Sunday, January 23, 2011

Routing multiple static IPs from ISP at the cable modem?

I'm taking over IT responsibilities for a previous IT guy.

We have a 50mb cable modem connection from Comcast along with 5 static IP addresses:

XXX.XXX.XXX.180
XXX.XXX.XXX.181
XXX.XXX.XXX.182
XXX.XXX.XXX.183
XXX.XXX.XXX.184

We are in the process of replacing our firewall machine. Currently the firewall box is the only thing connected to the cable modem. However the cable modem has multiple ethernet ports on it, similarly to a router.

I have assembled a new firewall machine and its time to start testing and configuring it. So that means that I also need it plugged into the cable modem (remember it has multiple ethernet ports on it).

So now with multiple computer plugged into the cable modem, how does the cable modem know where to route the traffic? If some request on the internet is made to XXX.XXX.XXX.181, which goes to our cable modem, how does the cable modem know which connected computer that traffic is supposed to be sent?

Looking at the web interface for the cable modem, there doesn't seem to be anything special setup on it with regards to routing or NATing IP addresses. Is that because when there is only one computer connected to the modem, all traffic is sent to it by default? Now that I am going to (temporarily) have multiple computers plugged into the cable modem, do I need to specify routing or NAT rules on the modem itself?

I am going to speak to Comcast about this next, but I figured I'd ask here first just so I can get a better grasp on how this type of thing generally plays out.

From serverfault Jakobud

  • The cable modem/router is using ARP to find the IP address on the ethernet network. It's automagic, you don't have to configure anything.

    Jakobud : What happens when the two firewalls have the same static IP addresses? What determines which firewall the traffic is sent to?
    Avery Payne : That is a Bad Thing(tm) and should be avoided. You will create "Spartacus Syndrome", along with complete havoc (I'm Spartacus! No, I am. No, me! Ignore those guys, I'm Spartacus! No, no, over here!)
    MarkM : @Jakobud - Whatever device responded to the last ARP discovery is the one that traffic gets sent to. You should never ever have two devices with the same IP on the same network.
    Chris S : Many OSes will automatically pickup that someone else has their IP automatically; some will also automatically stop using the duplicated IP (Windows). Like Avery said, it's a bad thing.
    From Guillaume Filion

  • I doubt you have to do anything special on the modem side of things to have multiple machines. You should be able to just assign a different IP address to each machine and it will send the packets as appropriate. Unless there's something unusual about the modem it most likely functions just as a switch would.

    From Kamil Kisiel

  • Those ports on the CM are almost certainly just an internal switch, not individual NICs. The CM probably has one internal NIC connected to a switch chip, which is connected to the ports on the back.

    Jakobud : I'm not sure how this helps me? Forgive my ignorance...
    Chris S : The same rules apply as if you plugged a switch into the cable modem, then plugged the firewall-boxes into the switch. And if you don't know what that mean, you probably should find someone who does to setup the firewall. I know that might sound harsh, but you're in for a world of problems if you don't know what you're doing.
    From Chris S

  • So now with multiple computer plugged into the cable modem, how does the cable modem know where to route the traffic?

    There should be a routing table on the device that determines that.

    If some request on the internet is made to XXX.XXX.XXX.181, which goes to our cable modem, how does the cable modem know which connected computer that traffic is supposed to be sent?

    Again, the routing table will determine that. Also, traffic sent out will have the source address for the destination to refer to; the packet coming back will have this as the "return address".

    Jakobud : This is kinda a conflicting answer with everyone else's answer. You are saying there should be a routing table I need to make changes to on the modem. Everyone else is saying I shouldn't...
    Avery Payne : there's a lot of information that you're not providing: is it behind a NAT? Do you have routing tables to begin with? Is there a default route? At this point I can only assume that you are either a) jacking the device directly into the switch, which will only get you local access, or b) there is a default route. If there is a default route, then there is a default router somewhere - and that implies a routing table, or auto-NAT, or SOMETHING other than just "plug it in".
    Avery Payne : if it is indeed "plug it in" then the device in question is already handling the routing for you.
    From Avery Payne
Posted by Mu Cat at 6:13 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)