Skip to content
Jon_Denver's profile

Visitor

 • 

1 Message

Tuesday, July 14th, 2015 4:00 PM

Routing Public Traffic to LAN IP

I'm trying to route public IP traffic to one of our 5 static IPs thru my Comcast CISCO DPC3939B gateway and then thru my Windows Server 2012 using Firewall With Advanced Security to a LAN IP manufacturing device. Accessing the CISCO gateway via IP 10.1.10.1, I have options to configure port forwarding, NAT and static routing, but I frankly don't know which is the most secure or efficient, and so far I've not been successful (small biz guy pretending to do IT).

 

Here is my current setup.  I'll be grateful for any guidance. 

 

Comcast Gateway

Bridge Mode: Disabled

LAN DHCP: Disabled

LAN IP: 10.1.10.1

Subnet: 255.255.255.0

DHCP: Disabled

Firewall IPv4 Options: Disabled Firewall for True Static IP Subnet Only and Disabled Gateway Smart Packet Detection

Firewall IPv4 Security Level: Medium

Port Forwarding: Enabled, but no custom services created yet

NAT: Disable All

Static Routing: (blank)

 

Windows Server 2012

Internal NIC IP: 192.168.16.250

Internal NIC Subnet: 255.255.255.0

Internal NIC Gateway: (blank)

Internal NIC DNS: 192.168.16.250

 

External NIC IP: 75.145.XXX.XXX (one of my 5 static IPs)

External NIC Subnet: 255.255.255.248

External NIC Gateway: 75.145.XXX.XXX (Comcast gateway IP assigned after static addresses)

External NIC DNS: 75.75.75.75/76 (Preferred/Alternate)

 

Windows Firewall Inbound Rule

Protocol TCP to Local Port 60XXX allowed from all Remote Ports

Scope Local IP: 192.168.16.250. 75.145.XXX.XXX (external NIC IP)

Scope Remote IP: 192.168.16.XXX (LAN machine IP)

Profile: applies to Domain, Private and Public

Advocate

 • 

1.4K Messages

9 years ago

Hello Jon_Denver and welcome,

 

The easiest means by which I know to accomplish your objectives are as follows:

A.)  if your 2012 Server (2012Svr) is using an "  External NIC IP: 75.145.XXX.XXX (one of my 5 static IPs) ", then this should be physically connected to any one of the DPC3939B (DPC) LanPorts 1-4. In order to implement the highest security for your 2012Svr, it would be necessary for you to ONLY have the actual Applications and/or Control Facilit(ies) Port(s) open by performing the following:

 *  first in FW IP4 you should enable (by unchecking) the Disable True Static IP Subnet Only radio button. By enabling this it gives you complete security control on your static IP devices as I will explain below.


 * then go to Advanced, Static IP Port Management, uncheck disable all Static IP rules, then make sure the "block all ports with the following exceptions" menu-item is selected in the drop-down menu.


 * next  now click the add button to ONLY open the Ports that your applications and/or control facility running on your  75.145.XXX.XXX static IP routable address. So, this means that whatever port you need open on your 2012Svr for internal or external routing you can open the(se) port(s) only in order to faciliate any application and/or control your transactional processing.

 

This is one of the most straight forward means to route DPC internal and/or external traffic from any static IP routable address device. Please let me know if I have misunderstood any of your networking business requiements.

 

Hope this helps you out.  

Occasional Visitor

 • 

7 Messages

9 years ago

VBSSP-RICH,

I have similar setup and I followed your instructions. Right before I add ADD NEW any port forwarding rules, I would not expect any port forwarding to my servers, right? But when I tested my mail server with mxtoolbox.com, it came back with response, and my web server is still browseable from Internet.

 

Anyone has similar situation? If so, this is a major fault with DPC3939B. 

 

This is my DPC3939B:

2015-08-25 21_58_46-Gateway _ Hardware _ System Hardware _ - Comcast Business.jpg