ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Routing from LAN/Sonicwall to Comcast DHCP Client

    Scheduled Pinned Locked Moved IT Discussion
    19 Posts 5 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JasGot
      last edited by JasGot

      I am having a hard time figuring out where the block is. I am trying to connect to a web server that is on the Comcast Cable Modem LAN from a computer that is on behind a Sonicwall Router/Firewall with a Static IP from Comcast.
      Here is a diagram:
      1b9c0327-de00-43dc-91f4-ad8b97ee5a7e-image.png

      192.168.1.x TO 10.1.10.44 does not work. The sonicwall claims the 10.1.10.x subnet is on the WAN port and reachable through 96.x.x.x (Cablem Modem's Public IP).

      All I can guess is the cable modem is not turning the traffic around and putting it back on it's 10.1.10.x lan subnet.

      Could there be a setting to deal with this?

      JaredBuschJ DashrenderD 2 Replies Last reply Reply Quote 0
      • JaredBuschJ
        JaredBusch @JasGot
        last edited by

        @jasgot said in Routing from LAN/Sonicwall to Comcast DHCP Client:

        All I can guess is the cable modem is not turning the traffic around and putting it back on it's 10.1.10.x lan subnet.

        This would not be a modem if it could. It would be a router.

        J 1 Reply Last reply Reply Quote 0
        • J
          JasGot @JaredBusch
          last edited by

          @jaredbusch said in Routing from LAN/Sonicwall to Comcast DHCP Client:

          @jasgot said in Routing from LAN/Sonicwall to Comcast DHCP Client:

          All I can guess is the cable modem is not turning the traffic around and putting it back on it's 10.1.10.x lan subnet.

          This would not be a modem if it could. It would be a router.

          So I added a static route to the Comcast Cable Modem. So now it is a router.
          Still no joy.
          6781010c-a22e-4dd4-9e70-5542620ebde4-image.png

          DashrenderD 1 Reply Last reply Reply Quote 0
          • notverypunnyN
            notverypunny
            last edited by

            Have you got the appropriate rules in place to allow WAN > LAN as well as the NAT rules on the Comcast CPE? Can you get to the webserver from another connection? Keep in mind that since you're using the public IP it's got to be configured and managed as an independent, internet-facing service. Are all 3 devices (the 2 SW and the Comcast CPE) on the same connection and the IPs part of the same subnet or are we dealing with multiple discrete ISP lines? There's lots of room for incorrect assumptions to be made with the info you've provided. If possible, I'd put everything on one device, preferably the strongest of the 2 SW units and manage everything that way.

            J DashrenderD 2 Replies Last reply Reply Quote 0
            • S
              scotth
              last edited by

              This post is deleted!
              1 Reply Last reply Reply Quote 0
              • J
                JasGot @notverypunny
                last edited by

                @notverypunny said in Routing from LAN/Sonicwall to Comcast DHCP Client:

                Have you got the appropriate rules in place to allow WAN > LAN as well as the NAT rules on the Comcast CPE? Can you get to the webserver from another connection? Keep in mind that since you're using the public IP it's got to be configured and managed as an independent, internet-facing service. Are all 3 devices (the 2 SW and the Comcast CPE) on the same connection and the IPs part of the same subnet or are we dealing with multiple discrete ISP lines? There's lots of room for incorrect assumptions to be made with the info you've provided. If possible, I'd put everything on one device, preferably the strongest of the 2 SW units and manage everything that way.

                I have rules in the Sonicwall to allow from 10.1.10.x to 192.168.1.x, even though they are not required. (The traffic is initiated by the device on the 192.168.1.x LAN network)

                No NAT rules on the Comcast CPE. It shouldn't be needed because I am not trying to use the CPE public IP address as a destination, only as a gateway.

