I have a static IP and I want to set up my own router/firewall/VPN box. From what I’ve read here, I understand that putting my Comcast gateway into passthrough mode is the way to do that if I have an assigned static IP.
What i dont get is if passthrough mode disables DHCP in the gateway, what am I setting he WAN interface to my router to? The Comcast assignd IP address? Or, private static addresses like 192.168.1.1 for the gateway and 192.168.1.2 for my router/firewall?
my router’s documentation asked me if i have an assigned IP address from my ISP, but not sure if passthrough mode is passimg through the public IP address, or translating it to a static subnet (192.168.1.xxx).
Hi CDCMike and welcome to the business forums.
Thanks for your question on passthrough mode. Both scenarios you put down work. However, which settings you would like to use would depend on your own internal network. Since you do have a static, you're able to assign the static to your internal equipment. You are also able to assign a local address with the LAN range (10.1.10.10 or 192.168.1.10, etc.) so that you are able to communicate with the leased gateway but not use one of your statics.
I provided a link below that may help with your network. Please let me know if you need anything.
My router firewall wants it's LAN side port to have an IP address of 184.108.40.206 as the default, and I would like to keep it that way since all of my current internal network is pointing towards that same IP address because that's the LAN side IP address of the Comcast Gateway. I won't have to reprogram any of those devices that are configured statically (some are static and a range is dynamic).
So I'm still not clear on what exactly passthrough mode is doing compared to bridge mode. If my router/firewall is asking me for config info and if I have a static IP address or dynamicalltyy assigned one. Comast has assigned me a single static IP address, but I've also assumed that is just the address of your gateway on the public internet. It doesn't make sense to assign that to the WAN port of my router/firewall or does it? My router/firewall is also asking me for IP address of the (comcast) gateway. After all, it needs to know where to send things. So I can assign the WAN port of my router/firewall to the static IP address, and the Comcast gateway stays 192.168.1.1, or to avoid confusion, I change it to 10.1.10.10.? And also put the gateway into passthrough mode. Let's call this scenario #1. Is this valid?
Or, do I change the comast gateway LAN side address to 10.1.10.10, put the gateway in passthrough mode, and then configure the WAN port of my router firewall to be 10.1.10.11 (or something like that on the same subnet), point my router/firewall to the 10.1.10.10 address of the gateway, and magically, any inbound traffic from the public internet to my static IP will magically appear at my router/firewall and will be routed from there? And Any traffic originating from within my internal network will appear to the public internet like it's coming from my static IP? Let's call this scenario #2.
Is Scenario #2 valid, or if I'm in passthrough mode, must I assign the static IP to my router's WAN interface? In that case, I'm not clear on how the traffic is finding my router on the public internet (or how you are addressing your own box).
Static IP addresses would not work with bridge mode but they do work in passthrough mode. You also have a block of static IP addresses even if you only have one usable static. Here's an example:
Usable Static 173.xxx.yy.185 (static IP address for your router)
Gateway Static 173.xxx.yy.186 (static IP address of the of the leased Cisco 3941 or 3939)
Subnet Mask: 255.255.255.252 (subnet for one usable static)
I am not able to advise how your LAN configuration should look since that is passed the Comcast Business demarcation and this mainly depends on what you're trying to accomplish. 10.1.10.1 is the default LAN for the leased gateway. This can be changed especially since you are using your own DHCP and not the leased gateway's. I do think we the example of the above static should clear up most your of questions.
While your example may work for me at the moment, my other questions were attempting to understanding things a little more deeply so if I change my configuration in the future I have a better idea of what's going on. Are there any documents I can read besides the one you linked to on static IPs that would provide a deeper understanding?
In suggesting that I change it to 173.xxx.yyy.186, you seem to be implying that although I bought only one static IP, you allocate them as a block and no one is using 173.xxx.yyy.186. I can't use it for public routing (because I didn't pay for it), but since it's not assigned I can assign it to the gateway's LAN side port.
There sure is. This will help with setting up your LAN:
For the example of 173.xxx.yyy.186, this is being used for your public interface as you no longer have a dynamic IP.
Please do let me know if you need any additional assistance.