? Well, you still can route to other systems that are firewalled, and you don't need an additional switch ( which cost about as much as this router anyway ). So, basically, doing it the way you say will end up using a switch and two routers.

I think its a little more cost effective to just have this one router and run a firewall application on the machines in the DMZ than it is to use two routers ( to firewall individual machines ) and then a switch to go with them. Plus, going the switch and routers method...you cannot connect to the machines on the DMZ switch (or other router if you used two routers) from inside the lan for sharing files and printers, it would would not work.

All I am saying is it can handle more than one IP from the dsl modem and you still get the features of the router like lan connectivity for file/print sharing between lan computers.

You can also set up virtual servers on it...where ftp requests will be sent to the machine you specify as the ftp server, as you can also do for web and smtp servers inside the firewall.

Hmmm...I just reread everything...yea, it's a little confusing...but I think you can see my point if you read it enough times. :D

I gotcha now.. I just didn't want any inocent bystanders to think that the DMZ machines were protected by the router is all... but I do see your point. I think I'll get one myself.

I cant figure out how to add more than one IP to this router.. Can someone tell me? I also dont see an option to add more than one DMZ zone or anything like that

Your router has to support it.

The one I have does, but I dont use it anymore because I use my D-Link wireless router now.

I have that CompUSA one everyone said supports it

I have that router also (using in the meantime til I pickup a wireless G w/ prn server and 56k dialup support) and I just ran into some problems. It seems to be conflicting w/ Outlook Express and preventing messages above a certain size from being sent. I can receive on all accounts but sending wont work for anything but a few lines.
It worked well before I updated the firmware (to 1.913).

After a bit of reading and hair-pulling, I narrowed it down to the router (there's also at least one Linksys model w/ this problem). I bypassed it and now I can send 4k or 2m files.

Since I need the router (NAT, DMZ, etc) how can I resolve this? Anyone familiar w/ the problem?

Are you getting any error messages? If so what one?

Just went back on the router and got this (even tried getting into the DMZ but no joy):

An unknown error has occurred. Subject 'Fw: test', Account: 'xxx', Server: 'xxx.xxx.net', Protocol: SMTP, Server Response: '421 out001.xxx.net Lost connection to [000.00.000.000]', Port: 25, Secure(SSL): No, Server Error: 421, Error Number: 0x800CCC67

Sometimes I get a timeout error.

The IP addy was mine. Server apparently disconnects from OE no matter what the timeout setting. Sometimes it just hangs on the really big mails (html or text w/ attachments).

I have an idea...
Is it possible to dump the older firmware from another router to a file then flash to mine so I can go back?

what you would need to do is download an older version. I would either go to the website and see if they provide old versions for download or call customer support and tell them you are having problems since you upgraded and need an older ver.

Mike

re the above issue, it was suggested by the router's tech support that lowering the MTU may resolve things. Its currently at 1440 for PPPOE and 1500 for static. The suggested value is 1000 but my concern is that it may be a bit low and would likely affect performance.

Are there optimum values here? Should it match my ISP's?

Originally posted by fluxy
I have that router also (using in the meantime til I pickup a wireless G w/ prn server and 56k dialup support) and I just ran into some problems. It seems to be conflicting w/ Outlook Express and preventing messages above a certain size from being sent. I can receive on all accounts but sending wont work for anything but a few lines.
It worked well before I updated the firmware (to 1.913).

After a bit of reading and hair-pulling, I narrowed it down to the router (there's also at least one Linksys model w/ this problem). I bypassed it and now I can send 4k or 2m files.

Since I need the router (NAT, DMZ, etc) how can I resolve this? Anyone familiar w/ the problem?



Wow...

I had the exact problem. I tried even updating it's firmware to resolve it with no luck.

Actually, thats the reason I replaced it with the wireless one D-Link...the wife wanted her email to work. :D

Originally posted by BBA
Wow...

I had the exact problem. I tried even updating it's firmware to resolve it with no luck.

Actually, thats the reason I replaced it with the wireless one D-Link...the wife wanted her email to work. :D It seems there are quite a few reasons for this particular issue. If you've manage to narrow it down to the router the likely reason, according to what I've gathered, is MTU settings. I didnt take notice of the settings before the fw update so I dont know if the values were changed by the update. But its rather strange that things would stop working from that point. maybe its a combination of changes. :confused:

I'll try what one site/researcher said was optimal for PPPoE (1454) and report back. If not, I'll d/l the older version and flash that baby back into the stone age.