                Yes, all three are the same. The two SWs are plugged into the CPE.
                CPE = xx.xx.xx.98
                SW1 = xx.xx.xx.97
                SW2 = xx.xx.xx.96

                Only one ISP in the mix.

                notverypunnyN 1 Reply Last reply Reply Quote 0
                • notverypunnyN
                  notverypunny @JasGot
                  last edited by

                  @jasgot said in Routing from LAN/Sonicwall to Comcast DHCP Client:

                  @notverypunny said in Routing from LAN/Sonicwall to Comcast DHCP Client:

                  Have you got the appropriate rules in place to allow WAN > LAN as well as the NAT rules on the Comcast CPE? Can you get to the webserver from another connection? Keep in mind that since you're using the public IP it's got to be configured and managed as an independent, internet-facing service. Are all 3 devices (the 2 SW and the Comcast CPE) on the same connection and the IPs part of the same subnet or are we dealing with multiple discrete ISP lines? There's lots of room for incorrect assumptions to be made with the info you've provided. If possible, I'd put everything on one device, preferably the strongest of the 2 SW units and manage everything that way.

                  I have rules in the Sonicwall to allow from 10.1.10.x to 192.168.1.x, even though they are not required. (The traffic is initiated by the device on the 192.168.1.x LAN network)

                  No NAT rules on the Comcast CPE. It shouldn't be needed because I am not trying to use the CPE public IP address as a destination, only as a gateway.

                  Yes, all three are the same. The two SWs are plugged into the CPE.
                  CPE = xx.xx.xx.98
                  SW1 = xx.xx.xx.97
                  SW2 = xx.xx.xx.96

                  Only one ISP in the mix.

                  So this is what your setup looks like?
                  Diagram1.png

                  I'm not sure, but I wouldn't be surprised if the SW simply goes bork trying to deal with private IP ranges on a port that you've designated as a WAN.

                  Still puzzled as to why you've got 3 edge devices...

                  DashrenderD 1 Reply Last reply Reply Quote 1
                  • DashrenderD
                    Dashrender @notverypunny
                    last edited by Dashrender

                    @notverypunny said in Routing from LAN/Sonicwall to Comcast DHCP Client:

                    @jasgot said in Routing from LAN/Sonicwall to Comcast DHCP Client:

                    @notverypunny said in Routing from LAN/Sonicwall to Comcast DHCP Client:

                    Have you got the appropriate rules in place to allow WAN > LAN as well as the NAT rules on the Comcast CPE? Can you get to the webserver from another connection? Keep in mind that since you're using the public IP it's got to be configured and managed as an independent, internet-facing service. Are all 3 devices (the 2 SW and the Comcast CPE) on the same connection and the IPs part of the same subnet or are we dealing with multiple discrete ISP lines? There's lots of room for incorrect assumptions to be made with the info you've provided. If possible, I'd put everything on one device, preferably the strongest of the 2 SW units and manage everything that way.

                    I have rules in the Sonicwall to allow from 10.1.10.x to 192.168.1.x, even though they are not required. (The traffic is initiated by the device on the 192.168.1.x LAN network)

                    No NAT rules on the Comcast CPE. It shouldn't be needed because I am not trying to use the CPE public IP address as a destination, only as a gateway.

                    Yes, all three are the same. The two SWs are plugged into the CPE.
                    CPE = xx.xx.xx.98
                    SW1 = xx.xx.xx.97
                    SW2 = xx.xx.xx.96

                    Only one ISP in the mix.

                    So this is what your setup looks like?
                    Diagram1.png

                    I'm not sure, but I wouldn't be surprised if the SW simply goes bork trying to deal with private IP ranges on a port that you've designated as a WAN.

                    Still puzzled as to why you've got 3 edge devices...

                    Assuming this diagram is correct (man it's weird if it is) then adding the route to the internal 10.x.x.x address should have worked.
                    But since it's not, try adding a virtual adapter on the WAN interface of the SonicWall and assigning it IP 10.x.x.x in the same range as the web server. Now the web server won't know how to get back, so you'll need a route entry on the webserver as well.

                    *Edit - after reading and posting a lot more - The 192.x.x.x client should be reaching out to the Public IP of the CPE, not the 10.x.x.x address, then the CPE might route your stuff as desired, read below for more info.

                    I've never seen a Cable connected box used as the diagram suggests. Normally anything connected to the cable connected box would have a real IP, not a 10.x.x.x address, unless as Jared said, the cable connected box is a cable/router combo box.

                    J 1 Reply Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender @JasGot
                      last edited by

                      @jasgot said in Routing from LAN/Sonicwall to Comcast DHCP Client:

                      192.168.1.x TO 10.1.10.44 does not work. The sonicwall claims the 10.1.10.x subnet is on the WAN port and reachable through 96.x.x.x (Cablem Modem's Public IP).

                      Of course the SonicWall thinks that, it's not directly aware of any other path to a 10.x.x.x network, so it must go to the default route.

                      All I can guess is the cable modem is not turning the traffic around and putting it back on it's 10.1.10.x lan subnet.

                      Yeah, this doesn't surprise me. It's generally not used the way you are using it. I've never seen anyone intentionally use a cable connected box to assign DHCP addresses for a client, while also statically assigning addresses to others.

                      1 Reply Last reply Reply Quote 0
                      • DashrenderD
                        Dashrender @JasGot
                        last edited by

                        @jasgot said in Routing from LAN/Sonicwall to Comcast DHCP Client:

                        @jaredbusch said in Routing from LAN/Sonicwall to Comcast DHCP Client:

                        @jasgot said in Routing from LAN/Sonicwall to Comcast DHCP Client:

                        All I can guess is the cable modem is not turning the traffic around and putting it back on it's 10.1.10.x lan subnet.

                        This would not be a modem if it could. It would be a router.

                        So I added a static route to the Comcast Cable Modem. So now it is a router.
                        Still no joy.
                        6781010c-a22e-4dd4-9e70-5542620ebde4-image.png

                        While this seems correct, it might not work as you expect. You might only be able to create static routes on the IP range that's inside the DHCP pool.

                        Again, I'm sure the box isn't meant to be used as you are using it.

                        Can you assign a static IP to the webserver?

                        1 Reply Last reply Reply Quote 0
                        • DashrenderD
                          Dashrender @notverypunny
                          last edited by

                          @notverypunny said in Routing from LAN/Sonicwall to Comcast DHCP Client:

                          Have you got the appropriate rules in place to allow WAN > LAN as well as the NAT rules on the Comcast CPE? Can you get to the webserver from another connection? Keep in mind that since you're using the public IP it's got to be configured and managed as an independent, internet-facing service. Are all 3 devices (the 2 SW and the Comcast CPE) on the same connection and the IPs part of the same subnet or are we dealing with multiple discrete ISP lines? There's lots of room for incorrect assumptions to be made with the info you've provided. If possible, I'd put everything on one device, preferably the strongest of the 2 SW units and manage everything that way.

                          This point brings up a good point.

                          Assuming the CPE can't route, you'd need to reach out to the Public IP that's in front of the DHCP range the CPE is providing. Then make sure sure the CPE is able to trombone route and that the correct port redirections are in place on the CPE to get traffic through the CPE's NAT to the DHCP webserver client.

                          As @notverypunny asked - can you reach the webserver from something outside of your network?

                          J 1 Reply Last reply Reply Quote 0
                          • J
                            JasGot @Dashrender
                            last edited by

                            @dashrender said in Routing from LAN/Sonicwall to Comcast DHCP Client:

                            As @notverypunny asked - can you reach the webserver from something outside of your network?

                            No. That's verboten.

                            DashrenderD 1 Reply Last reply Reply Quote 0
                            • J
                              JasGot
                              last edited by

                              I'm going to contact the web server people and ask if we can move it to our LAN subnet.

                              1 Reply Last reply Reply Quote 1
                              • DashrenderD
                                Dashrender @JasGot
                                last edited by

                                @jasgot said in Routing from LAN/Sonicwall to Comcast DHCP Client:

                                @dashrender said in Routing from LAN/Sonicwall to Comcast DHCP Client:

                                As @notverypunny asked - can you reach the webserver from something outside of your network?

                                No. That's verboten.

                                then I'm confused - why it is attached in the manner it is? Who's supposed to access the webserver?

                                J 1 Reply Last reply Reply Quote 0
                                • J
                                  JasGot @Dashrender
                                  last edited by

                                  @dashrender said in Routing from LAN/Sonicwall to Comcast DHCP Client:

                                  then I'm confused - why it is attached in the manner it is? Who's supposed to access the webserver?

                                  People on the sonicwall LAN.

                                  1 Reply Last reply Reply Quote 0
                                  • J
                                    JasGot @Dashrender
                                    last edited by

                                    @dashrender said in Routing from LAN/Sonicwall to Comcast DHCP Client:

                                    But since it's not, try adding a virtual adapter on the WAN interface of the SonicWall and assigning it IP 10.x.x.x in the same range as the web server. Now the web server won't know how to get back, so you'll need a route entry on the webserver as well.

                                    This was the closest to the way we went.
                                    I used an available physical port on the Sonicwall, assigned it a static IP (10.1.10.253) on the Comcast Cable Modem internal LAN subnet.

                                    I then added a static route on the Sonicwall to find the Comcast LAN and I added a route on the Cable modem to find the Sonicwall LAN.

                                    It works just as we want.

                                    Thanks for all the comments, it helped lead us to a solution to handle this non standard configuration.

                                    DashrenderD 1 Reply Last reply Reply Quote 0
                                    • DashrenderD
                                      Dashrender @JasGot
                                      last edited by

                                      @jasgot said in Routing from LAN/Sonicwall to Comcast DHCP Client:

                                      @dashrender said in Routing from LAN/Sonicwall to Comcast DHCP Client:

                                      But since it's not, try adding a virtual adapter on the WAN interface of the SonicWall and assigning it IP 10.x.x.x in the same range as the web server. Now the web server won't know how to get back, so you'll need a route entry on the webserver as well.

                                      This was the closest to the way we went.
                                      I used an available physical port on the Sonicwall, assigned it a static IP (10.1.10.253) on the Comcast Cable Modem internal LAN subnet.

                                      I then added a static route on the Sonicwall to find the Comcast LAN and I added a route on the Cable modem to find the Sonicwall LAN.

                                      It works just as we want.

                                      Thanks for all the comments, it helped lead us to a solution to handle this non standard configuration.

                                      Why go through all of these hoops when

                                      @jasgot said in Routing from LAN/Sonicwall to Comcast DHCP Client:

                                      @dashrender said in Routing from LAN/Sonicwall to Comcast DHCP Client:

                                      then I'm confused - why it is attached in the manner it is? Who's supposed to access the webserver?

                                      People on the sonicwall LAN.

                                      If those are the only people with access - why not just put it on that LAN?

                                      J 1 Reply Last reply Reply Quote 0
                                      • J
                                        JasGot @Dashrender
                                        last edited by

                                        @dashrender said in Routing from LAN/Sonicwall to Comcast DHCP Client:

                                        If those are the only people with access - why not just put it on that LAN?

                                        Other equipment it talks to on another network; and we do not have access to that other equipment.

                                        DashrenderD 1 Reply Last reply Reply Quote 0
                                        • DashrenderD
                                          Dashrender @JasGot
                                          last edited by

                                          @jasgot said in Routing from LAN/Sonicwall to Comcast DHCP Client:

                                          @dashrender said in Routing from LAN/Sonicwall to Comcast DHCP Client:

                                          If those are the only people with access - why not just put it on that LAN?

                                          Other equipment it talks to on another network; and we do not have access to that other equipment.

                                          Where is that network? how does the web server get to that network now?

                                          1 Reply Last reply Reply Quote 0
                                          • 1 / 1
                                          • First post
                                            Last post